RubyGems - cloud-mu - Versions diffs - 1.9.0.pre.beta - Mend

cloud-mu 1.9.0.pre.beta

Files changed (618) hide show

checksums.yaml +7 -0
data/Berksfile +56 -0
data/Berksfile.lock +250 -0
data/Jenkinsfile +184 -0
data/LICENSE.md +37 -0
data/README.md +26 -0
data/bin/mu-aws-setup +376 -0
data/bin/mu-cleanup +68 -0
data/bin/mu-configure +1133 -0
data/bin/mu-deploy +166 -0
data/bin/mu-firewall-allow-clients +30 -0
data/bin/mu-gcp-setup +200 -0
data/bin/mu-gen-docs +34 -0
data/bin/mu-gen-env +42 -0
data/bin/mu-load-config.rb +158 -0
data/bin/mu-node-manage +683 -0
data/bin/mu-self-update +228 -0
data/bin/mu-ssh +23 -0
data/bin/mu-tunnel-nagios +144 -0
data/bin/mu-upload-chef-artifacts +757 -0
data/bin/mu-user-manage +275 -0
data/cookbooks/awscli/LICENSE +37 -0
data/cookbooks/awscli/README.md +58 -0
data/cookbooks/awscli/attributes/default.rb +1 -0
data/cookbooks/awscli/libraries/instance_metadata.rb +21 -0
data/cookbooks/awscli/metadata.rb +20 -0
data/cookbooks/awscli/recipes/default.rb +56 -0
data/cookbooks/awscli/templates/default/config.erb +18 -0
data/cookbooks/mu-activedirectory/CHANGELOG.md +13 -0
data/cookbooks/mu-activedirectory/LICENSE +37 -0
data/cookbooks/mu-activedirectory/README.md +6 -0
data/cookbooks/mu-activedirectory/attributes/default.rb +98 -0
data/cookbooks/mu-activedirectory/files/default/password-auth +32 -0
data/cookbooks/mu-activedirectory/files/default/sshd_pol.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/sshd_pol.te +32 -0
data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.te +10 -0
data/cookbooks/mu-activedirectory/files/default/system-auth +34 -0
data/cookbooks/mu-activedirectory/files/default/winbindpol.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/winbindpol.te +37 -0
data/cookbooks/mu-activedirectory/libraries/config.rb +106 -0
data/cookbooks/mu-activedirectory/libraries/helper.rb +86 -0
data/cookbooks/mu-activedirectory/metadata.rb +17 -0
data/cookbooks/mu-activedirectory/providers/domain.rb +152 -0
data/cookbooks/mu-activedirectory/providers/domain_controller.rb +89 -0
data/cookbooks/mu-activedirectory/providers/domain_node.rb +275 -0
data/cookbooks/mu-activedirectory/recipes/default.rb +8 -0
data/cookbooks/mu-activedirectory/recipes/domain-controller.rb +44 -0
data/cookbooks/mu-activedirectory/recipes/domain-node.rb +50 -0
data/cookbooks/mu-activedirectory/recipes/domain.rb +43 -0
data/cookbooks/mu-activedirectory/recipes/sssd.rb +185 -0
data/cookbooks/mu-activedirectory/resources/domain.rb +25 -0
data/cookbooks/mu-activedirectory/resources/domain_controller.rb +25 -0
data/cookbooks/mu-activedirectory/resources/domain_node.rb +20 -0
data/cookbooks/mu-activedirectory/templates/default/dhclient-eth0.conf.erb +4 -0
data/cookbooks/mu-activedirectory/templates/default/interface +0 -0
data/cookbooks/mu-activedirectory/templates/default/krb5.conf.erb +23 -0
data/cookbooks/mu-activedirectory/templates/default/ntp.conf.erb +56 -0
data/cookbooks/mu-activedirectory/templates/default/smb.conf.erb +33 -0
data/cookbooks/mu-activedirectory/templates/default/sssd.conf.erb +60 -0
data/cookbooks/mu-activedirectory/templates/windows/Backup.xml.erb +20 -0
data/cookbooks/mu-activedirectory/templates/windows/bkupInfo.xml.erb +1 -0
data/cookbooks/mu-activedirectory/templates/windows/gpreprt.xml.erb +198 -0
data/cookbooks/mu-activedirectory/templates/windows/gptmpl.inf.erb +12 -0
data/cookbooks/mu-activedirectory/templates/windows/manifest.xml.erb +1 -0
data/cookbooks/mu-firewall/CHANGELOG.md +11 -0
data/cookbooks/mu-firewall/LICENSE +37 -0
data/cookbooks/mu-firewall/README.md +5 -0
data/cookbooks/mu-firewall/attributes/default.rb +3 -0
data/cookbooks/mu-firewall/metadata.rb +16 -0
data/cookbooks/mu-firewall/recipes/default.rb +10 -0
data/cookbooks/mu-glusterfs/CHANGELOG.md +13 -0
data/cookbooks/mu-glusterfs/LICENSE +37 -0
data/cookbooks/mu-glusterfs/README.md +5 -0
data/cookbooks/mu-glusterfs/attributes/default.rb +34 -0
data/cookbooks/mu-glusterfs/metadata.rb +17 -0
data/cookbooks/mu-glusterfs/recipes/client.rb +62 -0
data/cookbooks/mu-glusterfs/recipes/default.rb +16 -0
data/cookbooks/mu-glusterfs/recipes/samba.rb +57 -0
data/cookbooks/mu-glusterfs/recipes/server.rb +200 -0
data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +71 -0
data/cookbooks/mu-glusterfs/templates/default/smb.conf.erb +14 -0
data/cookbooks/mu-jenkins/CHANGELOG.md +13 -0
data/cookbooks/mu-jenkins/LICENSE +37 -0
data/cookbooks/mu-jenkins/README.md +105 -0
data/cookbooks/mu-jenkins/attributes/default.rb +42 -0
data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +73 -0
data/cookbooks/mu-jenkins/files/default/deploy_config.xml +44 -0
data/cookbooks/mu-jenkins/metadata.rb +21 -0
data/cookbooks/mu-jenkins/recipes/default.rb +195 -0
data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +54 -0
data/cookbooks/mu-jenkins/recipes/public_key.rb +24 -0
data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +24 -0
data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +14 -0
data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +6 -0
data/cookbooks/mu-master/CHANGELOG.md +13 -0
data/cookbooks/mu-master/LICENSE +37 -0
data/cookbooks/mu-master/README.md +6 -0
data/cookbooks/mu-master/attributes/default.rb +95 -0
data/cookbooks/mu-master/files/default/0-mu-log-server.conf +19 -0
data/cookbooks/mu-master/files/default/addRSA.ldif +8 -0
data/cookbooks/mu-master/files/default/check_mem.pl +197 -0
data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
data/cookbooks/mu-master/files/default/dirsrv_admin.pp +0 -0
data/cookbooks/mu-master/files/default/dirsrv_admin.te +13 -0
data/cookbooks/mu-master/files/default/nagios_selinux.pp +0 -0
data/cookbooks/mu-master/files/default/nagios_selinux.te +51 -0
data/cookbooks/mu-master/files/default/nagios_selinux_7.pp +0 -0
data/cookbooks/mu-master/files/default/nagios_selinux_7.te +17 -0
data/cookbooks/mu-master/files/default/pam_sshd +18 -0
data/cookbooks/mu-master/files/default/ssl_enable.ldif +18 -0
data/cookbooks/mu-master/files/default/syslogd_oddjobd.pp +0 -0
data/cookbooks/mu-master/files/default/syslogd_oddjobd.te +10 -0
data/cookbooks/mu-master/files/default/vimrc +19 -0
data/cookbooks/mu-master/libraries/mu.rb +29 -0
data/cookbooks/mu-master/metadata.rb +30 -0
data/cookbooks/mu-master/providers/user.rb +41 -0
data/cookbooks/mu-master/recipes/389ds.rb +164 -0
data/cookbooks/mu-master/recipes/basepackages.rb +58 -0
data/cookbooks/mu-master/recipes/caching_nameserver.rb +37 -0
data/cookbooks/mu-master/recipes/default.rb +451 -0
data/cookbooks/mu-master/recipes/eks-kubectl.rb +41 -0
data/cookbooks/mu-master/recipes/firewall-holes.rb +70 -0
data/cookbooks/mu-master/recipes/init.rb +542 -0
data/cookbooks/mu-master/recipes/ssl-certs.rb +109 -0
data/cookbooks/mu-master/recipes/sssd.rb +89 -0
data/cookbooks/mu-master/recipes/update_nagios_only.rb +242 -0
data/cookbooks/mu-master/recipes/vault.rb +111 -0
data/cookbooks/mu-master/resources/user.rb +19 -0
data/cookbooks/mu-master/templates/default/389-directory-setup.inf.erb +28 -0
data/cookbooks/mu-master/templates/default/chef-server.rb.erb +18 -0
data/cookbooks/mu-master/templates/default/dhclient-eth0.conf.erb +9 -0
data/cookbooks/mu-master/templates/default/mu-momma-cat.erb +149 -0
data/cookbooks/mu-master/templates/default/mu.rc.erb +9 -0
data/cookbooks/mu-master/templates/default/openssl.cnf.erb +354 -0
data/cookbooks/mu-master/templates/default/sssd.conf.erb +44 -0
data/cookbooks/mu-master/templates/default/web_app.conf.erb +90 -0
data/cookbooks/mu-mongo/CHANGELOG.md +13 -0
data/cookbooks/mu-mongo/LICENSE +37 -0
data/cookbooks/mu-mongo/README.md +5 -0
data/cookbooks/mu-mongo/attributes/default.rb +22 -0
data/cookbooks/mu-mongo/files/default/keyfile +16 -0
data/cookbooks/mu-mongo/files/default/remove_nodes.js +5 -0
data/cookbooks/mu-mongo/metadata.rb +17 -0
data/cookbooks/mu-mongo/recipes/default.rb +149 -0
data/cookbooks/mu-mongo/recipes/yum-update-rule.rb +18 -0
data/cookbooks/mu-mongo/templates/default/mongo_create_openfema_db.js.erb +2 -0
data/cookbooks/mu-mongo/templates/default/mongo_init.js.erb +1 -0
data/cookbooks/mu-mongo/templates/default/mongo_logrotate.erb +14 -0
data/cookbooks/mu-mongo/templates/default/mongo_replset_addnodes.js.erb +6 -0
data/cookbooks/mu-mongo/templates/default/replset_init.js.erb +2 -0
data/cookbooks/mu-openvpn/CHANGELOG.md +13 -0
data/cookbooks/mu-openvpn/LICENSE +37 -0
data/cookbooks/mu-openvpn/README.md +6 -0
data/cookbooks/mu-openvpn/attributes/default.rb +119 -0
data/cookbooks/mu-openvpn/metadata.rb +18 -0
data/cookbooks/mu-openvpn/recipes/default.rb +108 -0
data/cookbooks/mu-openvpn/templates/default/users.json.erb +42 -0
data/cookbooks/mu-php54/CHANGELOG.md +12 -0
data/cookbooks/mu-php54/LICENSE +37 -0
data/cookbooks/mu-php54/README.md +0 -0
data/cookbooks/mu-php54/files/centos/php.ini +1802 -0
data/cookbooks/mu-php54/files/ubuntu/php.ini +1870 -0
data/cookbooks/mu-php54/metadata.rb +21 -0
data/cookbooks/mu-php54/recipes/default.rb +97 -0
data/cookbooks/mu-splunk/CHANGELOG.md +37 -0
data/cookbooks/mu-splunk/LICENSE +37 -0
data/cookbooks/mu-splunk/README.md +451 -0
data/cookbooks/mu-splunk/attributes/default.rb +95 -0
data/cookbooks/mu-splunk/attributes/upgrade.rb +49 -0
data/cookbooks/mu-splunk/definitions/splunk_installer.rb +103 -0
data/cookbooks/mu-splunk/files/default/splunk-nocheck +10 -0
data/cookbooks/mu-splunk/libraries/helpers.rb +72 -0
data/cookbooks/mu-splunk/libraries/splunk_app_provider.rb +156 -0
data/cookbooks/mu-splunk/libraries/splunk_app_resource.rb +43 -0
data/cookbooks/mu-splunk/metadata.json +30 -0
data/cookbooks/mu-splunk/metadata.rb +17 -0
data/cookbooks/mu-splunk/recipes/client.rb +143 -0
data/cookbooks/mu-splunk/recipes/default.rb +31 -0
data/cookbooks/mu-splunk/recipes/disabled.rb +41 -0
data/cookbooks/mu-splunk/recipes/install_forwarder.rb +23 -0
data/cookbooks/mu-splunk/recipes/install_server.rb +23 -0
data/cookbooks/mu-splunk/recipes/server.rb +53 -0
data/cookbooks/mu-splunk/recipes/service.rb +95 -0
data/cookbooks/mu-splunk/recipes/setup_auth.rb +49 -0
data/cookbooks/mu-splunk/recipes/setup_ssl.rb +63 -0
data/cookbooks/mu-splunk/recipes/upgrade.rb +94 -0
data/cookbooks/mu-splunk/recipes/user.rb +34 -0
data/cookbooks/mu-splunk/templates/default/base_logs_unix_inputs.conf.erb +26 -0
data/cookbooks/mu-splunk/templates/default/inputs.conf.erb +13 -0
data/cookbooks/mu-splunk/templates/default/outputs.conf.erb +9 -0
data/cookbooks/mu-splunk/templates/default/splunk-init.erb +74 -0
data/cookbooks/mu-splunk/templates/default/system-web.conf.erb +7 -0
data/cookbooks/mu-tools/CHANGELOG.md +12 -0
data/cookbooks/mu-tools/LICENSE +37 -0
data/cookbooks/mu-tools/README.md +188 -0
data/cookbooks/mu-tools/attributes/default.rb +142 -0
data/cookbooks/mu-tools/attributes/ebs_rolling_snapshots.rb +3 -0
data/cookbooks/mu-tools/files/amazon/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/centos/CentOS-Base.repo +52 -0
data/cookbooks/mu-tools/files/centos/etc/bashrc +93 -0
data/cookbooks/mu-tools/files/centos/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/centos/etc/login.defs +72 -0
data/cookbooks/mu-tools/files/centos/etc/profile +77 -0
data/cookbooks/mu-tools/files/centos/etc/security/limits.conf +57 -0
data/cookbooks/mu-tools/files/centos/etc/sysconfig/init +19 -0
data/cookbooks/mu-tools/files/centos/etc/sysctl.conf +82 -0
data/cookbooks/mu-tools/files/centos-6/README_MU +0 -0
data/cookbooks/mu-tools/files/centos-6/etc/audit/stig.rules +173 -0
data/cookbooks/mu-tools/files/centos-6/etc/bashrc +90 -0
data/cookbooks/mu-tools/files/centos-6/etc/login.defs +70 -0
data/cookbooks/mu-tools/files/centos-6/etc/pam.d/su +12 -0
data/cookbooks/mu-tools/files/centos-6/etc/profile +83 -0
data/cookbooks/mu-tools/files/centos-6/etc/securetty +12 -0
data/cookbooks/mu-tools/files/centos-6/etc/sysconfig/init +30 -0
data/cookbooks/mu-tools/files/centos-6/etc/sysctl.conf +40 -0
data/cookbooks/mu-tools/files/default/Mu_CA.pem +34 -0
data/cookbooks/mu-tools/files/default/PSWindowsUpdate.zip +0 -0
data/cookbooks/mu-tools/files/default/ebs_snapshots.py +123 -0
data/cookbooks/mu-tools/files/default/etc/BANNER +0 -0
data/cookbooks/mu-tools/files/default/etc/BANNER-FEDERAL +19 -0
data/cookbooks/mu-tools/files/default/gpo_no_uac.zip +0 -0
data/cookbooks/mu-tools/files/default/mypol.pp +0 -0
data/cookbooks/mu-tools/files/default/mypol.te +37 -0
data/cookbooks/mu-tools/files/default/nrpe_c7.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_c7.te +31 -0
data/cookbooks/mu-tools/files/default/nrpe_check_disk.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_check_disk.te +11 -0
data/cookbooks/mu-tools/files/default/nrpe_disk.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_disk.te +10 -0
data/cookbooks/mu-tools/files/default/nrpe_file.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_file.te +31 -0
data/cookbooks/mu-tools/files/default/ntrights +0 -0
data/cookbooks/mu-tools/files/default/serverclass.conf +18 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/app.conf +1 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/inputs.conf +13 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/app.conf +1 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/inputs.conf +8 -0
data/cookbooks/mu-tools/files/default/sshd_pol.pp +0 -0
data/cookbooks/mu-tools/files/default/sshd_pol.te +32 -0
data/cookbooks/mu-tools/files/redhat/etc/bashrc +93 -0
data/cookbooks/mu-tools/files/redhat/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/redhat/etc/login.defs +72 -0
data/cookbooks/mu-tools/files/redhat/etc/profile +77 -0
data/cookbooks/mu-tools/files/redhat/etc/security/limits.conf +57 -0
data/cookbooks/mu-tools/files/redhat/etc/sysconfig/init +19 -0
data/cookbooks/mu-tools/files/redhat/etc/sysctl.conf +82 -0
data/cookbooks/mu-tools/files/redhat-6/README_MU +0 -0
data/cookbooks/mu-tools/files/redhat-6/etc/audit/stig.rules +173 -0
data/cookbooks/mu-tools/files/redhat-6/etc/bashrc +90 -0
data/cookbooks/mu-tools/files/redhat-6/etc/login.defs +70 -0
data/cookbooks/mu-tools/files/redhat-6/etc/pam.d/su +12 -0
data/cookbooks/mu-tools/files/redhat-6/etc/profile +83 -0
data/cookbooks/mu-tools/files/redhat-6/etc/securetty +12 -0
data/cookbooks/mu-tools/files/redhat-6/etc/sysconfig/init +30 -0
data/cookbooks/mu-tools/files/redhat-6/etc/sysctl.conf +40 -0
data/cookbooks/mu-tools/files/redhat-7.1/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/bash.bashrc +64 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/common-session +30 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/login.defs +338 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/profile +30 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/security/limits.conf +56 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/sysctl.conf +60 -0
data/cookbooks/mu-tools/libraries/helper.rb +292 -0
data/cookbooks/mu-tools/metadata.rb +28 -0
data/cookbooks/mu-tools/recipes/add_admin_ssh_keys.rb +35 -0
data/cookbooks/mu-tools/recipes/apply_security.rb +440 -0
data/cookbooks/mu-tools/recipes/aws_api.rb +23 -0
data/cookbooks/mu-tools/recipes/base_repositories.rb +31 -0
data/cookbooks/mu-tools/recipes/cisbenchmark.rb +59 -0
data/cookbooks/mu-tools/recipes/clamav.rb +53 -0
data/cookbooks/mu-tools/recipes/cloudinit.rb +58 -0
data/cookbooks/mu-tools/recipes/configure_oracle_tools.rb +81 -0
data/cookbooks/mu-tools/recipes/disable-requiretty.rb +22 -0
data/cookbooks/mu-tools/recipes/ebs_rolling_snapshots.rb +75 -0
data/cookbooks/mu-tools/recipes/efs.rb +70 -0
data/cookbooks/mu-tools/recipes/eks.rb +160 -0
data/cookbooks/mu-tools/recipes/gcloud.rb +98 -0
data/cookbooks/mu-tools/recipes/google_api.rb +25 -0
data/cookbooks/mu-tools/recipes/maldet.rb +67 -0
data/cookbooks/mu-tools/recipes/nagios.rb +19 -0
data/cookbooks/mu-tools/recipes/newclient.rb +23 -0
data/cookbooks/mu-tools/recipes/nrpe.rb +115 -0
data/cookbooks/mu-tools/recipes/python_pip.rb +35 -0
data/cookbooks/mu-tools/recipes/retrieve_application.rb +51 -0
data/cookbooks/mu-tools/recipes/rsyslog.rb +65 -0
data/cookbooks/mu-tools/recipes/set_local_fw.rb +57 -0
data/cookbooks/mu-tools/recipes/set_mu_hostname.rb +81 -0
data/cookbooks/mu-tools/recipes/split_var_partitions.rb +86 -0
data/cookbooks/mu-tools/recipes/splunk-client.rb +69 -0
data/cookbooks/mu-tools/recipes/splunk-server.rb +104 -0
data/cookbooks/mu-tools/recipes/store_inspec_attr.rb +8 -0
data/cookbooks/mu-tools/recipes/updates.rb +96 -0
data/cookbooks/mu-tools/recipes/windows-client.rb +202 -0
data/cookbooks/mu-tools/resources/aws_windows.rb +33 -0
data/cookbooks/mu-tools/resources/disk.rb +88 -0
data/cookbooks/mu-tools/resources/mommacat_request.rb +11 -0
data/cookbooks/mu-tools/resources/scheduled_tasks.rb +29 -0
data/cookbooks/mu-tools/resources/sshd_service.rb +45 -0
data/cookbooks/mu-tools/resources/windows_users.rb +242 -0
data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +168 -0
data/cookbooks/mu-tools/templates/centos-6/sshd_config.erb +212 -0
data/cookbooks/mu-tools/templates/centos-7/sshd_config.erb +215 -0
data/cookbooks/mu-tools/templates/default/0-mu-log-client.conf.erb +13 -0
data/cookbooks/mu-tools/templates/default/conf.maldet.erb +137 -0
data/cookbooks/mu-tools/templates/default/etc_hosts.erb +30 -0
data/cookbooks/mu-tools/templates/default/etc_pamd_password-auth.erb +14 -0
data/cookbooks/mu-tools/templates/default/etc_pamd_system-auth.erb +14 -0
data/cookbooks/mu-tools/templates/default/etc_sysconfig_network.erb +12 -0
data/cookbooks/mu-tools/templates/default/kubeconfig.erb +29 -0
data/cookbooks/mu-tools/templates/default/kubelet.service.erb +35 -0
data/cookbooks/mu-tools/templates/default/maldet_scanall.sh.erb +15 -0
data/cookbooks/mu-tools/templates/default/nrpe.cfg.erb +233 -0
data/cookbooks/mu-tools/templates/redhat-6/sshd_config.erb +213 -0
data/cookbooks/mu-tools/templates/redhat-7/sshd_config.erb +215 -0
data/cookbooks/mu-tools/templates/ubuntu-12.04/sshd_config.erb +146 -0
data/cookbooks/mu-tools/templates/ubuntu-14.04/sshd_config.erb +145 -0
data/cookbooks/mu-tools/templates/windows/Backup.xml.erb +20 -0
data/cookbooks/mu-tools/templates/windows/bkupInfo.xml.erb +1 -0
data/cookbooks/mu-tools/templates/windows/gpreprt.xml.erb +214 -0
data/cookbooks/mu-tools/templates/windows/gptmpl.inf.erb +12 -0
data/cookbooks/mu-tools/templates/windows/manifest.xml.erb +1 -0
data/cookbooks/mu-tools/templates/windows/set_ad_dns_scheduled_task.ps1.erb +6 -0
data/cookbooks/mu-tools/templates/windows/sshd_config.erb +136 -0
data/cookbooks/mu-utility/CHANGELOG.md +12 -0
data/cookbooks/mu-utility/LICENSE +37 -0
data/cookbooks/mu-utility/README.md +6 -0
data/cookbooks/mu-utility/attributes/default.rb +1 -0
data/cookbooks/mu-utility/libraries/matchers.rb +21 -0
data/cookbooks/mu-utility/metadata.rb +16 -0
data/cookbooks/mu-utility/recipes/apt.rb +23 -0
data/cookbooks/mu-utility/recipes/cleanup_image_helper.rb +118 -0
data/cookbooks/mu-utility/recipes/iptables.rb +26 -0
data/cookbooks/mu-utility/recipes/luks.rb +18 -0
data/cookbooks/mu-utility/recipes/nat.rb +104 -0
data/cookbooks/mu-utility/recipes/php.rb +33 -0
data/cookbooks/mu-utility/recipes/rdp_gateway.rb +83 -0
data/cookbooks/mu-utility/recipes/remi.rb +44 -0
data/cookbooks/mu-utility/recipes/vim.rb +26 -0
data/cookbooks/mu-utility/recipes/windows_basics.rb +37 -0
data/cookbooks/mu-utility/recipes/zip.rb +26 -0
data/cookbooks/mu-utility/templates/default/BundleConfig.xml.erb +34 -0
data/cookbooks/mu-utility/templates/default/config.xml.erb +60 -0
data/cookbooks/nagios/Berksfile +8 -0
data/cookbooks/nagios/CHANGELOG.md +589 -0
data/cookbooks/nagios/CONTRIBUTING.md +11 -0
data/cookbooks/nagios/LICENSE +37 -0
data/cookbooks/nagios/README.md +328 -0
data/cookbooks/nagios/TESTING.md +2 -0
data/cookbooks/nagios/attributes/config.rb +171 -0
data/cookbooks/nagios/attributes/default.rb +228 -0
data/cookbooks/nagios/chefignore +102 -0
data/cookbooks/nagios/definitions/command.rb +33 -0
data/cookbooks/nagios/definitions/contact.rb +33 -0
data/cookbooks/nagios/definitions/contactgroup.rb +33 -0
data/cookbooks/nagios/definitions/host.rb +33 -0
data/cookbooks/nagios/definitions/hostdependency.rb +33 -0
data/cookbooks/nagios/definitions/hostescalation.rb +34 -0
data/cookbooks/nagios/definitions/hostgroup.rb +33 -0
data/cookbooks/nagios/definitions/nagios_conf.rb +38 -0
data/cookbooks/nagios/definitions/resource.rb +33 -0
data/cookbooks/nagios/definitions/service.rb +33 -0
data/cookbooks/nagios/definitions/servicedependency.rb +33 -0
data/cookbooks/nagios/definitions/serviceescalation.rb +34 -0
data/cookbooks/nagios/definitions/servicegroup.rb +33 -0
data/cookbooks/nagios/definitions/timeperiod.rb +33 -0
data/cookbooks/nagios/libraries/base.rb +314 -0
data/cookbooks/nagios/libraries/command.rb +91 -0
data/cookbooks/nagios/libraries/contact.rb +230 -0
data/cookbooks/nagios/libraries/contactgroup.rb +112 -0
data/cookbooks/nagios/libraries/custom_option.rb +36 -0
data/cookbooks/nagios/libraries/data_bag_helper.rb +23 -0
data/cookbooks/nagios/libraries/default.rb +90 -0
data/cookbooks/nagios/libraries/host.rb +412 -0
data/cookbooks/nagios/libraries/hostdependency.rb +181 -0
data/cookbooks/nagios/libraries/hostescalation.rb +173 -0
data/cookbooks/nagios/libraries/hostgroup.rb +119 -0
data/cookbooks/nagios/libraries/nagios.rb +282 -0
data/cookbooks/nagios/libraries/resource.rb +59 -0
data/cookbooks/nagios/libraries/service.rb +455 -0
data/cookbooks/nagios/libraries/servicedependency.rb +215 -0
data/cookbooks/nagios/libraries/serviceescalation.rb +195 -0
data/cookbooks/nagios/libraries/servicegroup.rb +144 -0
data/cookbooks/nagios/libraries/timeperiod.rb +160 -0
data/cookbooks/nagios/libraries/users_helper.rb +54 -0
data/cookbooks/nagios/metadata.rb +25 -0
data/cookbooks/nagios/recipes/_load_databag_config.rb +153 -0
data/cookbooks/nagios/recipes/_load_default_config.rb +241 -0
data/cookbooks/nagios/recipes/apache.rb +48 -0
data/cookbooks/nagios/recipes/default.rb +204 -0
data/cookbooks/nagios/recipes/nginx.rb +82 -0
data/cookbooks/nagios/recipes/pagerduty.rb +143 -0
data/cookbooks/nagios/recipes/server_package.rb +40 -0
data/cookbooks/nagios/recipes/server_source.rb +164 -0
data/cookbooks/nagios/templates/default/apache2.conf.erb +96 -0
data/cookbooks/nagios/templates/default/cgi.cfg.erb +266 -0
data/cookbooks/nagios/templates/default/commands.cfg.erb +13 -0
data/cookbooks/nagios/templates/default/contacts.cfg.erb +37 -0
data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +25 -0
data/cookbooks/nagios/templates/default/hosts.cfg.erb +15 -0
data/cookbooks/nagios/templates/default/htpasswd.users.erb +6 -0
data/cookbooks/nagios/templates/default/nagios.cfg.erb +22 -0
data/cookbooks/nagios/templates/default/nginx.conf.erb +62 -0
data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +185 -0
data/cookbooks/nagios/templates/default/resource.cfg.erb +27 -0
data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +15 -0
data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +14 -0
data/cookbooks/nagios/templates/default/services.cfg.erb +14 -0
data/cookbooks/nagios/templates/default/templates.cfg.erb +31 -0
data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +13 -0
data/cookbooks/s3fs/CHANGELOG.md +13 -0
data/cookbooks/s3fs/LICENSE +37 -0
data/cookbooks/s3fs/README.md +6 -0
data/cookbooks/s3fs/attributes/default.rb +15 -0
data/cookbooks/s3fs/files/default/fuse-2.9.3.zip +0 -0
data/cookbooks/s3fs/metadata.rb +16 -0
data/cookbooks/s3fs/recipes/default.rb +91 -0
data/data_bags/demo/app.json +7 -0
data/data_bags/nagios_services/chef.json +6 -0
data/data_bags/nagios_services/linux_diskspace.json +5 -0
data/data_bags/nagios_services/momma_cat.json +6 -0
data/data_bags/nagios_services/mu-master-memory.json +5 -0
data/data_bags/nagios_services/nagios_ui.json +6 -0
data/data_bags/nagios_services/node_ssh.json +6 -0
data/data_bags/nagios_services/ssh.json +6 -0
data/demo/lambda_test.yaml +29 -0
data/environments/DEV.json +8 -0
data/environments/PROD.json +8 -0
data/environments/dev.json +8 -0
data/environments/development.json +8 -0
data/environments/prod.json +8 -0
data/extras/README.md +1 -0
data/extras/admin-role-binding.yaml +16 -0
data/extras/admin-user.yaml +6 -0
data/extras/aws-auth-cm.yaml.erb +12 -0
data/extras/clean-stock-amis +48 -0
data/extras/git-fix-permissions-hook +12 -0
data/extras/gitlab-eks-helper.sh.erb +20 -0
data/extras/image-generators/README.md +2 -0
data/extras/image-generators/aws/centos6.yaml +18 -0
data/extras/image-generators/aws/centos7-govcloud.yaml +24 -0
data/extras/image-generators/aws/centos7.yaml +17 -0
data/extras/image-generators/aws/rhel7.yaml +17 -0
data/extras/image-generators/aws/win2k12.yaml +16 -0
data/extras/image-generators/aws/win2k16.yaml +16 -0
data/extras/image-generators/aws/windows.yaml +18 -0
data/extras/image-generators/gcp/centos6.yaml +17 -0
data/extras/lambda_waf_domain_blacklist.py +103 -0
data/extras/platform_berksfile_base +50 -0
data/extras/ruby_rpm/build.sh +17 -0
data/extras/ruby_rpm/muby.spec +44 -0
data/extras/vault_tools/README.md +6 -0
data/extras/vault_tools/export_vaults.sh +3 -0
data/extras/vault_tools/recreate_vaults.sh +5 -0
data/extras/vault_tools/test_vaults.sh +5 -0
data/install/README.md +8 -0
data/install/cfn_create_mu_master.json +1034 -0
data/install/chef-server.rb.erb +19 -0
data/install/deprecated-bash-library.sh +1891 -0
data/install/images/Usage.png +0 -0
data/install/installer +71 -0
data/install/jenkinskeys.rb +8 -0
data/install/user-dot-murc.erb +14 -0
data/modules/html.erb +19 -0
data/modules/mommacat.ru +426 -0
data/modules/mu/cleanup.rb +339 -0
data/modules/mu/cloud.rb +1446 -0
data/modules/mu/clouds/README.md +201 -0
data/modules/mu/clouds/aws/alarm.rb +319 -0
data/modules/mu/clouds/aws/cache_cluster.rb +1010 -0
data/modules/mu/clouds/aws/collection.rb +373 -0
data/modules/mu/clouds/aws/container_cluster.rb +667 -0
data/modules/mu/clouds/aws/database.rb +1836 -0
data/modules/mu/clouds/aws/dnszone.rb +911 -0
data/modules/mu/clouds/aws/firewall_rule.rb +641 -0
data/modules/mu/clouds/aws/folder.rb +92 -0
data/modules/mu/clouds/aws/function.rb +349 -0
data/modules/mu/clouds/aws/group.rb +251 -0
data/modules/mu/clouds/aws/loadbalancer.rb +888 -0
data/modules/mu/clouds/aws/log.rb +363 -0
data/modules/mu/clouds/aws/msg_queue.rb +480 -0
data/modules/mu/clouds/aws/notification.rb +139 -0
data/modules/mu/clouds/aws/role.rb +656 -0
data/modules/mu/clouds/aws/search_domain.rb +646 -0
data/modules/mu/clouds/aws/server.rb +2294 -0
data/modules/mu/clouds/aws/server_pool.rb +1388 -0
data/modules/mu/clouds/aws/storage_pool.rb +495 -0
data/modules/mu/clouds/aws/user.rb +382 -0
data/modules/mu/clouds/aws/userdata/README.md +4 -0
data/modules/mu/clouds/aws/userdata/linux.erb +179 -0
data/modules/mu/clouds/aws/userdata/windows.erb +278 -0
data/modules/mu/clouds/aws/vpc.rb +1943 -0
data/modules/mu/clouds/aws.rb +1009 -0
data/modules/mu/clouds/cloudformation/alarm.rb +146 -0
data/modules/mu/clouds/cloudformation/cache_cluster.rb +167 -0
data/modules/mu/clouds/cloudformation/collection.rb +117 -0
data/modules/mu/clouds/cloudformation/database.rb +278 -0
data/modules/mu/clouds/cloudformation/dnszone.rb +274 -0
data/modules/mu/clouds/cloudformation/firewall_rule.rb +308 -0
data/modules/mu/clouds/cloudformation/loadbalancer.rb +193 -0
data/modules/mu/clouds/cloudformation/log.rb +170 -0
data/modules/mu/clouds/cloudformation/server.rb +370 -0
data/modules/mu/clouds/cloudformation/server_pool.rb +279 -0
data/modules/mu/clouds/cloudformation/vpc.rb +322 -0
data/modules/mu/clouds/cloudformation.rb +733 -0
data/modules/mu/clouds/docker.rb +30 -0
data/modules/mu/clouds/google/container_cluster.rb +290 -0
data/modules/mu/clouds/google/database.rb +152 -0
data/modules/mu/clouds/google/firewall_rule.rb +267 -0
data/modules/mu/clouds/google/group.rb +164 -0
data/modules/mu/clouds/google/loadbalancer.rb +479 -0
data/modules/mu/clouds/google/server.rb +1510 -0
data/modules/mu/clouds/google/server_pool.rb +274 -0
data/modules/mu/clouds/google/user.rb +266 -0
data/modules/mu/clouds/google/userdata/README.md +4 -0
data/modules/mu/clouds/google/userdata/linux.erb +137 -0
data/modules/mu/clouds/google/userdata/windows.erb +275 -0
data/modules/mu/clouds/google/vpc.rb +890 -0
data/modules/mu/clouds/google.rb +811 -0
data/modules/mu/config/README.md +11 -0
data/modules/mu/config/alarm.rb +271 -0
data/modules/mu/config/cache_cluster.rb +172 -0
data/modules/mu/config/collection.rb +87 -0
data/modules/mu/config/container_cluster.rb +103 -0
data/modules/mu/config/container_cluster.yml +36 -0
data/modules/mu/config/database.rb +458 -0
data/modules/mu/config/database.yml +26 -0
data/modules/mu/config/dnszone.rb +327 -0
data/modules/mu/config/firewall_rule.rb +118 -0
data/modules/mu/config/folder.rb +70 -0
data/modules/mu/config/function.rb +140 -0
data/modules/mu/config/group.rb +64 -0
data/modules/mu/config/loadbalancer.rb +482 -0
data/modules/mu/config/log.rb +47 -0
data/modules/mu/config/log.yml +6 -0
data/modules/mu/config/msg_queue.rb +47 -0
data/modules/mu/config/msg_queue.yml +9 -0
data/modules/mu/config/notification.rb +44 -0
data/modules/mu/config/project.rb +71 -0
data/modules/mu/config/role.rb +102 -0
data/modules/mu/config/search_domain.rb +61 -0
data/modules/mu/config/search_domain.yml +25 -0
data/modules/mu/config/server.rb +587 -0
data/modules/mu/config/server.yml +8 -0
data/modules/mu/config/server_pool.rb +216 -0
data/modules/mu/config/server_pool.yml +71 -0
data/modules/mu/config/storage_pool.rb +145 -0
data/modules/mu/config/user.rb +78 -0
data/modules/mu/config/vpc.rb +743 -0
data/modules/mu/config/vpc.yml +6 -0
data/modules/mu/config.rb +2000 -0
data/modules/mu/defaults/README.md +2 -0
data/modules/mu/defaults/amazon_images.yaml +121 -0
data/modules/mu/defaults/google_images.yaml +16 -0
data/modules/mu/deploy.rb +686 -0
data/modules/mu/groomer.rb +123 -0
data/modules/mu/groomers/README.md +58 -0
data/modules/mu/groomers/chef.rb +1024 -0
data/modules/mu/kittens.rb +11319 -0
data/modules/mu/logger.rb +208 -0
data/modules/mu/master/README.md +27 -0
data/modules/mu/master/chef.rb +471 -0
data/modules/mu/master/ldap.rb +1005 -0
data/modules/mu/master.rb +415 -0
data/modules/mu/mommacat.rb +2703 -0
data/modules/mu-load-config.rb +1 -0
data/modules/mu.rb +724 -0
data/modules/scratchpad.erb +1 -0
data/modules/tests/super_complex_bok.yml +41 -0
data/modules/tests/super_simple_bok.yml +40 -0
data/mu.gemspec +62 -0
data/roles/demo-dbservice-configure.json +19 -0
data/roles/demo-portal-configure.json +19 -0
data/roles/mu-master-jenkins.json +24 -0
data/roles/mu-master-nagios-only.json +13 -0
data/roles/mu-master.json +12 -0
data/roles/mu-node.json +19 -0
data/roles/mu-splunk-server.json +13 -0
data/roles/mu-splunk.json +13 -0
data/test/clean_up.py +25 -0
data/test/demo-test-profile/README.md +3 -0
data/test/demo-test-profile/controls/flask.rb +84 -0
data/test/demo-test-profile/inspec.lock +7 -0
data/test/demo-test-profile/inspec.yml +11 -0
data/test/etco-test-profile/README.md +3 -0
data/test/etco-test-profile/controls/all-in-one.rb +182 -0
data/test/etco-test-profile/inspec.lock +7 -0
data/test/etco-test-profile/inspec.yml +11 -0
data/test/exec_inspec.py +246 -0
data/test/exec_mu_install.py +241 -0
data/test/exec_retry.py +44 -0
data/test/mu-master-test/README.md +3 -0
data/test/mu-master-test/controls/all_in_one.rb +557 -0
data/test/mu-master-test/inspec.lock +3 -0
data/test/mu-master-test/inspec.yml +11 -0
data/test/mu-tools-test/README.md +3 -0
data/test/mu-tools-test/controls/base.rb +265 -0
data/test/mu-tools-test/inspec.lock +3 -0
data/test/mu-tools-test/inspec.yml +8 -0
data/test/simple-server-php-test/README.md +3 -0
data/test/simple-server-php-test/controls/apachephp.rb +25 -0
data/test/simple-server-php-test/controls/example.rb +19 -0
data/test/simple-server-php-test/inspec.lock +7 -0
data/test/simple-server-php-test/inspec.yml +12 -0
data/test/simple-server-rails-test/README.md +3 -0
data/test/simple-server-rails-test/controls/rails.rb +188 -0
data/test/simple-server-rails-test/inspec.lock +7 -0
data/test/simple-server-rails-test/inspec.yml +11 -0
data/test/simple-windows-test/README.md +3 -0
data/test/simple-windows-test/controls/windows.rb +20 -0
data/test/simple-windows-test/inspec.lock +7 -0
data/test/simple-windows-test/inspec.yml +11 -0
data/test/smoke_test.rb +75 -0
data/test/wordpress-test/README.md +3 -0
data/test/wordpress-test/controls/wordpress.rb +97 -0
data/test/wordpress-test/inspec.lock +7 -0
data/test/wordpress-test/inspec.yml +11 -0
metadata +979 -0

data/modules/mu/clouds/google/server.rb ADDED Viewed

@@ -0,0 +1,1510 @@
+# Copyright:: Copyright (c) 2017 eGlobalTech, Inc., all rights reserved
+#
+# Licensed under the BSD-3 license (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the root of the project or at
+#
+#     http://egt-labs.com/mu/LICENSE.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+require 'net/ssh'
+require 'net/ssh/multi'
+require 'net/ssh/proxy/command'
+autoload :OpenStruct, "ostruct"
+autoload :Timeout, "timeout"
+autoload :ERB, "erb"
+autoload :Base64, "base64"
+require 'open-uri'
+module MU
+  class Cloud
+    class Google
+      # A server as configured in {MU::Config::BasketofKittens::servers}. In
+      # Google Cloud, this amounts to a single Instance in an Unmanaged
+      # Instance Group.
+      class Server < MU::Cloud::Server
+        attr_reader :mu_name
+        attr_reader :config
+        attr_reader :deploy
+        attr_reader :cloud_id
+        attr_reader :cloud_desc
+        attr_reader :groomer
+        attr_accessor :mu_windows_name
+        # @param mommacat [MU::MommaCat]: A {MU::Mommacat} object containing the deploy of which this resource is/will be a member.
+        # @param kitten_cfg [Hash]: The fully parsed and resolved {MU::Config} resource descriptor as defined in {MU::Config::BasketofKittens::servers}
+        def initialize(mommacat: nil, kitten_cfg: nil, mu_name: nil, cloud_id: nil)
+          @deploy = mommacat
+          @config = MU::Config.manxify(kitten_cfg)
+          @cloud_id = cloud_id
+          if @deploy
+            @userdata = MU::Cloud.fetchUserdata(
+              platform: @config["platform"],
+              cloud: "google",
+              template_variables: {
+                "deployKey" => Base64.urlsafe_encode64(@deploy.public_key),
+                "deploySSHKey" => @deploy.ssh_public_key,
+                "muID" => MU.deploy_id,
+                "muUser" => MU.mu_user,
+                "publicIP" => MU.mu_public_ip,
+                "skipApplyUpdates" => @config['skipinitialupdates'],
+                "windowsAdminName" => @config['windows_admin_username'],
+                "resourceName" => @config["name"],
+                "resourceType" => "server",
+                "platform" => @config["platform"]
+              },
+              custom_append: @config['userdata_script']
+            )
+          end
+          if !mu_name.nil?
+            @mu_name = mu_name
+            @config['mu_name'] = @mu_name
+            # describe
+            @mu_windows_name = @deploydata['mu_windows_name'] if @mu_windows_name.nil? and @deploydata
+          else
+            if kitten_cfg.has_key?("basis")
+              @mu_name = @deploy.getResourceName(@config['name'], need_unique_string: true)
+            else
+              @mu_name = @deploy.getResourceName(@config['name'])
+            end
+            @config['mu_name'] = @mu_name
+            @config['instance_secret'] = Password.random(50)
+          end
+          @config['ssh_user'] ||= "mu"
+          @groomer = MU::Groomer.new(self)
+        end
+        # Generate a server-class specific service account, used to grant
+        # permission to do various API things to a node.
+        # @param rolename [String]:
+        # @param project [String]:
+        # @param scopes [Array<String>]: https://developers.google.com/identity/protocols/googlescopes
+        def self.createServiceAccount(rolename, project: MU::Cloud::Google.defaultProject, scopes: ["https://www.googleapis.com/auth/compute.readonly", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/cloud-platform"])
+#https://www.googleapis.com/auth/devstorage.read_only ?
+          name = MU::Cloud::Google.nameStr(rolename)
+          saobj = MU::Cloud::Google.iam(:CreateServiceAccountRequest).new(
+            account_id: rolename.gsub(/[^a-z]/, ""), # XXX this mangling isn't required in the console, so why is it here?
+            service_account: MU::Cloud::Google.iam(:ServiceAccount).new(
+              display_name: rolename,
+# do NOT specify project_id or name, we know that much
+            )
+          )
+          resp = MU::Cloud::Google.iam.create_service_account(
+            "projects/#{project}",
+            saobj
+          )
+          MU::Cloud::Google.compute(:ServiceAccount).new(
+            email: resp.email,
+            scopes: scopes
+          )
+        end
+        # Retrieve the cloud descriptor for this machine image, which can be
+        # a whole or partial URL. Will follow deprecation notices and retrieve
+        # the latest version, if applicable.
+        # @param image_id [String]: URL to a Google disk image
+        # @return [Google::Apis::ComputeBeta::Image]
+        def self.fetchImage(image_id)
+          img_proj = img_name = nil
+          begin
+            img_proj = image_id.gsub(/.*?\/?projects\/([^\/]+)\/.*/, '\1')
+            img_name = image_id.gsub(/.*?([^\/]+)$/, '\1')
+            img = MU::Cloud::Google.compute.get_image(img_proj, img_name)
+            if !img.deprecated.nil? and !img.deprecated.replacement.nil?
+              image_id = img.deprecated.replacement
+            end
+          end while !img.deprecated.nil? and img.deprecated.state == "DEPRECATED" and !img.deprecated.replacement.nil?
+          MU::Cloud::Google.compute.get_image(img_proj, img_name)
+        end
+        # Generator for disk configuration parameters for a Compute instance
+        # @param config [Hash]: The MU::Cloud::Server config hash for whom we're configuring disks
+        # @param create [Boolean]: Actually create extra (non-root) disks, or just the one declared as the root disk of the image
+        # @param disk_as_url [Boolean]: Whether to declare the disk type as a short string or full URL, which can vary depending on the calling resource
+        # @return [Array]: The Compute :AttachedDisk objects describing disks that've been created
+        def self.diskConfig(config, create = true, disk_as_url = true)
+          disks = []
+          puts config['image_id']
+          puts config['basis']
+          img = fetchImage(config['image_id'] || config['basis']['launch_config']['image_id'])
+# XXX slurp settings from /dev/sda or w/e by convention?
+          disktype = "projects/#{config['project']}/zones/#{config['availability_zone']}/diskTypes/pd-standard"
+          disktype = "pd-standard" if !disk_as_url
+# disk_type: projects/project/zones/#{config['availability_zone']}/diskTypes/pd-standard Other values include pd-ssd and local-ssd
+          imageobj = MU::Cloud::Google.compute(:AttachedDiskInitializeParams).new(
+            source_image: img.self_link,
+            disk_size_gb: 10, # this is binary? 2gb, that says
+            disk_type: disktype,
+          )
+          disks << MU::Cloud::Google.compute(:AttachedDisk).new(
+            auto_delete: true,
+            boot: true,
+            mode: "READ_WRITE",
+            type: "PERSISTENT",
+            initialize_params: imageobj
+          )
+          if config["storage"]
+            config["storage"].each { |vol|
+              devicename = vol['device'].gsub(/[^\w\-\.]/, "-").sub(/^[^\w]/, "")
+              disk_desc = {
+                :auto_delete => true,
+                :device_name => devicename, # XXX empty string is also legit
+                :mode => "READ_WRITE",
+                :type => "PERSISTENT" # SCRATCH is equivalent of ephemeral? cheap virtual memory disk? maybe ship a standard set
+              }
+              if vol['snapshot_id']
+                disk_desc[:source_snapshot] = vol['snapshot_id']
+# XXX check existence in in validateConfig
+              elsif vol['somekindofidforaloosevolume']
+                disk_desc[:source] = vol['somekindofidforaloosevolume']
+# XXX check existence in in validateConfig
+              end
+# XXX I don't know how to do this in managed instance groups
+#next
+next if !create
+              diskname = MU::Cloud::Google.nameStr(config['mu_name']+"-"+devicename)
+              newdiskobj = MU::Cloud::Google.compute(:Disk).new(
+                size_gb: vol['size'],
+                description: MU.deploy_id,
+                zone: config['availability_zone'],
+#                    type: "projects/#{config['project']}/zones/#{config['availability_zone']}/diskTypes/pd-ssd",
+                type: "projects/#{config['project']}/zones/#{config['availability_zone']}/diskTypes/pd-standard",
+                source_snapshot: vol['snapshot_id'],
+# type: projects/project/zones/#{config['availability_zone']}/diskTypes/pd-standard Other values include pd-ssd and local-ssd
+                name: diskname
+              )
+              MU.log "Creating disk #{diskname}", details: newdiskobj
+              newdisk = MU::Cloud::Google.compute.insert_disk(
+                config['project'],
+                config['availability_zone'],
+                newdiskobj
+              )
+              disk_desc[:source] = newdisk.self_link
+              disks << MU::Cloud::Google.compute(:AttachedDisk).new(disk_desc)
+            }
+          end
+          disks
+        end
+        # Generator for disk configuration parameters for a Compute instance
+        # @param config [Hash]: The MU::Cloud::Server config hash for whom we're configuring network interfaces
+        # @param vpc [MU::Cloud::Google::VPC]: The VPC in which this interface should reside
+        # @return [Array]: Configuration objects for network interfaces, suitable for passing to the Compute API
+        def self.interfaceConfig(config, vpc)
+          subnet_cfg = config['vpc']
+          if config['vpc']['subnets'] and
+             !subnet_cfg['subnet_name'] and !subnet_cfg['subnet_id']
+            subnet_cfg = config['vpc']['subnets'].sample
+          end
+          subnet = vpc.getSubnet(name: subnet_cfg['subnet_name'], cloud_id: subnet_cfg['subnet_id'])
+          if subnet.nil?
+            raise MuError, "Couldn't find subnet details while configuring Server #{config['name']} (VPC: #{vpc.mu_name})"
+          end
+          base_iface_obj = {
+            :network => vpc.url,
+            :subnetwork => subnet.url
+          }
+          if config['associate_public_ip']
+            base_iface_obj[:access_configs] = [
+              MU::Cloud::Google.compute(:AccessConfig).new
+            ]
+          end
+          interfaces = [base_iface_obj]
+          # XXX add more if they asked for it (e.g. config['private_ip'])
+          interfaces
+        end
+        # Called automatically by {MU::Deploy#createResources}
+        def create
+          service_acct = MU::Cloud::Google::Server.createServiceAccount(
+            @mu_name.downcase,
+            project: @config['project']
+          )
+          MU::Cloud::Google.grantDeploySecretAccess(service_acct.email)
+          begin
+            disks = MU::Cloud::Google::Server.diskConfig(@config)
+            interfaces = MU::Cloud::Google::Server.interfaceConfig(@config, @vpc)
+            if @config['routes']
+              @config['routes'].each { |route|
+                @vpc.cloudobj.createRouteForInstance(route, self)
+              }
+            end
+            desc = {
+              :name => MU::Cloud::Google.nameStr(@mu_name),
+              :can_ip_forward => !@config['src_dst_check'],
+              :description => @deploy.deploy_id,
+              :service_accounts => [service_acct],
+              :network_interfaces => interfaces,
+              :machine_type => "zones/"+@config['availability_zone']+"/machineTypes/"+@config['size'],
+              :metadata => {
+                :items => [
+                  {
+                    :key => "ssh-keys",
+                    :value => @config['ssh_user']+":"+@deploy.ssh_public_key
+                  },
+                  {
+                    :key => "startup-script",
+                    :value => @userdata
+                  }
+                ]
+              },
+              :tags => MU::Cloud::Google.compute(:Tags).new(items: [MU::Cloud::Google.nameStr(@mu_name)])
+            }
+            desc[:disks] = disks if disks.size > 0
+            # Tags in GCP means something other than what we think of;
+            # labels are the thing you think you mean
+            desc[:labels] = {}
+            MU::MommaCat.listStandardTags.each_pair { |name, value|
+              if !value.nil?
+                desc[:labels][name.downcase] = value.downcase.gsub(/[^a-z0-9\-\_]/i, "_")
+              end
+            }
+            desc[:labels]["name"] = @mu_name.downcase
+            instanceobj = MU::Cloud::Google.compute(:Instance).new(desc)
+            MU.log "Creating instance #{@mu_name}"
+            begin
+            instance = MU::Cloud::Google.compute.insert_instance(
+              @config['project'],
+              @config['availability_zone'],
+              instanceobj
+            )
+            rescue ::Google::Apis::ClientError => e
+              MU.log e.message, MU::ERR
+              raise e
+            end
+            @cloud_id = instance.name # XXX or instance.target_link... pick a convention, would you?
+            if !@config['async_groom']
+              sleep 5
+              MU::MommaCat.lock(@cloud_id+"-create")
+              if !postBoot
+                MU.log "#{@config['name']} is already being groomed, skipping", MU::NOTICE
+              else
+                MU.log "Node creation complete for #{@config['name']}"
+              end
+              MU::MommaCat.unlock(@cloud_id+"-create")
+            end
+            done = false
+            @deploy.saveNodeSecret(@cloud_id, @config['instance_secret'], "instance_secret")
+            @config.delete("instance_secret")
+            if cloud_desc.nil? or cloud_desc.status != "RUNNING"
+              raiseert MuError, "#{@cloud_id} appears to have gone sideways mid-bootstrap #{cloud_desc.status if cloud_desc.nil?}"
+            end
+            notify
+          rescue Exception => e
+            if !cloud_desc.nil? and !done
+              MU.log "Aborted before I could finish setting up #{@config['name']}, cleaning it up. Stack trace will print once cleanup is complete.", MU::WARN if !@deploy.nocleanup
+              MU::MommaCat.unlockAll
+              if !@deploy.nocleanup
+                parent_thread_id = Thread.current.object_id
+                Thread.new {
+                  MU.dupGlobals(parent_thread_id)
+                  MU::Cloud::Google::Server.cleanup(noop: false, ignoremaster: false, skipsnapshots: true)
+                }
+              end
+            end
+            raise e
+          end
+          return @config
+        end
+        # Return a BoK-style config hash describing a NAT instance. We use this
+        # to approximate Amazon's NAT gateway functionality with a plain
+        # instance.
+        # @return [Hash]
+        def self.genericNAT
+          return {
+            "cloud" => "Google",
+            "size" => "g1-small",
+            "run_list" => [ "mu-utility::nat" ],
+            "platform" => "centos7",
+            "ssh_user" => "centos",
+            "associate_public_ip" => true,
+            "static_ip" => { "assign_ip" => true },
+            "routes" => [ {
+              "gateway" => "#INTERNET",
+              "priority" => 50,
+              "destination_network" => "0.0.0.0/0"
+            } ]
+          }
+        end
+        # Ask the Google API to stop this node
+        def stop
+          MU.log "Stopping #{@cloud_id}"
+          MU::Cloud::Google.compute.stop_instance(
+            @config['project'],
+            @config['availability_zone'],
+            @cloud_id
+          )
+          begin
+            sleep 5
+          end while cloud_desc.status != "TERMINATED" # means STOPPED
+        end
+        # Ask the Google API to start this node
+        def start
+          MU.log "Starting #{@cloud_id}"
+          MU::Cloud::Google.compute.start_instance(
+            @config['project'],
+            @config['availability_zone'],
+            @cloud_id
+          )
+          begin
+            sleep 5
+          end while cloud_desc.status != "RUNNING"
+        end
+        # Ask the Google API to restart this node
+        def reboot(hard = false)
+          return if @cloud_id.nil?
+          if hard
+            groupname = nil
+            if !@config['basis'].nil?
+              resp = MU::Cloud::AWS.autoscale(@config['region']).describe_auto_scaling_instances(
+                instance_ids: [@cloud_id]
+              )
+              groupname = resp.auto_scaling_instances.first.auto_scaling_group_name
+              MU.log "Pausing Autoscale processes in #{groupname}", MU::NOTICE
+              MU::Cloud::AWS.autoscale(@config['region']).suspend_processes(
+                auto_scaling_group_name: groupname
+              )
+            end
+            begin
+              MU.log "Stopping #{@mu_name} (#{@cloud_id})", MU::NOTICE
+              MU::Cloud::AWS.ec2(@config['region']).stop_instances(
+                instance_ids: [@cloud_id]
+              )
+              MU::Cloud::AWS.ec2(@config['region']).wait_until(:instance_stopped, instance_ids: [@cloud_id]) do |waiter|
+                waiter.before_attempt do |attempts|
+                  MU.log "Waiting for #{@mu_name} to stop for hard reboot"
+                end
+              end
+              MU.log "Starting #{@mu_name} (#{@cloud_id})"
+              MU::Cloud::AWS.ec2(@config['region']).start_instances(
+                instance_ids: [@cloud_id]
+              )
+            ensure
+              if !groupname.nil?
+                MU.log "Resuming Autoscale processes in #{groupname}", MU::NOTICE
+                MU::Cloud::AWS.autoscale(@config['region']).resume_processes(
+                  auto_scaling_group_name: groupname
+                )
+              end
+            end
+          else
+            MU.log "Rebooting #{@mu_name} (#{@cloud_id})"
+            MU::Cloud::AWS.ec2(@config['region']).reboot_instances(
+              instance_ids: [@cloud_id]
+            )
+          end
+        end
+        # Figure out what's needed to SSH into this server.
+        # @return [Array<String>]: nat_ssh_key, nat_ssh_user, nat_ssh_host, canonical_ip, ssh_user, ssh_key_name, alternate_names
+        def getSSHConfig
+          node, config, deploydata = describe(cloud_id: @cloud_id)
+# XXX add some awesome alternate names from metadata and make sure they end
+# up in MU::MommaCat's ssh config wangling
+          ssh_keydir = Etc.getpwuid(Process.uid).dir+"/.ssh"
+          return nil if @config.nil? or @deploy.nil?
+          nat_ssh_key = nat_ssh_user = nat_ssh_host = nil
+          if !@config["vpc"].nil? and !MU::Cloud::Google::VPC.haveRouteToInstance?(cloud_desc, region: @config['region'])
+            if !@nat.nil?
+              if @nat.cloud_desc.nil?
+                MU.log "NAT was missing cloud descriptor when called in #{@mu_name}'s getSSHConfig", MU::ERR
+                return nil
+              end
+              foo, bar, baz, nat_ssh_host, nat_ssh_user, nat_ssh_key  = @nat.getSSHConfig
+              if nat_ssh_user.nil? and !nat_ssh_host.nil?
+                MU.log "#{@config["name"]} (#{MU.deploy_id}) is configured to use #{@config['vpc']} NAT #{nat_ssh_host}, but username isn't specified. Guessing root.", MU::ERR, details: caller
+                nat_ssh_user = "root"
+              end
+            end
+          end
+          if @config['ssh_user'].nil?
+            if windows?
+              @config['ssh_user'] = "Administrator"
+            else
+              @config['ssh_user'] = "root"
+            end
+          end
+          return [nat_ssh_key, nat_ssh_user, nat_ssh_host, canonicalIP, @config['ssh_user'], @deploy.ssh_key_name]
+        end
+        # Apply tags, bootstrap our configuration management, and other
+        # administravia for a new instance.
+        def postBoot(instance_id = nil)
+          if !instance_id.nil?
+            @cloud_id = instance_id
+          end
+          instance = cloud_desc
+          node, config, deploydata = describe(cloud_id: @cloud_id)
+          instance = cloud_desc
+          raise MuError, "Couldn't find instance of #{@mu_name} (#{@cloud_id})" if !instance
+          return false if !MU::MommaCat.lock(@cloud_id+"-orchestrate", true)
+          return false if !MU::MommaCat.lock(@cloud_id+"-groom", true)
+#          MU::MommaCat.createStandardTags(@cloud_id, region: @config['region'])
+#          MU::MommaCat.createTag(@cloud_id, "Name", node, region: @config['region'])
+#
+#          if @config['optional_tags']
+#            MU::MommaCat.listOptionalTags.each { |key, value|
+#              MU::MommaCat.createTag(@cloud_id, key, value, region: @config['region'])
+#            }
+#          end
+#
+#          if !@config['tags'].nil?
+#            @config['tags'].each { |tag|
+#              MU::MommaCat.createTag(@cloud_id, tag['key'], tag['value'], region: @config['region'])
+#            }
+#          end
+#          MU.log "Tagged #{node} (#{@cloud_id}) with MU-ID=#{MU.deploy_id}", MU::DEBUG
+#
+          # Make double sure we don't lose a cached mu_windows_name value.
+          if windows? or !@config['active_directory'].nil?
+            if @mu_windows_name.nil?
+              @mu_windows_name = deploydata['mu_windows_name']
+            end
+          end
+#          punchAdminNAT
+#
+#
+#          # If we came up via AutoScale, the Alarm module won't have had our
+#          # instance ID to associate us with itself. So invoke that here.
+#          if !@config['basis'].nil? and @config["alarms"] and !@config["alarms"].empty?
+#            @config["alarms"].each { |alarm|
+#              alarm_obj = MU::MommaCat.findStray(
+#                "AWS",
+#                "alarms",
+#                region: @config["region"],
+#                deploy_id: @deploy.deploy_id,
+#                name: alarm['name']
+#              ).first
+#              alarm["dimensions"] = [{:name => "InstanceId", :value => @cloud_id}]
+#
+#              if alarm["enable_notifications"]
+#                topic_arn = MU::Cloud::AWS::Notification.createTopic(alarm["notification_group"], region: @config["region"])
+#                MU::Cloud::AWS::Notification.subscribe(arn: topic_arn, protocol: alarm["notification_type"], endpoint: alarm["notification_endpoint"], region: @config["region"])
+#                alarm["alarm_actions"] = [topic_arn]
+#                alarm["ok_actions"]  = [topic_arn]
+#              end
+#
+#              alarm_name = alarm_obj ? alarm_obj.cloud_id : "#{node}-#{alarm['name']}".upcase
+#
+#              MU::Cloud::AWS::Alarm.setAlarm(
+#                name: alarm_name,
+#                ok_actions: alarm["ok_actions"],
+#                alarm_actions: alarm["alarm_actions"],
+#                insufficient_data_actions: alarm["no_data_actions"],
+#                metric_name: alarm["metric_name"],
+#                namespace: alarm["namespace"],
+#                statistic: alarm["statistic"],
+#                dimensions: alarm["dimensions"],
+#                period: alarm["period"],
+#                unit: alarm["unit"],
+#                evaluation_periods: alarm["evaluation_periods"],
+#                threshold: alarm["threshold"],
+#                comparison_operator: alarm["comparison_operator"],
+#                region: @config["region"]
+#              )
+#            }
+#          end
+#
+#          # We have issues sometimes where our dns_records are pointing at the wrong node name and IP address.
+#          # Make sure that doesn't happen. Happens with server pools only
+#          if @config['dns_records'] && !@config['dns_records'].empty?
+#            @config['dns_records'].each { |dnsrec|
+#              if dnsrec.has_key?("name")
+#                if dnsrec['name'].start_with?(MU.deploy_id.downcase) && !dnsrec['name'].start_with?(node.downcase)
+#                  MU.log "DNS records for #{node} seem to be wrong, deleting from current config", MU::WARN, details: dnsrec
+#                  dnsrec.delete('name')
+#                  dnsrec.delete('target')
+#                end
+#              end
+#            }
+#          end
+          # Unless we're planning on associating a different IP later, set up a
+          # DNS entry for this thing and let it sync in the background. We'll
+          # come back to it later.
+          if @config['static_ip'].nil? && !@named
+            MU::MommaCat.nameKitten(self)
+            @named = true
+          end
+          nat_ssh_key, nat_ssh_user, nat_ssh_host, canonical_ip, ssh_user, ssh_key_name = getSSHConfig
+          if !nat_ssh_host and !MU::Cloud::Google::VPC.haveRouteToInstance?(cloud_desc, region: @config['region'])
+# XXX check if canonical_ip is in the private ranges
+#            raise MuError, "#{node} has no NAT host configured, and I have no other route to it"
+          end
+#          # Set console termination protection. Autoscale nodes won't set this
+#          # by default.
+#          MU::Cloud::AWS.ec2(@config['region']).modify_instance_attribute(
+#              instance_id: @cloud_id,
+#              disable_api_termination: {:value => true}
+#          )
+#MU.log "Let's deal with addressing", MU::WARN, details: cloud_desc
+            # If we asked for a public IP address, make sure we get one
+#              addrobj = MU::Cloud::Google.compute(:Address).new(
+#                name: @mu_name+"-public-ip",
+#                description: @deploy.deploy_id
+#              )
+#              addr_insert = MU::Cloud::Google.compute.insert_global_address(
+#                @config['project'],
+##                @config['region'],
+#                addrobj
+#              )
+#              pp addr_insert
+#              raise "BOOP"
+#          has_elastic_ip = false
+#          if !instance.public_ip_address.nil?
+#            begin
+#              resp = MU::Cloud::AWS.ec2((@config['region'])).describe_addresses(public_ips: [instance.public_ip_address])
+#              if resp.addresses.size > 0 and resp.addresses.first.instance_id == @cloud_id
+#                has_elastic_ip = true
+#              end
+#            rescue Aws::EC2::Errors::InvalidAddressNotFound => e
+#              # XXX this is ok to ignore, it means the public IP isn't Elastic
+#            end
+#          end
+#          win_admin_password = nil
+#          ec2config_password = nil
+#          sshd_password = nil
+#          if windows?
+#            ssh_keydir = "#{Etc.getpwuid(Process.uid).dir}/.ssh"
+#            ssh_key_name = @deploy.ssh_key_name
+#
+#            if @config['use_cloud_provider_windows_password']
+#              win_admin_password = getWindowsAdminPassword
+#            elsif @config['windows_auth_vault'] && !@config['windows_auth_vault'].empty?
+#              if @config["windows_auth_vault"].has_key?("password_field")
+#                win_admin_password = @groomer.getSecret(
+#                    vault: @config['windows_auth_vault']['vault'],
+#                    item: @config['windows_auth_vault']['item'],
+#                    field: @config["windows_auth_vault"]["password_field"]
+#                )
+#              else
+#                win_admin_password = getWindowsAdminPassword
+#              end
+#
+#              if @config["windows_auth_vault"].has_key?("ec2config_password_field")
+#                ec2config_password = @groomer.getSecret(
+#                    vault: @config['windows_auth_vault']['vault'],
+#                    item: @config['windows_auth_vault']['item'],
+#                    field: @config["windows_auth_vault"]["ec2config_password_field"]
+#                )
+#              end
+#
+#              if @config["windows_auth_vault"].has_key?("sshd_password_field")
+#                sshd_password = @groomer.getSecret(
+#                    vault: @config['windows_auth_vault']['vault'],
+#                    item: @config['windows_auth_vault']['item'],
+#                    field: @config["windows_auth_vault"]["sshd_password_field"]
+#                )
+#              end
+#            end
+#
+#            win_admin_password = MU.generateWindowsPassword if win_admin_password.nil?
+#            ec2config_password = MU.generateWindowsPassword if ec2config_password.nil?
+#            sshd_password = MU.generateWindowsPassword if sshd_password.nil?
+#
+#            # We're creating the vault here so when we run
+#            # MU::Cloud::Server.initialSSHTasks and we need to set the Windows
+#            # Admin password we can grab it from said vault.
+#            creds = {
+#                "username" => @config['windows_admin_username'],
+#                "password" => win_admin_password,
+#                "ec2config_username" => "ec2config",
+#                "ec2config_password" => ec2config_password,
+#                "sshd_username" => "sshd_service",
+#                "sshd_password" => sshd_password
+#            }
+#            @groomer.saveSecret(vault: @mu_name, item: "windows_credentials", data: creds, permissions: "name:#{@mu_name}")
+#          end
+#
+#
+#
+#            # If we've asked for additional subnets (and this @config is not a
+#            # member of a Server Pool, which has different semantics), create
+#            # extra interfaces to accomodate.
+#            if !@config['vpc']['subnets'].nil? and @config['basis'].nil?
+#              device_index = 1
+#              @vpc.subnets { |subnet|
+#                subnet_id = subnet.cloud_id
+#                MU.log "Adding network interface on subnet #{subnet_id} for #{node}"
+#                iface = MU::Cloud::AWS.ec2(@config['region']).create_network_interface(subnet_id: subnet_id).network_interface
+#                MU::MommaCat.createStandardTags(iface.network_interface_id, region: @config['region'])
+#                MU::MommaCat.createTag(iface.network_interface_id, "Name", node+"-ETH"+device_index.to_s, region: @config['region'])
+#
+#                if @config['optional_tags']
+#                  MU::MommaCat.listOptionalTags.each { |key, value|
+#                    MU::MommaCat.createTag(iface.network_interface_id, key, value, region: @config['region'])
+#                  }
+#                end
+#
+#                if !@config['tags'].nil?
+#                  @config['tags'].each { |tag|
+#                    MU::MommaCat.createTag(iface.network_interface_id, tag['key'], tag['value'], region: @config['region'])
+#                  }
+#                end
+#
+#                MU::Cloud::AWS.ec2(@config['region']).attach_network_interface(
+#                    network_interface_id: iface.network_interface_id,
+#                    instance_id: @cloud_id,
+#                    device_index: device_index
+#                )
+#                device_index = device_index + 1
+#              }
+#            end
+#          elsif !@config['static_ip'].nil?
+#            if !@config['static_ip']['ip'].nil?
+#              public_ip = MU::Cloud::AWS::Server.associateElasticIp(@cloud_id, classic: true, ip: @config['static_ip']['ip'])
+#            elsif !has_elastic_ip
+#              public_ip = MU::Cloud::AWS::Server.associateElasticIp(@cloud_id, classic: true)
+#            end
+#          end
+#
+#
+#          if !@config['image_then_destroy']
+#            notify
+#          end
+#
+#          MU.log "EC2 instance #{node} has id #{@cloud_id}", MU::DEBUG
+#
+#          @config["private_dns_name"] = instance.private_dns_name
+#          @config["public_dns_name"] = instance.public_dns_name
+#          @config["private_ip_address"] = instance.private_ip_address
+#          @config["public_ip_address"] = instance.public_ip_address
+#
+#          ext_mappings = MU.structToHash(instance.block_device_mappings)
+#
+#          # Root disk on standard CentOS AMI
+#          # tagVolumes(@cloud_id, "/dev/sda", "Name", "ROOT-"+MU.deploy_id+"-"+@config["name"].upcase)
+#          # Root disk on standard Ubuntu AMI
+#          # tagVolumes(@cloud_id, "/dev/sda1", "Name", "ROOT-"+MU.deploy_id+"-"+@config["name"].upcase)
+#
+#          # Generic deploy ID tag
+#          # tagVolumes(@cloud_id)
+#
+#          # Tag volumes with all our standard tags.
+#          # Maybe replace tagVolumes with this? There is one more place tagVolumes is called from
+#          volumes = MU::Cloud::AWS.ec2(@config['region']).describe_volumes(filters: [name: "attachment.instance-id", values: [@cloud_id]])
+#          volumes.each { |vol|
+#            vol.volumes.each { |volume|
+#              volume.attachments.each { |attachment|
+#                MU::MommaCat.listStandardTags.each_pair { |key, value|
+#                  MU::MommaCat.createTag(attachment.volume_id, key, value, region: @config['region'])
+#
+#                  if attachment.device == "/dev/sda" or attachment.device == "/dev/sda1"
+#                    MU::MommaCat.createTag(attachment.volume_id, "Name", "ROOT-#{MU.deploy_id}-#{@config["name"].upcase}", region: @config['region'])
+#                  else
+#                    MU::MommaCat.createTag(attachment.volume_id, "Name", "#{MU.deploy_id}-#{@config["name"].upcase}-#{attachment.device.upcase}", region: @config['region'])
+#                  end
+#                }
+#
+#                if @config['optional_tags']
+#                  MU::MommaCat.listOptionalTags.each { |key, value|
+#                    MU::MommaCat.createTag(attachment.volume_id, key, value, region: @config['region'])
+#                  }
+#                end
+#
+#                if @config['tags']
+#                  @config['tags'].each { |tag|
+#                    MU::MommaCat.createTag(attachment.volume_id, tag['key'], tag['value'], region: @config['region'])
+#                  }
+#                end
+#              }
+#            }
+#          }
+#
+#          canonical_name = instance.public_dns_name
+#          canonical_name = instance.private_dns_name if !canonical_name or nat_ssh_host != nil
+#          @config['canonical_name'] = canonical_name
+#
+#          if !@config['add_private_ips'].nil?
+#            instance.network_interfaces.each { |int|
+#              if int.private_ip_address == instance.private_ip_address and int.private_ip_addresses.size < (@config['add_private_ips'] + 1)
+#                MU.log "Adding #{@config['add_private_ips']} extra private IP addresses to #{@cloud_id}"
+#                MU::Cloud::AWS.ec2(@config['region']).assign_private_ip_addresses(
+#                    network_interface_id: int.network_interface_id,
+#                    secondary_private_ip_address_count: @config['add_private_ips'],
+#                    allow_reassignment: false
+#                )
+#              end
+#            }
+#            notify
+#          end
+#
+#          windows? ? ssh_wait = 60 : ssh_wait = 30
+#          windows? ? max_retries = 50 : max_retries = 35
+#          begin
+#            session = getSSHSession(max_retries, ssh_wait)
+#            initialSSHTasks(session)
+#          rescue BootstrapTempFail
+#            sleep ssh_wait
+#            retry
+#          ensure
+#            session.close if !session.nil?
+#          end
+#
+#          if @config["existing_deploys"] && !@config["existing_deploys"].empty?
+#            @config["existing_deploys"].each { |ext_deploy|
+#              if ext_deploy["cloud_id"]
+#                found = MU::MommaCat.findStray(
+#                  @config['cloud'],
+#                  ext_deploy["cloud_type"],
+#                  cloud_id: ext_deploy["cloud_id"],
+#                  region: @config['region'],
+#                  dummy_ok: false
+#                ).first
+#
+#                MU.log "Couldn't find existing resource #{ext_deploy["cloud_id"]}, #{ext_deploy["cloud_type"]}", MU::ERR if found.nil?
+#                @deploy.notify(ext_deploy["cloud_type"], found.config["name"], found.deploydata, mu_name: found.mu_name, triggering_node: @mu_name)
+#              elsif ext_deploy["mu_name"] && ext_deploy["deploy_id"]
+#                MU.log "#{ext_deploy["mu_name"]} / #{ext_deploy["deploy_id"]}"
+#                found = MU::MommaCat.findStray(
+#                  @config['cloud'],
+#                  ext_deploy["cloud_type"],
+#                  deploy_id: ext_deploy["deploy_id"],
+#                  mu_name: ext_deploy["mu_name"],
+#                  region: @config['region'],
+#                  dummy_ok: false
+#                ).first
+#
+#                MU.log "Couldn't find existing resource #{ext_deploy["mu_name"]}/#{ext_deploy["deploy_id"]}, #{ext_deploy["cloud_type"]}", MU::ERR if found.nil?
+#                @deploy.notify(ext_deploy["cloud_type"], found.config["name"], found.deploydata, mu_name: ext_deploy["mu_name"], triggering_node: @mu_name)
+#              else
+#                MU.log "Trying to find existing deploy, but either the cloud_id is not valid or no mu_name and deploy_id where provided", MU::ERR
+#              end
+#            }
+#          end
+          # See if this node already exists in our config management. If it does,
+          # we're done.
+          if @groomer.haveBootstrapped?
+            MU.log "Node #{node} has already been bootstrapped, skipping groomer setup.", MU::NOTICE
+            @groomer.saveDeployData
+            MU::MommaCat.unlock(@cloud_id+"-orchestrate")
+            MU::MommaCat.unlock(@cloud_id+"-groom")
+            return true
+          end
+          @groomer.bootstrap
+          # Make sure we got our name written everywhere applicable
+          if !@named
+            MU::MommaCat.nameKitten(self)
+            @named = true
+          end
+          MU::MommaCat.unlock(@cloud_id+"-groom")
+          MU::MommaCat.unlock(@cloud_id+"-orchestrate")
+          return true
+        end #postBoot
+        # Locate an existing instance or instances and return an array containing matching AWS resource descriptors for those that match.
+        # @param cloud_id [String]: The cloud provider's identifier for this resource.
+        # @param region [String]: The cloud provider region
+        # @param tag_key [String]: A tag key to search.
+        # @param tag_value [String]: The value of the tag specified by tag_key to match when searching by tag.
+        # @param ip [String]: An IP address associated with the instance
+        # @param flags [Hash]: Optional flags
+        # @return [Array<Hash<String,OpenStruct>>]: The cloud provider's complete descriptions of matching instances
+        def self.find(cloud_id: nil, region: MU.curRegion, tag_key: "Name", tag_value: nil, ip: nil, flags: {})
+# XXX put that 'ip' value into flags
+          instance = nil
+          flags["project"] ||= MU::Cloud::Google.defaultProject
+          if !region.nil? and MU::Cloud::Google.listRegions.include?(region)
+            regions = [region]
+          else
+            regions = MU::Cloud::Google.listRegions
+          end
+          found_instances = {}
+          search_semaphore = Mutex.new
+          search_threads = []
+          # If we got an instance id, go get it
+          if !cloud_id.nil? and !cloud_id.empty?
+            parent_thread_id = Thread.current.object_id
+            regions.each { |region|
+              search_threads << Thread.new {
+                Thread.abort_on_exception = false
+                MU.dupGlobals(parent_thread_id)
+                MU.log "Hunting for instance with cloud id '#{cloud_id}' in #{region}", MU::DEBUG
+                MU::Cloud::Google.listAZs(region).each { |az|
+                  resp = nil
+                  begin
+                    resp = MU::Cloud::Google.compute.get_instance(
+                      flags["project"],
+                      az,
+                      cloud_id
+                    )
+                  rescue ::Google::Apis::ClientError => e
+                    raise e if !e.message.match(/^notFound: /)
+                  end
+                  found_instances[cloud_id] = resp if !resp.nil?
+                }
+              }
+            }
+            done_threads = []
+            begin
+              search_threads.each { |t|
+                joined = t.join(2)
+                done_threads << joined if !joined.nil?
+              }
+            end while found_instances.size < 1 and done_threads.size != search_threads.size
+          end
+          if found_instances.size > 0
+            return found_instances
+          end
+          # Ok, well, let's try looking it up by IP then
+          if instance.nil? and !ip.nil?
+            MU.log "Hunting for instance by IP '#{ip}'", MU::DEBUG
+          end
+          if !instance.nil?
+            return {instance.name => instance} if !instance.nil?
+          end
+          # Fine, let's try it by tag.
+          if !tag_value.nil?
+            MU.log "Searching for instance by tag '#{tag_key}=#{tag_value}'", MU::DEBUG
+          end
+          return found_instances
+        end
+        # Return a description of this resource appropriate for deployment
+        # metadata. Arguments reflect the return values of the MU::Cloud::[Resource].describe method
+        def notify
+          node, config, deploydata = describe(cloud_id: @cloud_id, update_cache: true)
+          deploydata = {} if deploydata.nil?
+          if cloud_desc.nil?
+            raise MuError, "Failed to load instance metadata for #{@config['mu_name']}/#{@cloud_id}"
+          end
+          interfaces = []
+          private_ips = []
+          public_ips = []
+          cloud_desc.network_interfaces.each { |iface|
+            private_ips << iface.network_ip
+            if iface.access_configs
+              iface.access_configs.each { |acfg|
+                public_ips << acfg.nat_ip if acfg.nat_ip
+              }
+            end
+            interfaces << {
+              "network_interface_id" => iface.name,
+              "subnet_id" => iface.subnetwork,
+              "vpc_id" => iface.network
+            }
+          }
+          deploydata = {
+              "nodename" => @mu_name,
+              "run_list" => @config['run_list'],
+              "image_created" => @config['image_created'],
+#              "iam_role" => @config['iam_role'],
+              "cloud_desc_id" => @cloud_id,
+              "private_ip_address" => private_ips.first,
+              "public_ip_address" => public_ips.first,
+              "private_ip_list" => private_ips,
+#              "key_name" => cloud_desc.key_name,
+#              "subnet_id" => cloud_desc.subnet_id,
+#              "cloud_desc_type" => cloud_desc.instance_type #,
+              #				"network_interfaces" => interfaces,
+              #				"config" => server
+          }
+          if !@mu_windows_name.nil?
+            deploydata["mu_windows_name"] = @mu_windows_name
+          end
+          if !@config['chef_data'].nil?
+            deploydata.merge!(@config['chef_data'])
+          end
+          deploydata["region"] = @config['region'] if !@config['region'].nil?
+          if !@named
+            MU::MommaCat.nameKitten(self)
+            @named = true
+          end
+          return deploydata
+        end
+        # Called automatically by {MU::Deploy#createResources}
+        def groom
+          MU::MommaCat.lock(@cloud_id+"-groom")
+          node, config, deploydata = describe(cloud_id: @cloud_id)
+          if node.nil? or node.empty?
+            raise MuError, "MU::Cloud::Google::Server.groom was called without a mu_name"
+          end
+          # Make double sure we don't lose a cached mu_windows_name value.
+          if windows? or !@config['active_directory'].nil?
+            if @mu_windows_name.nil?
+              @mu_windows_name = deploydata['mu_windows_name']
+            end
+          end
+#          punchAdminNAT
+#          MU::Cloud::AWS::Server.tagVolumes(@cloud_id)
+          # If we have a loadbalancer configured, attach us to it
+#          if !@config['loadbalancers'].nil?
+#            if @loadbalancers.nil?
+#              raise MuError, "#{@mu_name} is configured to use LoadBalancers, but none have been loaded by dependencies()"
+#            end
+#            @loadbalancers.each { |lb|
+#              lb.registerNode(@cloud_id)
+#            }
+#          end
+          # Let us into any databases we depend on.
+          # This is probelmtic with autscaling - old ips are not removed, and access to the database can easily be given at the BoK level
+          # if @dependencies.has_key?("database")
+            # @dependencies['database'].values.each { |db|
+              # db.allowHost(@deploydata["private_ip_address"]+"/32")
+              # if @deploydata["public_ip_address"]
+                # db.allowHost(@deploydata["public_ip_address"]+"/32")
+              # end
+            # }
+          # end
+          @groomer.saveDeployData
+          begin
+            @groomer.run(purpose: "Full Initial Run", max_retries: 15)
+          rescue MU::Groomer::RunError
+            MU.log "Proceeding after failed initial Groomer run, but #{node} may not behave as expected!", MU::WARN
+          end
+          if !@config['create_image'].nil? and !@config['image_created']
+            img_cfg = @config['create_image']
+            # Scrub things that don't belong on an AMI
+            session = getSSHSession
+            sudo = purgecmd = ""
+            sudo = "sudo" if @config['ssh_user'] != "root"
+            if windows?
+              purgecmd = "rm -rf /cygdrive/c/mu_installed_chef"
+            else
+              purgecmd = "rm -rf /opt/mu_installed_chef"
+            end
+            if img_cfg['image_then_destroy']
+              if windows?
+                purgecmd = "rm -rf /cygdrive/c/chef/ /home/#{@config['windows_admin_username']}/.ssh/authorized_keys /home/Administrator/.ssh/authorized_keys /cygdrive/c/mu-installer-ran-updates /cygdrive/c/mu_installed_chef"
+                # session.exec!("powershell -Command \"& {(Get-WmiObject -Class Win32_Product -Filter \"Name='UniversalForwarder'\").Uninstall()}\"")
+              else
+                purgecmd = "#{sudo} rm -rf /root/.ssh/authorized_keys /etc/ssh/ssh_host_*key* /etc/chef /etc/opscode/* /.mu-installer-ran-updates /var/chef /opt/mu_installed_chef /opt/chef ; #{sudo} sed -i 's/^HOSTNAME=.*//' /etc/sysconfig/network"
+              end
+            end
+            session.exec!(purgecmd)
+            session.close
+            stop
+            image_id = MU::Cloud::Google::Server.createImage(
+                name: MU::Cloud::Google.nameStr(@mu_name),
+                instance_id: @cloud_id,
+                region: @config['region'],
+                storage: @config['storage'],
+                family: ("mu-"+@config['platform']+"-"+MU.environment).downcase,
+                project: @config['project'],
+                exclude_storage: img_cfg['image_exclude_storage'],
+                make_public: img_cfg['public'],
+                tags: @config['tags'],
+                zone: @config['availability_zone']
+            )
+            @deploy.notify("images", @config['name'], {"image_id" => image_id})
+            @config['image_created'] = true
+            if img_cfg['image_then_destroy']
+              MU.log "Image #{image_id} ready, removing source node #{node}"
+              MU::Cloud::Google.compute.delete_instance(
+                @config['project'],
+                @config['availability_zone'],
+                @cloud_id
+              )
+              destroy
+            else
+              start
+            end
+          end
+          MU::MommaCat.unlock(@cloud_id+"-groom")
+        end
+        # Create an image out of a running server. Requires either the name of a MU resource in the current deployment, or the cloud provider id of a running instance.
+        # @param name [String]: The MU resource name of the server to use as the basis for this image.
+        # @param instance_id [String]: The cloud provider resource identifier of the server to use as the basis for this image.
+        # @param storage [Hash]: The storage devices to include in this image.
+        # @param exclude_storage [Boolean]: Do not include the storage device profile of the running instance when creating this image.
+        # @param region [String]: The cloud provider region
+        # @param tags [Array<String>]: Extra/override tags to apply to the image.
+        # @return [String]: The cloud provider identifier of the new machine image.
+        def self.createImage(name: nil, instance_id: nil, storage: {}, exclude_storage: false, project: MU::Cloud::Google.defaultProject, make_public: false, tags: [], region: nil, family: "mu", zone: MU::Cloud::Google.listAZs.sample)
+          instance = MU::Cloud::Server.find(cloud_id: instance_id, region: region)
+          if instance.nil?
+            raise MuError, "Failed to find instance '#{instance_id}' in createImage"
+          end
+          labels = {}
+          MU::MommaCat.listStandardTags.each_pair { |key, value|
+            if !value.nil?
+              labels[key.downcase] = value.downcase.gsub(/[^a-z0-9\-\_]/i, "_")
+            end
+          }
+          bootdisk = nil
+          threads = []
+          parent_thread_id = Thread.current.object_id
+          instance[instance_id].disks.each { |disk|
+            threads << Thread.new {
+              Thread.abort_on_exception = false
+              MU.dupGlobals(parent_thread_id)
+              if disk.boot
+                bootdisk = disk.source
+              else
+                snapobj = MU::Cloud::Google.compute(:Snapshot).new(
+                  name: name+"-"+disk.device_name,
+                  description: "Mu image created from #{name} (#{disk.device_name})"
+                )
+                diskname = disk.source.gsub(/.*?\//, "")
+                MU.log "Creating snapshot of #{diskname} in #{zone}", MU::NOTICE, details: snapobj
+                snap = MU::Cloud::Google.compute.create_disk_snapshot(
+                  project,
+                  zone,
+                  diskname,
+                  snapobj
+                )
+                MU::Cloud::Google.compute.set_snapshot_labels(
+                  project,
+                  snap.name,
+                  MU::Cloud::Google.compute(:GlobalSetLabelsRequest).new(
+                    label_fingerprint: snap.label_fingerprint,
+                    labels: labels.merge({
+                      "mu-device-name" => disk.device_name,
+                      "mu-parent-image" => name,
+                      "mu-orig-zone" => zone
+                    })
+                  )
+                )
+              end
+            }
+          }
+          threads.each do |t|
+            t.join
+          end
+          labels["name"] = instance_id.downcase
+          imageobj = MU::Cloud::Google.compute(:Image).new(
+            name: name,
+            source_disk: bootdisk,
+            description: "Mu image created from #{name}",
+            labels: labels,
+            family: family
+          )
+          newimage = MU::Cloud::Google.compute.insert_image(
+            project,
+            imageobj
+          )
+          newimage.name
+        end
+        def cloud_desc
+          max_retries = 5
+          retries = 0
+          if !@cloud_id.nil?
+            begin
+              return MU::Cloud::Google.compute.get_instance(
+                @config['project'],
+                @config['availability_zone'],
+                @cloud_id
+              )
+            rescue ::Google::Apis::ClientError => e
+              if e.message.match(/^notFound: /)
+                return nil
+              else
+                raise e
+              end
+            end
+          end
+          nil
+        end
+        def cloud_desc
+          MU::Cloud::Google::Server.find(cloud_id: @cloud_id).values.first
+        end
+        # Return the IP address that we, the Mu server, should be using to access
+        # this host via the network. Note that this does not factor in SSH
+        # bastion hosts that may be in the path, see getSSHConfig if that's what
+        # you need.
+        def canonicalIP
+          mu_name, config, deploydata = describe(cloud_id: @cloud_id)
+          if !cloud_desc
+            raise MuError, "Couldn't retrieve cloud descriptor for server #{self}"
+          end
+          private_ips = []
+          public_ips = []
+          cloud_desc.network_interfaces.each { |iface|
+            private_ips << iface.network_ip
+            if iface.access_configs
+              iface.access_configs.each { |acfg|
+                public_ips << acfg.nat_ip if acfg.nat_ip
+              }
+            end
+          }
+          # Our deploydata gets corrupted often with server pools, this will cause us to use the wrong IP to identify a node
+          # which will cause us to create certificates, DNS records and other artifacts with incorrect information which will cause our deploy to fail.
+          # The cloud_id is always correct so lets use 'cloud_desc' to get the correct IPs
+          if MU::Cloud::Google::VPC.haveRouteToInstance?(cloud_desc) or public_ips.size == 0
+            @config['canonical_ip'] = private_ips.first
+            return private_ips.first
+          else
+            @config['canonical_ip'] = public_ips.first
+            return public_ips.first
+          end
+        end
+        # Retrieves the Cloud provider's randomly generated Windows password
+        # Will only work on stock Amazon Windows AMIs or custom AMIs that where created with Administrator Password set to random in EC2Config
+        # return [String]: A password string.
+        def getWindowsAdminPassword
+        end
+        # Add a volume to this instance
+        # @param dev [String]: Device name to use when attaching to instance
+        # @param size [String]: Size (in gb) of the new volume
+        # @param type [String]: Cloud storage type of the volume, if applicable
+        def addVolume(dev, size, type: "pd-standard")
+          devname = dev.gsub(/.*?\/([^\/]+)$/, '\1')
+          resname = MU::Cloud::Google.nameStr(@mu_name+"-"+devname)
+          MU.log "Creating disk #{resname}"
+          description = @deploy ? @deploy.deploy_id : @mu_name+"-"+devname
+          newdiskobj = MU::Cloud::Google.compute(:Disk).new(
+            size_gb: size,
+            description: description,
+            zone: @config['availability_zone'],
+#            type: "projects/#{config['project']}/zones/#{config['availability_zone']}/diskTypes/pd-ssd",
+            type: "projects/#{@config['project']}/zones/#{@config['availability_zone']}/diskTypes/pd-standard",
+# Other values include pd-ssd and local-ssd
+            name: resname
+          )
+          begin
+            newdisk = MU::Cloud::Google.compute.insert_disk(
+              @config['project'],
+              @config['availability_zone'],
+              newdiskobj
+            )
+          rescue ::Google::Apis::ClientError => e
+            if e.message.match(/^alreadyExists: /)
+              MU.log "Disk #{resname} already exists, ignoring request to create", MU::WARN
+              return
+            else
+              raise e
+            end
+          end
+          attachobj = MU::Cloud::Google.compute(:AttachedDisk).new(
+            auto_delete: true,
+            device_name: devname,
+            source: newdisk.self_link,
+            type: "PERSISTENT"
+          )
+          attachment = MU::Cloud::Google.compute.attach_disk(
+            @config['project'],
+            @config['availability_zone'],
+            @cloud_id,
+            attachobj
+          )
+        end
+        # Determine whether the node in question exists at the Cloud provider
+        # layer.
+        # @return [Boolean]
+        def active?
+          true
+        end
+        # Remove all instances associated with the currently loaded deployment. Also cleans up associated volumes, droppings in the MU master's /etc/hosts and ~/.ssh, and in whatever Groomer was used.
+        # @param noop [Boolean]: If true, will only print what would be done
+        # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
+        # @param region [String]: The cloud provider region
+        # @return [void]
+        def self.cleanup(noop: false, ignoremaster: false, region: $MU_CFG['google']['region'], skipsnapshots: false, onlycloud: false, flags: {})
+          flags["project"] ||= MU::Cloud::Google.defaultProject
+# XXX make damn sure MU.deploy_id is set
+          MU::Cloud::Google.listAZs(region).each { |az|
+            disks = []
+            resp = MU::Cloud::Google.compute.list_instances(
+              flags["project"],
+              az,
+              filter: "description eq #{MU.deploy_id}"
+            )
+            if !resp.items.nil? and resp.items.size > 0
+              resp.items.each { |instance|
+                saname = instance.tags.items.first.gsub(/[^a-z]/, "") # XXX this nonsense again
+                MU.log "Terminating instance #{instance.name}"
+                if !instance.disks.nil? and instance.disks.size > 0
+                  instance.disks.each { |disk|
+                    disks << disk if !disk.auto_delete
+                  }
+                end
+                deletia = MU::Cloud::Google.compute.delete_instance(
+                  flags["project"],
+                  az,
+                  instance.name
+                ) if !noop
+                MU.log "Removing service account #{saname}"
+                begin
+                  MU::Cloud::Google.iam.delete_project_service_account(
+                    "projects/#{flags["project"]}/serviceAccounts/#{saname}@#{flags["project"]}.iam.gserviceaccount.com"
+                  ) if !noop
+                rescue ::Google::Apis::ClientError => e
+                  raise e if !e.message.match(/^notFound: /)
+                end
+# XXX wait-loop on pending?
+#                pp deletia
+              }
+            end
+            if disks.size > 0
+# XXX make sure we don't miss anything that got created with dumb flags
+            end
+# XXX honor snapshotting
+            MU::Cloud::Google.compute.delete(
+              "disk",
+              flags["project"],
+              az,
+              noop
+            ) if !noop
+          }
+        end
+        # Cloud-specific configuration properties.
+        # @param config [MU::Config]: The calling MU::Config object
+        # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
+        def self.schema(config)
+          toplevel_required = []
+          schema = {
+            "image_id" => {
+              "type" => "string",
+              "description" => "The Google Cloud Platform Image on which to base this instance. Will use the default appropriate for the platform, if not specified."
+            },
+            "routes" => {
+              "type" => "array",
+              "items" => MU::Config::VPC.routeschema
+            }
+          }
+          [toplevel_required, schema]
+        end
+        # Confirm that the given instance size is valid for the given region.
+        # If someone accidentally specified an equivalent size from some other cloud provider, return something that makes sense. If nothing makes sense, return nil.
+        # @param size [String]: Instance type to check
+        # @param region [String]: Region to check against
+        # @return [String,nil]
+        def self.validateInstanceType(size, region)
+          types = (MU::Cloud::Google.listInstanceTypes(region))[region]
+          if types and (size.nil? or !types.has_key?(size))
+            # See if it's a type we can approximate from one of the other clouds
+            atypes = (MU::Cloud::AWS.listInstanceTypes)[MU::Cloud::AWS.myRegion]
+            foundmatch = false
+            if atypes and atypes.size > 0 and atypes.has_key?(size)
+              vcpu = atypes[size]["vcpu"]
+              mem = atypes[size]["memory"]
+              ecu = atypes[size]["ecu"]
+              types.keys.sort.reverse.each { |type|
+                features = types[type]
+                next if ecu == "Variable" and ecu != features["ecu"]
+                next if features["vcpu"] != vcpu
+                if (features["memory"] - mem.to_f).abs < 0.10*mem
+                  foundmatch = true
+                  MU.log "You specified an Amazon instance type '#{size}.' Approximating with Google Compute type '#{type}.'", MU::WARN
+                  size = type
+                  break
+                end
+              }
+            end
+            if !foundmatch
+              MU.log "Invalid size '#{size}' for Google Compute instance in #{region}. Supported types:", MU::ERR, details: types.keys.sort.join(", ")
+              return nil
+            end
+          end
+          size
+        end
+        # Cloud-specific pre-processing of {MU::Config::BasketofKittens::servers}, bare and unvalidated.
+        # @param server [Hash]: The resource to process and validate
+        # @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
+        # @return [Boolean]: True if validation succeeded, False otherwise
+        def self.validateConfig(server, configurator)
+          ok = true
+          server['size'] = validateInstanceType(server["size"], server["region"])
+          ok = false if server['size'].nil?
+          # If we're not targeting an availability zone, pick one randomly
+          if !server['availability_zone']
+            server['availability_zone'] = MU::Cloud::Google.listAZs(server['region']).sample
+          end
+          subnets = nil
+          if !server['vpc']
+            vpcs = MU::Cloud::Google::VPC.find
+            if vpcs["default"]
+              server["vpc"] ||= {}
+              server["vpc"]["vpc_id"] = vpcs["default"].self_link
+              subnets = vpcs["default"].subnetworks
+              MU.log "No VPC specified for Server #{server['name']}, using default VPC for project #{server['project']}", MU::NOTICE
+            else
+              ok = false
+              MU.log "You must specify a target VPC when creating a Server", MU::ERR
+            end
+          end
+          if !server['vpc']['subnet_id'] and server['vpc']['subnet_name'].nil?
+            if !subnets
+              if server["vpc"]["vpc_id"]
+                vpcs = MU::Cloud::Google::VPC.find(cloud_id: server["vpc"]["vpc_id"])
+                subnets = vpcs["default"].subnetworks.sample
+              end
+            end
+            if subnets
+              server['vpc']['subnet_id'] = subnets.delete_if { |subnet|
+                !subnet.match(/regions\/#{Regexp.quote(server['region'])}\/subnetworks/)
+              }.sample
+            end
+            if server['vpc']['subnet_id'].nil?
+              ok = false
+              MU.log "Failed to identify a subnet in my region (#{server['region']})", MU::ERR, details: server["vpc"]["vpc_id"]
+            end
+          end
+          if server['image_id'].nil?
+            if MU::Config.google_images.has_key?(server['platform'])
+              server['image_id'] = configurator.getTail("server"+server['name']+"Image", value: MU::Config.google_images[server['platform']], prettyname: "server"+server['name']+"Image", cloudtype: "Google::::Apis::ComputeBeta::Image")
+            else
+              MU.log "No image specified for #{server['name']} and no default available for platform #{server['platform']}", MU::ERR, details: server
+              ok = false
+            end
+          end
+          real_image = nil
+          begin
+            real_image = MU::Cloud::Google::Server.fetchImage(server['image_id'].to_s)
+          rescue ::Google::Apis::ClientError => e
+            MU.log e.inspect, MU::WARN
+          end
+          if real_image.nil?
+            MU.log "Image #{server['image_id']} for server #{server['name']} does not appear to exist", MU::ERR
+            ok = false
+          else
+            server['image_id'] = real_image.self_link
+            server['image_id'].match(/projects\/([^\/]+)\/.*?\/([^\/]+)$/)
+            img_project = Regexp.last_match[1]
+            img_name = Regexp.last_match[2]
+            begin
+              snaps = MU::Cloud::Google.compute.list_snapshots(
+                img_project,
+                filter: "name eq #{img_name}-.*"
+              )
+              server['storage'] ||= []
+              used_devs = server['storage'].map { |disk| disk['device'].gsub(/.*?\//, "") }
+              snaps.items.each { |snap|
+                next if !snap.labels.is_a?(Hash) or !snap.labels["mu-device-name"] or snap.labels["mu-parent-image"] != img_name
+                devname = snap.labels["mu-device-name"]
+                if used_devs.include?(devname)
+                  MU.log "Device name #{devname} already declared in server #{server['name']} (snapshot #{snap.name} wants the name)", MU::ERR
+                  ok = false
+                end
+                server['storage'] << {
+                  "snapshot_id" => snap.self_link,
+                  "size" => snap.disk_size_gb,
+                  "delete_on_termination" => true,
+                  "device" => devname
+                }
+                used_devs << devname
+              }
+            rescue ::Google::Apis::ClientError => e
+              # it's ok, sometimes we don't have permission to list snapshots
+              # in other peoples' projects
+              raise e if !e.message.match(/^forbidden: /)
+            end
+          end
+          ok
+        end
+        private
+      end #class
+    end #class
+  end
+end #module