cloud-mu 2.0.0.pre.alpha7 → 2.0.0.pre.alpha8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/cloud-mu.gemspec +2 -2
- data/cookbooks/awscli/recipes/default.rb +3 -3
- data/cookbooks/mu-activedirectory/attributes/default.rb +2 -2
- data/cookbooks/mu-activedirectory/libraries/helper.rb +2 -2
- data/cookbooks/mu-activedirectory/providers/domain.rb +0 -4
- data/cookbooks/mu-activedirectory/providers/domain_controller.rb +2 -6
- data/cookbooks/mu-activedirectory/providers/domain_node.rb +1 -1
- data/cookbooks/mu-activedirectory/recipes/domain-controller.rb +0 -2
- data/cookbooks/mu-activedirectory/recipes/domain.rb +0 -2
- data/cookbooks/mu-activedirectory/recipes/sssd.rb +6 -6
- data/cookbooks/mu-glusterfs/recipes/server.rb +3 -3
- data/cookbooks/mu-jenkins/recipes/default.rb +3 -3
- data/cookbooks/mu-master/recipes/389ds.rb +4 -4
- data/cookbooks/mu-master/recipes/default.rb +1 -1
- data/cookbooks/mu-master/recipes/init.rb +14 -14
- data/cookbooks/mu-master/recipes/ssl-certs.rb +2 -2
- data/cookbooks/mu-master/recipes/update_nagios_only.rb +2 -2
- data/cookbooks/mu-splunk/definitions/splunk_installer.rb +1 -1
- data/cookbooks/mu-splunk/libraries/splunk_app_provider.rb +1 -1
- data/cookbooks/mu-splunk/recipes/upgrade.rb +3 -3
- data/cookbooks/mu-tools/libraries/helper.rb +3 -4
- data/cookbooks/mu-tools/recipes/add_admin_ssh_keys.rb +1 -1
- data/cookbooks/mu-tools/recipes/apply_security.rb +4 -4
- data/cookbooks/mu-tools/recipes/base_repositories.rb +1 -1
- data/cookbooks/mu-tools/recipes/cloudinit.rb +1 -1
- data/cookbooks/mu-tools/recipes/efs.rb +4 -4
- data/cookbooks/mu-tools/recipes/eks.rb +2 -2
- data/cookbooks/mu-tools/recipes/gcloud.rb +2 -2
- data/cookbooks/mu-tools/recipes/newclient.rb +1 -1
- data/cookbooks/mu-tools/recipes/python_pip.rb +1 -0
- data/cookbooks/mu-tools/recipes/rsyslog.rb +1 -1
- data/cookbooks/mu-tools/recipes/set_local_fw.rb +1 -1
- data/cookbooks/mu-tools/recipes/set_mu_hostname.rb +2 -2
- data/cookbooks/mu-tools/recipes/splunk-client.rb +2 -2
- data/cookbooks/mu-tools/recipes/updates.rb +1 -1
- data/cookbooks/mu-tools/recipes/windows-client.rb +2 -2
- data/cookbooks/mu-tools/resources/disk.rb +4 -4
- data/cookbooks/mu-tools/resources/mommacat_request.rb +1 -1
- data/cookbooks/mu-tools/resources/sshd_service.rb +1 -1
- data/cookbooks/mu-tools/resources/windows_users.rb +2 -2
- data/cookbooks/mu-utility/recipes/cleanup_image_helper.rb +2 -2
- data/cookbooks/mu-utility/recipes/php.rb +0 -5
- data/cookbooks/nagios/libraries/users_helper.rb +1 -1
- data/extras/ruby_rpm/muby.spec +4 -0
- data/modules/mu/clouds/aws.rb +8 -1
- data/modules/mu/clouds/azure.rb +3 -3
- data/modules/mu/config.rb +10 -7
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a9fc0e69f111f1e2db75ce8fba5b8365a3e25ffe0c1cb833b122437c8e44d5d1
|
4
|
+
data.tar.gz: d32f039a46986f2d9946e0dd125994d0c57bf1619697674791067e9160bc78df
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b4b370235cd758082a0e8d0963a8efdc17c1c741ec3a04a81f6c730de2d321ad4ac46fad7b650d15b5148cf6baab858e1d8ea318c8744103c04111bd7f20f41e
|
7
|
+
data.tar.gz: ce268250489a482ba77f9c17e993e29dc4126412b6b700d7299f40084afadc35b2bc966d5e7f13706e1db3ff897a7e83e891110c60d75112bd7c4dfd2ae167ee
|
data/cloud-mu.gemspec
CHANGED
@@ -17,8 +17,8 @@ end
|
|
17
17
|
|
18
18
|
Gem::Specification.new do |s|
|
19
19
|
s.name = 'cloud-mu'
|
20
|
-
s.version = '2.0.0-
|
21
|
-
s.date = '2019-02-
|
20
|
+
s.version = '2.0.0-alpha8'
|
21
|
+
s.date = '2019-02-14'
|
22
22
|
s.require_paths = ['modules']
|
23
23
|
s.required_ruby_version = '>= 2.4'
|
24
24
|
s.summary = "The eGTLabs Mu toolkit for unified cloud deployments"
|
@@ -13,7 +13,7 @@ case node['platform']
|
|
13
13
|
end
|
14
14
|
r = execute "install awscli" do
|
15
15
|
command cmd
|
16
|
-
not_if { ::File.
|
16
|
+
not_if { ::File.exist?(file) }
|
17
17
|
if node['awscli']['compile_time']
|
18
18
|
action :nothing
|
19
19
|
end
|
@@ -30,7 +30,7 @@ if node['awscli']['config_profiles']
|
|
30
30
|
owner 'root'
|
31
31
|
group 'root'
|
32
32
|
mode 00700
|
33
|
-
not_if { ::File.
|
33
|
+
not_if { ::File.exist?(::File.dirname(config_file)) }
|
34
34
|
if node['awscli']['compile_time']
|
35
35
|
action :nothing
|
36
36
|
end
|
@@ -44,7 +44,7 @@ if node['awscli']['config_profiles']
|
|
44
44
|
owner 'root'
|
45
45
|
group 'root'
|
46
46
|
source 'config.erb'
|
47
|
-
not_if { ::File.
|
47
|
+
not_if { ::File.exist?(config_file) }
|
48
48
|
if node['awscli']['compile_time']
|
49
49
|
action :nothing
|
50
50
|
end
|
@@ -28,7 +28,7 @@ default['ad']['homedir'] = "/home/%u"
|
|
28
28
|
default['ad']['sites'] = []
|
29
29
|
if !node['deployment']['vpcs'].empty?
|
30
30
|
vpc = node['deployment']['vpcs'][node['deployment']['vpcs'].keys.first]
|
31
|
-
vpc['subnets'].each_pair { |
|
31
|
+
vpc['subnets'].each_pair { |_name, data|
|
32
32
|
default['ad']['sites'] << {
|
33
33
|
:name => data['name'],
|
34
34
|
:ip_block => data['ip_block']
|
@@ -91,7 +91,7 @@ if node['ad']['dc_ips'].empty?
|
|
91
91
|
begin
|
92
92
|
default['ad']['dc_ips'] << resolver.getaddress(dc).to_s
|
93
93
|
rescue Resolv::ResolvError => e
|
94
|
-
Chef::Log.warn
|
94
|
+
Chef::Log.warn("Couldn't resolve domain controller #{dc}!")
|
95
95
|
end
|
96
96
|
end
|
97
97
|
} rescue NoMethodError
|
@@ -17,7 +17,7 @@ module Activedirectory
|
|
17
17
|
return cmd.stdout.match(/True/)
|
18
18
|
end
|
19
19
|
|
20
|
-
def
|
20
|
+
def domain_controller?(hostname)
|
21
21
|
# cmd = powershell_out("(Get-ADDomainController).name -eq '#{new_resource.computer_name}'")
|
22
22
|
cmd = powershell_out("(Get-ADDomainController).name -eq '#{hostname}'")
|
23
23
|
return cmd.stdout.match(/True/)
|
@@ -73,7 +73,7 @@ module Activedirectory
|
|
73
73
|
return cmd.stdout.match(/True/)
|
74
74
|
end
|
75
75
|
|
76
|
-
def
|
76
|
+
def schemamaster?(domain_name, hostname)
|
77
77
|
cmd = powershell_out("(Get-ADForest #{domain_name}).SchemaMaster -eq '#{hostname.downcase}.#{domain_name}'")
|
78
78
|
return cmd.stdout.match(/True/)
|
79
79
|
end
|
@@ -22,8 +22,6 @@ action :create do
|
|
22
22
|
create_domain
|
23
23
|
configure_network_interface
|
24
24
|
configure_domain
|
25
|
-
when platform_family?('rhel')
|
26
|
-
# To do: Do Active Directory on Linux
|
27
25
|
else
|
28
26
|
Chef::Log.info("Unsupported platform #{node['platform']}")
|
29
27
|
end
|
@@ -33,8 +31,6 @@ action :delete do
|
|
33
31
|
case node['platform']
|
34
32
|
when "windows"
|
35
33
|
delete_domain
|
36
|
-
when platform_family?('rhel')
|
37
|
-
# To do: Do Active Directory on Linux
|
38
34
|
else
|
39
35
|
Chef::Log.info("Unsupported platform #{node['platform']}")
|
40
36
|
end
|
@@ -25,8 +25,6 @@ action :add do
|
|
25
25
|
configure_network_interface
|
26
26
|
set_replication_static_ports
|
27
27
|
set_computer_name(admin_creds)
|
28
|
-
when platform_family?('rhel')
|
29
|
-
# To do: Do Active Directory on Linux
|
30
28
|
else
|
31
29
|
Chef::Log.info("Unsupported platform #{node['platform']}")
|
32
30
|
end
|
@@ -36,8 +34,6 @@ action :remove do
|
|
36
34
|
case node['platform']
|
37
35
|
when "windows"
|
38
36
|
demote
|
39
|
-
when platform_family?('rhel')
|
40
|
-
# To do: Do Active Directory on Linux
|
41
37
|
else
|
42
38
|
Chef::Log.info("Unsupported platform #{node['platform']}")
|
43
39
|
end
|
@@ -48,7 +44,7 @@ end
|
|
48
44
|
# end
|
49
45
|
|
50
46
|
def promote
|
51
|
-
unless
|
47
|
+
unless domain_controller?(new_resource.computer_name)
|
52
48
|
Chef::Log.info("Promoting #{new_resource.computer_name} to domain controller in #{new_resource.dns_name} domain")
|
53
49
|
cmd = powershell_out("Stop-Process -ProcessName sshd -force -ErrorAction SilentlyContinue; Install-ADDSDomainController -InstallDns -DomainName #{new_resource.dns_name} -Credential #{admin_creds} -SafeModeAdministratorPassword (convertto-securestring '#{new_resource.restore_mode_password}' -asplaintext -force) -Force -Confirm:$false; Restart-Computer -Force")
|
54
50
|
kill_ssh
|
@@ -58,7 +54,7 @@ def promote
|
|
58
54
|
end
|
59
55
|
|
60
56
|
def demote
|
61
|
-
if
|
57
|
+
if domain_controller?(new_resource.computer_name)
|
62
58
|
Chef::Log.info("Demoting domain controller #{new_resource.computer_name} in #{new_resource.dns_name} domain")
|
63
59
|
cmd = powershell_out("Stop-Process -ProcessName sshd -force -ErrorAction SilentlyContinue; Uninstall-WindowsFeature DNS; Uninstall-ADDSDomainController -Credential #{admin_creds} -LocalAdministratorPassword (convertto-securestring '#{new_resource.domain_admin_password}' -asplaintext -force) -Force -Confirm:$false; Restart-Computer -Force")
|
64
60
|
kill_ssh
|
@@ -220,7 +220,7 @@ def create_pam_winbind_directories
|
|
220
220
|
owner "root"
|
221
221
|
group "root"
|
222
222
|
mode 0755
|
223
|
-
not_if { ::File.
|
223
|
+
not_if { ::File.exist?("/home/#{new_resource.dns_name}") or ::File.symlink?("/home/#{new_resource.dns_name}")}
|
224
224
|
end
|
225
225
|
|
226
226
|
%w[/run /run/samba /run/samba/winbindd].each { |path|
|
@@ -24,8 +24,6 @@ case node['platform']
|
|
24
24
|
else
|
25
25
|
Chef::Log.info "Requires Windows Server 2012 or 2012R2, current version is #{version})"
|
26
26
|
end
|
27
|
-
when platform_family?('rhel')
|
28
|
-
# To do: Active Directory on Linux
|
29
27
|
else
|
30
28
|
Chef::Log.info("Unsupported platform #{node['platform']}")
|
31
29
|
end
|
@@ -23,8 +23,6 @@ case node['platform']
|
|
23
23
|
else
|
24
24
|
Chef::Log.info "Requires Windows Server 2012 or 2012R2, current version is #{version})"
|
25
25
|
end
|
26
|
-
when platform_family?('rhel')
|
27
|
-
# To do: Active Directory on Linux
|
28
26
|
else
|
29
27
|
Chef::Log.info("Unsupported platform #{node['platform']}")
|
30
28
|
end
|
@@ -25,7 +25,7 @@ case node['platform_family']
|
|
25
25
|
rescue Chef::Exceptions::ResourceNotFound
|
26
26
|
service svc do
|
27
27
|
action [:enable, :start]
|
28
|
-
only_if { ::File.
|
28
|
+
only_if { ::File.exist?("/etc/init.d/#{svc}") }
|
29
29
|
end
|
30
30
|
end
|
31
31
|
}
|
@@ -34,7 +34,7 @@ case node['platform_family']
|
|
34
34
|
resources('service[network]')
|
35
35
|
rescue Chef::Exceptions::ResourceNotFound
|
36
36
|
service "network" do
|
37
|
-
only_if { ::File.
|
37
|
+
only_if { ::File.exist?("/etc/init.d/network") }
|
38
38
|
end
|
39
39
|
end
|
40
40
|
|
@@ -93,7 +93,7 @@ case node['platform_family']
|
|
93
93
|
|
94
94
|
# execute "git clone git://anongit.freedesktop.org/realmd/adcli" do
|
95
95
|
# cwd "/root"
|
96
|
-
# not_if { ::Dir.
|
96
|
+
# not_if { ::Dir.exist?("/root/adcli") }
|
97
97
|
# end
|
98
98
|
|
99
99
|
# execute "git fetch && git pull" do
|
@@ -110,7 +110,7 @@ case node['platform_family']
|
|
110
110
|
execute "compile adcli" do
|
111
111
|
cwd "/root/adcli"
|
112
112
|
command "./autogen.sh --disable-doc --prefix=/usr && make && make install"
|
113
|
-
not_if { ::File.
|
113
|
+
not_if { ::File.exist?("/usr/sbin/adcli") }
|
114
114
|
end
|
115
115
|
when 7
|
116
116
|
# Seems to work on CentOS7
|
@@ -131,7 +131,7 @@ case node['platform_family']
|
|
131
131
|
service "sssd" do
|
132
132
|
action :nothing
|
133
133
|
notifies :restart, "service[sshd]", :immediately
|
134
|
-
only_if { ::File.
|
134
|
+
only_if { ::File.exist?("/etc/krb5.keytab") }
|
135
135
|
end
|
136
136
|
directory "/etc/sssd"
|
137
137
|
template "/etc/sssd/sssd.conf" do
|
@@ -163,7 +163,7 @@ case node['platform_family']
|
|
163
163
|
# to your DCs. It seems to dumbly trust any reverse mapping it sees,
|
164
164
|
# whether or not the name matches the actual Kerberos tickets you et.
|
165
165
|
execute "Run ADCLI" do
|
166
|
-
not_if { ::File.
|
166
|
+
not_if { ::File.exist?("/etc/krb5.keytab") }
|
167
167
|
command "echo -n '#{domain_creds[node['ad']['join_auth']['password_field']]}' | /usr/sbin/adcli join #{node['ad']['domain_name']} --domain-realm=#{node['ad']['domain_name'].upcase} -U #{domain_creds[node['ad']['join_auth']['username_field']]} --stdin-password"
|
168
168
|
notifies :restart, "service[sssd]", :immediately
|
169
169
|
# sensitive true
|
@@ -58,7 +58,7 @@ case node['platform']
|
|
58
58
|
end
|
59
59
|
|
60
60
|
execute "mdadm --detail --scan >> /etc/mdadm.conf" do
|
61
|
-
not_if { File.
|
61
|
+
not_if { File.exist?("/etc/mdadm.conf") }
|
62
62
|
end
|
63
63
|
|
64
64
|
execute "mkfs -t xfs -i size=512 #{node['glusterfs']['server']['raid_dev']}" do
|
@@ -131,7 +131,7 @@ case node['platform']
|
|
131
131
|
|
132
132
|
if i_am_master
|
133
133
|
ips = []
|
134
|
-
node['deployment']['servers'][$nodeclass].each_pair do |
|
134
|
+
node['deployment']['servers'][$nodeclass].each_pair do |_name, data|
|
135
135
|
next if data['private_ip_address'].nil? or data['private_ip_address'].empty?
|
136
136
|
execute "gluster peer probe #{data['private_ip_address']}" do
|
137
137
|
not_if { data['private_ip_address'] == node['ipaddress'] }
|
@@ -188,7 +188,7 @@ case node['platform']
|
|
188
188
|
# end
|
189
189
|
end
|
190
190
|
else
|
191
|
-
node['deployment']['servers'][$nodeclass].each_pair do |
|
191
|
+
node['deployment']['servers'][$nodeclass].each_pair do |_name, data|
|
192
192
|
execute "gluster peer probe #{data['private_ip_address']}" do
|
193
193
|
not_if { data['private_ip_address'] == node['ipaddress'] }
|
194
194
|
end
|
@@ -83,14 +83,14 @@ end
|
|
83
83
|
|
84
84
|
|
85
85
|
node['jenkins_plugins'].each { |plugin|
|
86
|
-
# if !::File.
|
86
|
+
# if !::File.exist?("#{node['jenkins']['master']['home']}/plugins/#{plugin}.jpi")
|
87
87
|
# restart_jenkins = true
|
88
88
|
# end
|
89
89
|
# XXX this runs as the 'jenkins' user, yet download the files as 0600/root
|
90
90
|
jenkins_plugin plugin
|
91
91
|
# do
|
92
92
|
# notifies :restart, 'service[jenkins]', :delayed
|
93
|
-
#not_if { ::File.
|
93
|
+
#not_if { ::File.exist?("#{node['jenkins']['master']['home']}/plugins/#{plugin}.jpi") }
|
94
94
|
# end
|
95
95
|
}
|
96
96
|
|
@@ -131,7 +131,7 @@ uidsearch = "sAMAccountName={0}" if $MU_CFG['ldap']['type'] == "Active Directory
|
|
131
131
|
membersearch = "(| (member={0}) (uniqueMember={0}) (memberUid={1}))"
|
132
132
|
membersearch = "memberUid={0}" if $MU_CFG['ldap']['type'] == "389 Directory Services"
|
133
133
|
bind_creds = chef_vault_item($MU_CFG['ldap']['bind_creds']['vault'], $MU_CFG['ldap']['bind_creds']['item'])
|
134
|
-
jenkins_admins = ::MU::Master.listUsers.delete_if { |
|
134
|
+
jenkins_admins = ::MU::Master.listUsers.delete_if { |_u, data| !data['admin'] }.keys
|
135
135
|
#jenkins_regular = ::MU::Master.listUsers.delete_if { |u, data| data['admin'] or u == "jenkins" }.keys
|
136
136
|
regular_user_perms = ["Item.BUILD", "Item.CREATE", "Item.DISCOVER", "Item.READ"]
|
137
137
|
jenkins_script 'configure_jenkins_auth' do
|
@@ -50,7 +50,7 @@ directory "/root/389ds.tmp" do
|
|
50
50
|
recursive true
|
51
51
|
mode 0700
|
52
52
|
end
|
53
|
-
$CREDS.each_pair { |creds,
|
53
|
+
$CREDS.each_pair { |creds, _cfg|
|
54
54
|
user = pw = data = nil
|
55
55
|
if $MU_CFG["ldap"].has_key?(creds)
|
56
56
|
data = chef_vault_item($MU_CFG['ldap'][creds]['vault'], $MU_CFG['ldap'][creds]['item'])
|
@@ -73,7 +73,7 @@ end
|
|
73
73
|
|
74
74
|
# %x{/usr/sbin/setenforce 0}
|
75
75
|
execute "initialize 389 Directory Services" do
|
76
|
-
command "/usr/sbin/setup-ds-admin.pl -s -f /root/389ds.tmp/389-directory-setup.inf --continue --debug #{Dir.
|
76
|
+
command "/usr/sbin/setup-ds-admin.pl -s -f /root/389ds.tmp/389-directory-setup.inf --continue --debug #{Dir.exist?("/etc/dirsrv/slapd-#{$MU_CFG["hostname"]}") ? "--update" : ""}"
|
77
77
|
action :nothing
|
78
78
|
end
|
79
79
|
|
@@ -84,7 +84,7 @@ template "/root/389ds.tmp/389-directory-setup.inf"do
|
|
84
84
|
:domain => $MU_CFG["ldap"]["domain_name"],
|
85
85
|
:domain_dn => $MU_CFG["ldap"]["domain_name"].split(/\./).map{ |x| "DC=#{x}" }.join(","),
|
86
86
|
:creds => $CREDS
|
87
|
-
not_if { ::Dir.
|
87
|
+
not_if { ::Dir.exist?("/etc/dirsrv/slapd-#{$MU_CFG["hostname"]}") }
|
88
88
|
notifies :run, "execute[initialize 389 Directory Services]", :immediately
|
89
89
|
end
|
90
90
|
|
@@ -131,7 +131,7 @@ ruby_block "import SSL certificates for 389ds" do
|
|
131
131
|
certimportcmd = "/usr/bin/pk12util -i /opt/mu/var/ssl/ldap.p12 -d /etc/dirsrv/slapd-#{$MU_CFG["hostname"]} -w /root/389ds.tmp/blank -W \"\""
|
132
132
|
require 'pty'
|
133
133
|
require 'expect'
|
134
|
-
PTY.spawn(certimportcmd) { |r, w,
|
134
|
+
PTY.spawn(certimportcmd) { |r, w, _pid|
|
135
135
|
begin
|
136
136
|
r.expect("Enter new password:") do
|
137
137
|
w.puts
|
@@ -55,7 +55,7 @@ if !node['update_nagios_only']
|
|
55
55
|
|
56
56
|
include_recipe 'chef-vault'
|
57
57
|
if $MU_CFG.has_key?('ldap')
|
58
|
-
if $MU_CFG['ldap']['type'] == "389 Directory Services" and Dir.
|
58
|
+
if $MU_CFG['ldap']['type'] == "389 Directory Services" and Dir.exist?("/etc/dirsrv/slapd-#{$MU_CFG['hostname']}")
|
59
59
|
include_recipe 'mu-master::sssd'
|
60
60
|
elsif $MU_CFG['ldap']['type'] == "Active Directory"
|
61
61
|
node.normal['ad'] = {}
|
@@ -40,7 +40,7 @@ CHEF_CLIENT_VERSION="14.4.56"
|
|
40
40
|
KNIFE_WINDOWS="1.9.0"
|
41
41
|
MU_BASE="/opt/mu"
|
42
42
|
MU_BRANCH="Azure_you_want_azure" # GIT HOOK EDITABLE DO NOT TOUCH
|
43
|
-
realbranch=`cd #{MU_BASE}/lib && git rev-parse --abbrev-ref HEAD`
|
43
|
+
realbranch=`cd #{MU_BASE}/lib && git rev-parse --abbrev-ref HEAD` # ~FC048
|
44
44
|
|
45
45
|
if ENV.key?('MU_BRANCH')
|
46
46
|
MU_BRANCH = ENV['MU_BRANCH']
|
@@ -87,16 +87,16 @@ end
|
|
87
87
|
# owner "opscode-pgsql"
|
88
88
|
# group "opscode-pgsql"
|
89
89
|
# action :nothing
|
90
|
-
# only_if { !::File.
|
91
|
-
# only_if { ::File.
|
90
|
+
# only_if { !::File.exist?("/tmp/.s.PGSQL.5432") }
|
91
|
+
# only_if { ::File.exist?("/var/run/postgresql/.s.PGSQL.5432") }
|
92
92
|
#end
|
93
93
|
link "/var/run/postgresql/.s.PGSQL.5432" do
|
94
94
|
to "/tmp/.s.PGSQL.5432"
|
95
95
|
# owner "opscode-pgsql"
|
96
96
|
# group "opscode-pgsql"
|
97
97
|
notifies :create, "directory[/var/run/postgresql]", :before
|
98
|
-
only_if { !::File.
|
99
|
-
# only_if { ::File.
|
98
|
+
only_if { !::File.exist?("/var/run/postgresql/.s.PGSQL.5432") }
|
99
|
+
# only_if { ::File.exist?("/tmp/.s.PGSQL.5432") }
|
100
100
|
end
|
101
101
|
execute "Chef Server rabbitmq workaround" do
|
102
102
|
# This assumes we get clean stop, which *should* be the case if we execute
|
@@ -120,7 +120,7 @@ file "use a clean /etc/hosts during install" do
|
|
120
120
|
"
|
121
121
|
notifies :create, "remote_file[back up /etc/hosts]", :before
|
122
122
|
only_if { RUNNING_STANDALONE }
|
123
|
-
not_if { ::Dir.
|
123
|
+
not_if { ::Dir.exist?("#{MU_BASE}/lib/.git") }
|
124
124
|
end
|
125
125
|
|
126
126
|
execute "reconfigure Chef server" do
|
@@ -219,7 +219,7 @@ git "#{MU_BASE}/lib" do
|
|
219
219
|
revision MU_BRANCH
|
220
220
|
checkout_branch MU_BRANCH
|
221
221
|
enable_checkout false
|
222
|
-
not_if { ::Dir.
|
222
|
+
not_if { ::Dir.exist?("#{MU_BASE}/lib/.git") }
|
223
223
|
notifies :run, "bash[set git default branch to #{MU_BRANCH}]", :immediately
|
224
224
|
end
|
225
225
|
|
@@ -275,7 +275,7 @@ end
|
|
275
275
|
# REMOVE OLD RUBYs
|
276
276
|
execute "clean up old Ruby 2.1.6" do
|
277
277
|
command "rm -rf /opt/rubies/ruby-2.1.6"
|
278
|
-
only_if { ::Dir.
|
278
|
+
only_if { ::Dir.exist?("/opt/rubies/ruby-2.1.6") }
|
279
279
|
end
|
280
280
|
|
281
281
|
yum_package 'ruby23-2.3.1-1.el7.centos.x86_64' do
|
@@ -284,12 +284,12 @@ end
|
|
284
284
|
|
285
285
|
execute "Kill ruby-2.3.1" do
|
286
286
|
command "yum erase ruby23-2.3.1-1.el7.centos.x86_64 -y"
|
287
|
-
only_if { ::Dir.
|
287
|
+
only_if { ::Dir.exist?("/opt/rubies/ruby-2.3.1") }
|
288
288
|
end
|
289
289
|
|
290
290
|
execute "clean up old ruby-2.3.1" do
|
291
291
|
command "rm -rf /opt/rubies/ruby-2.3.1"
|
292
|
-
only_if { ::Dir.
|
292
|
+
only_if { ::Dir.exist?("/opt/rubies/ruby-2.3.1") }
|
293
293
|
end
|
294
294
|
|
295
295
|
# Regular old rpm-based installs
|
@@ -406,8 +406,8 @@ end
|
|
406
406
|
package_name "knife-windows"
|
407
407
|
version Regexp.last_match[1]
|
408
408
|
action :remove
|
409
|
-
only_if { ::Dir.
|
410
|
-
only_if { ::Dir.
|
409
|
+
only_if { ::Dir.exist?(dir) }
|
410
|
+
only_if { ::Dir.exist?(gemdir) }
|
411
411
|
end
|
412
412
|
execute "rm -rf #{gemdir}/knife-windows-#{Regexp.last_match[1]}"
|
413
413
|
}
|
@@ -426,7 +426,7 @@ end
|
|
426
426
|
# command "patch -p1 < #{MU_BASE}/lib/install/knife-windows-cygwin-#{KNIFE_WINDOWS}.patch"
|
427
427
|
# not_if "grep -i 'locate_config_value(:cygwin)' #{gemdir}/knife-windows-#{KNIFE_WINDOWS}/lib/chef/knife/bootstrap_windows_base.rb"
|
428
428
|
# notifies :restart, "service[chef-server]", :delayed if rubydir == "/opt/opscode/embedded"
|
429
|
-
# only_if { ::Dir.
|
429
|
+
# only_if { ::Dir.exist?(gemdir) }
|
430
430
|
# XXX notify mommacat if we're *not* in chef-apply... RUNNING_STANDALONE
|
431
431
|
# end
|
432
432
|
end
|
@@ -504,7 +504,7 @@ bash "add localhost ssh to authorized_keys and config" do
|
|
504
504
|
end
|
505
505
|
execute "ssh-keygen -N '' -f #{ROOT_SSH_DIR}/id_rsa" do
|
506
506
|
umask 0177
|
507
|
-
not_if { ::File.
|
507
|
+
not_if { ::File.exist?("#{ROOT_SSH_DIR}/id_rsa") }
|
508
508
|
notifies :run, "bash[add localhost ssh to authorized_keys and config]", :immediately
|
509
509
|
end
|
510
510
|
file "/etc/chef/client.pem" do
|
@@ -25,7 +25,7 @@
|
|
25
25
|
include_recipe 'mu-master::firewall-holes'
|
26
26
|
service_certs = ["rsyslog", "mommacat", "ldap", "consul", "vault"]
|
27
27
|
|
28
|
-
directory
|
28
|
+
directory $MU_CFG['datadir']
|
29
29
|
directory "#{$MU_CFG['datadir']}/ssl"
|
30
30
|
template "#{$MU_CFG['datadir']}/ssl/openssl.cnf" do
|
31
31
|
source "openssl.cnf.erb"
|
@@ -41,7 +41,7 @@ end
|
|
41
41
|
execute "generate SSL CA key" do
|
42
42
|
command "openssl genrsa -out Mu_CA.key 4096"
|
43
43
|
cwd "#{$MU_CFG['datadir']}/ssl"
|
44
|
-
not_if { ::File.
|
44
|
+
not_if { ::File.exist?("#{$MU_CFG['datadir']}/ssl/Mu_CA.key") }
|
45
45
|
notifies :delete, "file[#{$MU_CFG['datadir']}/ssl/CA-command.txt]", :immediately
|
46
46
|
end
|
47
47
|
file "#{$MU_CFG['datadir']}/ssl/Mu_CA.key" do
|
@@ -102,7 +102,7 @@ nagios_policies.each { |policy|
|
|
102
102
|
|
103
103
|
# Workaround for minor Nagios (cookbook?) bug. It looks for this at the wrong
|
104
104
|
# URL at the moment, so copy it where it's actually looking.
|
105
|
-
if File.
|
105
|
+
if File.exist?("/usr/lib/cgi-bin/nagios/statusjson.cgi")
|
106
106
|
remote_file "/usr/lib/cgi-bin/statusjson.cgi" do
|
107
107
|
source "file:///usr/lib/cgi-bin/nagios/statusjson.cgi"
|
108
108
|
mode 0755
|
@@ -155,7 +155,7 @@ end
|
|
155
155
|
["/etc/nagios/conf.d/", "/etc/nagios/*.cfg", "/var/run/nagios.pid"].each { |dir|
|
156
156
|
execute "/sbin/restorecon -R #{dir}" do
|
157
157
|
not_if "ls -aZ #{dir} | grep ':nagios_etc_t:'"
|
158
|
-
only_if { ::File.
|
158
|
+
only_if { ::File.exist?(dir) }
|
159
159
|
end
|
160
160
|
}
|
161
161
|
|
@@ -75,7 +75,7 @@ define :splunk_installer, :url => nil do
|
|
75
75
|
begin
|
76
76
|
resources('package['+params[:name]+']')
|
77
77
|
rescue Chef::Exceptions::ResourceNotFound
|
78
|
-
package params[:name] do
|
78
|
+
package params[:name] do # ~FC109
|
79
79
|
source cached_package.gsub(/\.Z/, '')
|
80
80
|
notifies :create, "remote_file[#{cached_package}]", :before
|
81
81
|
notifies :delete, "file[#{cached_package} cleanup]", :immediately
|
@@ -24,7 +24,7 @@ include Chef::Mixin::ShellOut
|
|
24
24
|
class Chef
|
25
25
|
class Provider
|
26
26
|
class SplunkApp < Chef::Provider::LWRPBase
|
27
|
-
use_inline_resources if defined?(:use_inline_resources)
|
27
|
+
use_inline_resources if defined?(:use_inline_resources) # ~FC113
|
28
28
|
|
29
29
|
def whyrun_supported?
|
30
30
|
true
|
@@ -29,7 +29,7 @@ service 'splunk_stop' do
|
|
29
29
|
if node['platform_family'] != 'windows'
|
30
30
|
service_name 'splunk'
|
31
31
|
provider Chef::Provider::Service::Init
|
32
|
-
only_if { ::File.
|
32
|
+
only_if { ::File.exist?("/etc/init.d/splunk") }
|
33
33
|
else
|
34
34
|
service_name 'SplunkForwarder'
|
35
35
|
provider Chef::Provider::Service::Windows
|
@@ -40,7 +40,7 @@ service 'splunk_stop' do
|
|
40
40
|
start_command "c:/Windows/system32/sc.exe start SplunkForwarder"
|
41
41
|
stop_command "c:/Windows/system32/sc.exe stop SplunkForwarder"
|
42
42
|
pattern "splunkd.exe"
|
43
|
-
only_if { ::Dir.
|
43
|
+
only_if { ::Dir.exist?("c:/Program Files/SplunkUniversalForwarder") }
|
44
44
|
not_if { ::Dir.glob("c:/Program Files/SplunkUniversalForwarder/splunkforwarder-#{node['splunk']['preferred_version']}-*").size > 0 }
|
45
45
|
end
|
46
46
|
supports :status => true
|
@@ -61,7 +61,7 @@ if node['platform_family'] == 'windows'
|
|
61
61
|
}
|
62
62
|
EOH
|
63
63
|
not_if { ::Dir.glob("c:/Program Files/SplunkUniversalForwarder/splunkforwarder-#{node['splunk']['preferred_version']}-*").size > 0 }
|
64
|
-
only_if { ::Dir.
|
64
|
+
only_if { ::Dir.exist?("c:/Program Files/SplunkUniversalForwarder") }
|
65
65
|
end
|
66
66
|
end
|
67
67
|
|
@@ -157,7 +157,7 @@ module Mutools
|
|
157
157
|
end
|
158
158
|
|
159
159
|
def get_first_nameserver
|
160
|
-
if File.
|
160
|
+
if File.exist?("/etc/resolv.conf")
|
161
161
|
File.readlines("/etc/resolv.conf").each { |l|
|
162
162
|
l.chomp!
|
163
163
|
if l.match(/^nameserver (\d+\.\d+\.\d+\.\d+)$/)
|
@@ -190,9 +190,9 @@ module Mutools
|
|
190
190
|
elsif !get_google_metadata("instance/name").nil?
|
191
191
|
include_recipe "mu-tools::gcloud"
|
192
192
|
["/opt/google-cloud-sdk/bin/gsutil", "/bin/gsutil"].each { |gsutil|
|
193
|
-
next if !File.
|
193
|
+
next if !File.exist?(gsutil)
|
194
194
|
Chef::Log.info("Fetching deploy secret: #{gsutil} cp gs://#{bucket}/#{filename} -")
|
195
|
-
if File.
|
195
|
+
if File.exist?("/usr/bin/python2.7")
|
196
196
|
# secret = %x{CLOUDSDK_PYTHON=/usr/bin/python2.7 #{gsutil} cp gs://#{bucket}/#{filename} -}
|
197
197
|
secret = shell_out("CLOUDSDK_PYTHON=/usr/bin/python2.7 #{gsutil} cp gs://#{bucket}/#{filename} -").stdout.str
|
198
198
|
else
|
@@ -232,7 +232,6 @@ module Mutools
|
|
232
232
|
"mu_id" => mu_get_tag_value("MU-ID"),
|
233
233
|
"mu_resource_name" => node['service_name'],
|
234
234
|
"mu_instance_id" => get_aws_metadata("meta-data/instance-id") || get_google_metadata("name"),
|
235
|
-
"mu_resource_name" => node[:service_name],
|
236
235
|
"mu_resource_type" => res_type,
|
237
236
|
"mu_user" => node['deployment']['mu_user'] || node['deployment']['chef_user'],
|
238
237
|
"mu_deploy_secret" => secret,
|
@@ -24,7 +24,7 @@ if node['deployment']['admins']
|
|
24
24
|
end rescue NoMethodError
|
25
25
|
ssh_user = 'root' if ssh_user.nil?
|
26
26
|
ssh_dir = "#{Etc.getpwnam(ssh_user).dir}/.ssh"
|
27
|
-
node['deployment']['admins'].each_pair { |
|
27
|
+
node['deployment']['admins'].each_pair { |_name, admin|
|
28
28
|
if !admin['public-key'].nil?
|
29
29
|
execute "Add #{admin.name}'s ssh key to #{ssh_dir}/authorized_keys" do
|
30
30
|
not_if "grep '^#{admin['public-key']}$' #{ssh_dir}/authorized_keys"
|
@@ -75,7 +75,7 @@ if !node['application_attributes']['skip_recipes'].include?('apply_security')
|
|
75
75
|
aide --init
|
76
76
|
mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
|
77
77
|
EOH
|
78
|
-
not_if { File.
|
78
|
+
not_if { File.exist?("/var/lib/aide/aide.db.gz") }
|
79
79
|
end
|
80
80
|
cron "AIDE daily scan" do
|
81
81
|
action :create
|
@@ -83,7 +83,7 @@ if !node['application_attributes']['skip_recipes'].include?('apply_security')
|
|
83
83
|
hour "5"
|
84
84
|
user "root"
|
85
85
|
command "/usr/sbin/aide --check"
|
86
|
-
only_if { File.
|
86
|
+
only_if { File.exist?("/usr/sbin/aide") }
|
87
87
|
end
|
88
88
|
|
89
89
|
cookbook_file "/etc/security/limits.conf" do
|
@@ -338,7 +338,7 @@ if !node['application_attributes']['skip_recipes'].include?('apply_security')
|
|
338
338
|
|
339
339
|
Chef::Log.info("Value of login_disabled is #{node.normal.root_login_disabled}")
|
340
340
|
|
341
|
-
ruby_block "do a bunch of weird stuff" do
|
341
|
+
ruby_block "do a bunch of weird stuff" do # ~FC014
|
342
342
|
block do
|
343
343
|
cmd = Mixlib::ShellOut.new('chcon -Rv --type=user_home_t /home')
|
344
344
|
cmd.run_command
|
@@ -357,7 +357,7 @@ if !node['application_attributes']['skip_recipes'].include?('apply_security')
|
|
357
357
|
fe.search_file_replace_line(/^AllowUsers.*$/, valid_users)
|
358
358
|
fe.write_file
|
359
359
|
end
|
360
|
-
only_if { ::File.
|
360
|
+
only_if { ::File.exist?("/tmp/moveusers.tgz") }
|
361
361
|
end
|
362
362
|
|
363
363
|
execute "mount -oremount /dev/shm" do
|
@@ -19,7 +19,7 @@
|
|
19
19
|
|
20
20
|
if !node['application_attributes']['skip_recipes'].include?('base_repositories')
|
21
21
|
case node['platform_family']
|
22
|
-
when "rhel", "redhat"
|
22
|
+
when "rhel", "redhat" # ~FC024
|
23
23
|
# Workaround for EOL CentOS 5 repos
|
24
24
|
if node['platform'] != "amazon" and node['platform_version'].to_i == 5
|
25
25
|
cookbook_file "/etc/yum.repos.d/CentOS-Base.repo" do
|
@@ -51,7 +51,7 @@ if !node['application_attributes']['skip_recipes'].include?('epel') and !node['a
|
|
51
51
|
elsif platform_family?("debian")
|
52
52
|
package "cloud-init"
|
53
53
|
elsif platform_family?("windows")
|
54
|
-
Chef::Log.info
|
54
|
+
Chef::Log.info("Windows use ec2config, no cloud-init package is necessary")
|
55
55
|
else
|
56
56
|
Chef::Log.info("Unsupported platform #{node['platform']}")
|
57
57
|
end
|
@@ -24,14 +24,14 @@ if node['deployment'].has_key?('storage_pools')
|
|
24
24
|
case node['platform']
|
25
25
|
when 'ubuntu'
|
26
26
|
package "nfs-common"
|
27
|
-
when "rhel", "amazon", "centos"
|
27
|
+
when "rhel", "amazon", "centos" # ~FC024
|
28
28
|
package %w{nfs-utils nfs4-acl-tools}
|
29
29
|
end
|
30
30
|
|
31
31
|
instance_identity = JSON.parse(Net::HTTP.get(URI("http://169.254.169.254/latest/dynamic/instance-identity/document")))
|
32
32
|
|
33
|
-
node['deployment']['storage_pools'].each { |
|
34
|
-
pool['mount_targets'].each { |
|
33
|
+
node['deployment']['storage_pools'].each { |_name, pool|
|
34
|
+
pool['mount_targets'].each { |_name, target|
|
35
35
|
if target['availability_zone'] == instance_identity["availabilityZone"]
|
36
36
|
# Should also make it possible to choose a random endpoint if there isn't one for a specific AZ
|
37
37
|
|
@@ -48,7 +48,7 @@ if node['deployment'].has_key?('storage_pools')
|
|
48
48
|
endpoint = target['ip_address']
|
49
49
|
end
|
50
50
|
|
51
|
-
if node[
|
51
|
+
if node['platform_family'] == "rhel" and node['platform_version'].to_i < 6 and node['platform'] != "amazon"
|
52
52
|
service "portmap" do
|
53
53
|
action [:enable, :start]
|
54
54
|
end
|
@@ -26,7 +26,7 @@ if node['deployment'].has_key?('container_clusters')
|
|
26
26
|
endpoint = node['deployment']['container_clusters'][cluster_short_name]['endpoint']
|
27
27
|
# admin_role = node['deployment']['container_clusters'][cluster_short_name]['k8s_admin_role']
|
28
28
|
|
29
|
-
if platform_family?("rhel") and node[
|
29
|
+
if platform_family?("rhel") and node['platform_version'].to_i >= 7
|
30
30
|
execute "rpm --import https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg"
|
31
31
|
file "/etc/yum.repos.d/kubernetes.repo" do
|
32
32
|
content "[kubernetes]
|
@@ -66,7 +66,7 @@ EOH
|
|
66
66
|
package "kubelet"
|
67
67
|
package "kubectl"
|
68
68
|
else
|
69
|
-
Chef::Log.info("I don't know how to turn this #{node['platform']} AMI (#{node[
|
69
|
+
Chef::Log.info("I don't know how to turn this #{node['platform']} AMI (#{node['platform_version'].to_s}) into a Kubernetes worker, hopefully it's the official, pre-configured AMI")
|
70
70
|
end
|
71
71
|
|
72
72
|
service "docker" do
|
@@ -70,7 +70,7 @@ if platform_family?("rhel")
|
|
70
70
|
EOH
|
71
71
|
notifies :create, "remote_file[#{Chef::Config[:file_cache_path]}/gcloud-cli.sh]", :before
|
72
72
|
notifies :create, "remote_file[#{Chef::Config[:file_cache_path]}/gcloud-cli.tar.gz]", :before
|
73
|
-
not_if { ::File.
|
73
|
+
not_if { ::File.exist?("/opt/google-cloud-sdk/bin/gcloud") }
|
74
74
|
end
|
75
75
|
link "/etc/bash_completion.d/gcloud" do
|
76
76
|
to "/opt/google-cloud-sdk/completion.bash.inc"
|
@@ -91,7 +91,7 @@ elsif platform_family?("debian")
|
|
91
91
|
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
|
92
92
|
sudo apt-get update
|
93
93
|
EOH
|
94
|
-
not_if { ::File.
|
94
|
+
not_if { ::File.exist?("/etc/apt/sources.list.d/google-cloud-sdk.list") }
|
95
95
|
end
|
96
96
|
package "google-cloud-sdk"
|
97
97
|
else
|
@@ -17,7 +17,7 @@ if !node['application_attributes']['skip_recipes'].include?('newclient')
|
|
17
17
|
file Chef::Config[:validation_key] do
|
18
18
|
action :delete
|
19
19
|
backup false
|
20
|
-
only_if { ::File.
|
20
|
+
only_if { ::File.exist?(Chef::Config[:client_key]) }
|
21
21
|
end
|
22
22
|
end
|
23
23
|
end
|
@@ -23,7 +23,7 @@ if !node['application_attributes']['skip_recipes'].include?('rsyslog')
|
|
23
23
|
package "rsyslog-gnutls"
|
24
24
|
execute "chcon -R -h -t var_log_t /Mu_Logs" do
|
25
25
|
action :nothing
|
26
|
-
only_if { ::Dir.
|
26
|
+
only_if { ::Dir.exist?("/Mu_Logs") }
|
27
27
|
end
|
28
28
|
service "rsyslog" do
|
29
29
|
action [:enable, :start]
|
@@ -30,7 +30,7 @@ when platform_family?('rhel')
|
|
30
30
|
command "/bin/firewall-cmd --reload"
|
31
31
|
action :nothing
|
32
32
|
not_if "/bin/systemctl list-units | grep iptables.service"
|
33
|
-
only_if { ::File.
|
33
|
+
only_if { ::File.exist?("/bin/firewall-cmd") }
|
34
34
|
end
|
35
35
|
end
|
36
36
|
|
@@ -37,7 +37,7 @@ if !node['application_attributes']['skip_recipes'].include?('set_mu_hostname')
|
|
37
37
|
end
|
38
38
|
|
39
39
|
case node['platform']
|
40
|
-
when "rhel", "centos", "amazon"
|
40
|
+
when "rhel", "centos", "amazon" # ~FC024
|
41
41
|
template "/etc/sysconfig/network" do
|
42
42
|
source "etc_sysconfig_network.erb"
|
43
43
|
notifies :run, "execute[set hostname]", :immediately if elversion != 7
|
@@ -47,7 +47,7 @@ if !node['application_attributes']['skip_recipes'].include?('set_mu_hostname')
|
|
47
47
|
)
|
48
48
|
end
|
49
49
|
|
50
|
-
if elversion == 7 and File.
|
50
|
+
if elversion == 7 and File.exist?("/etc/cloud/cloud.cfg")
|
51
51
|
execute "sed -i '/ssh_pwauth/a preserve_hostname: true' /etc/cloud/cloud.cfg" do
|
52
52
|
not_if "grep 'preserve_hostname: true' /etc/cloud/cloud.cfg"
|
53
53
|
end
|
@@ -60,10 +60,10 @@ deploy_svr = splunk_servers.first
|
|
60
60
|
if !deploy_svr.nil?
|
61
61
|
execute 'Splunk client poll for deploy server' do
|
62
62
|
command "\"#{splunk_cmd}\" set deploy-poll #{deploy_svr['splunk']['receiver_ip']}:8089 -auth #{user}:#{pw}"
|
63
|
-
not_if { ::File.
|
63
|
+
not_if { ::File.exist?(deploy_guard) }
|
64
64
|
notifies :create, "file[#{deploy_guard}]", :immediately
|
65
65
|
notifies :restart, "service[splunk]", :delayed
|
66
66
|
end
|
67
67
|
else
|
68
|
-
Chef::Log.info
|
68
|
+
Chef::Log.info("Configured to run a Splunk client, but no Splunk servers were found.")
|
69
69
|
end
|
@@ -34,7 +34,7 @@ if !node['application_attributes']['skip_recipes'].include?('updates')
|
|
34
34
|
windows_zipfile dir do
|
35
35
|
source "#{Chef::Config[:file_cache_path]}/PSWindowsUpdate.zip"
|
36
36
|
action :unzip
|
37
|
-
not_if { File.
|
37
|
+
not_if { File.exist?("#{dir}/PSWindowsUpdate") }
|
38
38
|
end
|
39
39
|
}
|
40
40
|
|
@@ -35,13 +35,13 @@ if !node['application_attributes']['skip_recipes'].include?('windows-client')
|
|
35
35
|
# code <<-EOH
|
36
36
|
# Start-Process -wait -FilePath "#{Chef::Config[:file_cache_path]}/cygwin-x86_64.exe" -ArgumentList "-q -n -l #{Chef::Config[:file_cache_path]} -L -R c:/bin/cygwin -s http://mirror.cs.vt.edu/pub/cygwin/cygwin/ -P #{pkgs.join(",")}"
|
37
37
|
# EOH
|
38
|
-
# not_if { ::File.
|
38
|
+
# not_if { ::File.exist?("#{cygwindir}/Cygwin.bat") }
|
39
39
|
# end
|
40
40
|
|
41
41
|
# Be prepared to reinit installs that are missing key utilities
|
42
42
|
# file "#{cygwindir}/etc/setup/installed.db" do
|
43
43
|
# action :delete
|
44
|
-
# not_if { ::File.
|
44
|
+
# not_if { ::File.exist?("#{cygwindir}/bin/cygcheck.exe") }
|
45
45
|
# end
|
46
46
|
|
47
47
|
# pkgs.each { |pkg|
|
@@ -5,7 +5,7 @@ property :preserve_data, :kind_of => [TrueClass, FalseClass], :required => false
|
|
5
5
|
property :reboot_after_create, :kind_of => [TrueClass, FalseClass], :required => false, :default => false
|
6
6
|
property :size, Integer, default: 8
|
7
7
|
|
8
|
-
actions :create
|
8
|
+
actions :create # ~FC092
|
9
9
|
default_action :create
|
10
10
|
|
11
11
|
action :create do
|
@@ -24,7 +24,7 @@ action :create do
|
|
24
24
|
:dev => devicename,
|
25
25
|
:size => new_resource.size
|
26
26
|
)
|
27
|
-
not_if { ::File.
|
27
|
+
not_if { ::File.exist?(device) }
|
28
28
|
end
|
29
29
|
|
30
30
|
reboot "Rebooting after adding #{path}" do
|
@@ -45,7 +45,7 @@ action :create do
|
|
45
45
|
# also expunge files so we don't eat up a bunch of disk space quietly
|
46
46
|
# underneath our new mount
|
47
47
|
command "( cd #{path} && tar -cpf - . | su -c 'cd /mnt#{backupname}/ && tar -xpf -' ) && find #{path}/ -type f -exec rm -f {} \\;"
|
48
|
-
only_if { ::Dir.
|
48
|
+
only_if { ::Dir.exist?(path) and ::Dir.exist?("/mnt#{backupname}") }
|
49
49
|
action :nothing
|
50
50
|
end
|
51
51
|
|
@@ -71,7 +71,7 @@ action :create do
|
|
71
71
|
end
|
72
72
|
|
73
73
|
execute "/sbin/restorecon -R #{path}" do
|
74
|
-
only_if { ::File.
|
74
|
+
only_if { ::File.exist?("/sbin/restorecon") }
|
75
75
|
action :nothing
|
76
76
|
end
|
77
77
|
|
@@ -1,6 +1,6 @@
|
|
1
1
|
resource_name :sshd_service
|
2
2
|
|
3
|
-
property :name, String, name_property: true
|
3
|
+
property :name, String, name_property: true # ~FC108
|
4
4
|
property :username, String, required: true
|
5
5
|
property :password, String, required: true
|
6
6
|
property :service_username, String, required: true
|
@@ -19,7 +19,7 @@ action :config do
|
|
19
19
|
source "ntrights"
|
20
20
|
end
|
21
21
|
|
22
|
-
if
|
22
|
+
if domain_controller?(new_resource.computer_name)
|
23
23
|
[new_resource.username, new_resource.ssh_user, new_resource.ec2config_user].each { |user|
|
24
24
|
unless domain_user_exist?(user)
|
25
25
|
pwd =
|
@@ -69,7 +69,7 @@ action :config do
|
|
69
69
|
# Using WinRM here doesn't work for multiple reasons so instead we're going to run it only on the schemamaster which is hopefully still the first domain controller.
|
70
70
|
# Also need to chagne this to re-import the GPO even if the GPO exist. The SSH user that is running the service might change, and the GPO will have the old SID.
|
71
71
|
gpo_name = "ec2config-ssh-privileges"
|
72
|
-
if
|
72
|
+
if schemamaster?(new_resource.domain_name, new_resource.computer_name)
|
73
73
|
unless gpo_exist?(gpo_name)
|
74
74
|
["Machine\\microsoft\\windows nt\\SecEdit", "Machine\\Scripts\\Shutdown", "Machine\\Scripts\\Startup", "User"].each { |dir|
|
75
75
|
directory "#{Chef::Config[:file_cache_path]}\\gpo\\{24E13F41-7118-4FB6-AE8B-45D48AFD6AFE}\\DomainSysvol\\GPO\\#{dir}" do
|
@@ -66,9 +66,9 @@ case node['platform']
|
|
66
66
|
end
|
67
67
|
|
68
68
|
# XXX this breaks Chef mid-run
|
69
|
-
# if Dir.
|
69
|
+
# if Dir.exist?("C:\\chef")
|
70
70
|
# %w{client.rb first-boot.json client.pem validation.pem}.each { |file|
|
71
|
-
# if File.
|
71
|
+
# if File.exist?("C:\\chef\\#{file}")
|
72
72
|
# file "C:\\Users\\Administrator\\AppData\\Local\\Temp\\#{file}" do
|
73
73
|
# content IO.read("C:\\chef\\#{file}")
|
74
74
|
# end
|
@@ -17,12 +17,7 @@
|
|
17
17
|
# limitations under the License.
|
18
18
|
|
19
19
|
case node['platform']
|
20
|
-
|
21
|
-
when "centos"
|
22
|
-
|
23
|
-
|
24
20
|
when "ubuntu"
|
25
|
-
|
26
21
|
["php5", "php5-mysql", "libapache2-mod-php5", "php5-mysql", "php5-curl", "php5-gd", "php5-intl", "php-pear", "php5-imagick", "php5-imap", "php5-mcrypt", "php5-memcache", "php5-ming", "php5-ps", "php5-pspell", "php5-recode", "php5-snmp", "php5-sqlite", "php5-tidy", "php5-xmlrpc", "php5-xsl", "php5-fpm"].each { |pkg|
|
27
22
|
package pkg
|
28
23
|
}
|
@@ -37,7 +37,7 @@ class NagiosUsers
|
|
37
37
|
|
38
38
|
def load_encrypted_databag(user_databag)
|
39
39
|
Chef::DataBag.load(user_databag).each do |u, _|
|
40
|
-
d = Chef::EncryptedDataBagItem.load(user_databag, u)
|
40
|
+
d = Chef::EncryptedDataBagItem.load(user_databag, u) # ~FC086
|
41
41
|
@users << d unless d['nagios'].nil? || d['nagios']['email'].nil?
|
42
42
|
end
|
43
43
|
rescue Net::HTTPServerException
|
data/extras/ruby_rpm/muby.spec
CHANGED
@@ -9,6 +9,10 @@ URL: http://www.ruby-lang.org/
|
|
9
9
|
Prefix: /opt/rubies
|
10
10
|
Source: https://cache.ruby-lang.org/pub/ruby/2.5/ruby-%{version}.tar.gz
|
11
11
|
|
12
|
+
BuildRequires: zlib
|
13
|
+
BuildRequires: zlib-devel
|
14
|
+
BuildRequires: openssl
|
15
|
+
|
12
16
|
%description
|
13
17
|
I was drunk when I wrote this spec file
|
14
18
|
|
data/modules/mu/clouds/aws.rb
CHANGED
@@ -148,7 +148,7 @@ module MU
|
|
148
148
|
return @@myRegion_var if @@myRegion_var
|
149
149
|
return nil if credConfig.nil? and !hosted?
|
150
150
|
|
151
|
-
if $MU_CFG and (!$MU_CFG['aws'] or !account_number) and !hosted?
|
151
|
+
if $MU_CFG and (!$MU_CFG['aws'] or !account_number) and !hosted? and !ENV['EC2_REGION']
|
152
152
|
return nil
|
153
153
|
end
|
154
154
|
|
@@ -439,6 +439,13 @@ module MU
|
|
439
439
|
end
|
440
440
|
rescue JSON::ParserError => e
|
441
441
|
end
|
442
|
+
elsif ENV['AWS_ACCESS_KEY'] and ENV['AWS_SECRET_ACCESS_KEY']
|
443
|
+
env_config = {
|
444
|
+
"region" => ENV['EC2_REGION'] || "us-east-1",
|
445
|
+
"access_key" => ENV['AWS_ACCESS_KEY'],
|
446
|
+
"access_secret" => ENV['AWS_SECRET_ACCESS_KEY']
|
447
|
+
}
|
448
|
+
return name_only ? "#default" : env_config
|
442
449
|
end
|
443
450
|
|
444
451
|
return nil
|
data/modules/mu/clouds/azure.rb
CHANGED
data/modules/mu/config.rb
CHANGED
@@ -1152,18 +1152,21 @@ module MU
|
|
1152
1152
|
ok
|
1153
1153
|
end
|
1154
1154
|
|
1155
|
-
# XXX this is some primitive nonsense and needs to be cloud-agnostic
|
1156
1155
|
@@allregions = []
|
1157
|
-
|
1158
|
-
|
1156
|
+
MU::Cloud.supportedClouds.each { |cloud|
|
1157
|
+
cloudclass = Object.const_get("MU").const_get("Cloud").const_get(cloud)
|
1158
|
+
@@allregions.concat(cloudclass.listRegions())
|
1159
|
+
}
|
1159
1160
|
|
1160
1161
|
# Configuration chunk for choosing a provider region
|
1161
1162
|
# @return [Hash]
|
1162
1163
|
def self.region_primitive
|
1163
1164
|
if !@@allregions or @@allregions.empty?
|
1164
1165
|
@@allregions = []
|
1165
|
-
|
1166
|
-
|
1166
|
+
MU::Cloud.supportedClouds.each { |cloud|
|
1167
|
+
cloudclass = Object.const_get("MU").const_get("Cloud").const_get(cloud)
|
1168
|
+
@@allregions.concat(cloudclass.listRegions())
|
1169
|
+
}
|
1167
1170
|
end
|
1168
1171
|
{
|
1169
1172
|
"type" => "string",
|
@@ -1633,10 +1636,10 @@ module MU
|
|
1633
1636
|
kitten['region'] ||= MU::Cloud::Google.myRegion(kitten['credentials'])
|
1634
1637
|
end
|
1635
1638
|
elsif !resclass.isGlobal?
|
1636
|
-
if MU::Cloud::AWS.myRegion.nil?
|
1639
|
+
if MU::Cloud::AWS.myRegion(kitten['credentials']).nil?
|
1637
1640
|
raise ValidationError, "AWS resource declared without a region, but no default AWS region found"
|
1638
1641
|
end
|
1639
|
-
kitten['region'] ||= MU::Cloud::AWS.myRegion
|
1642
|
+
kitten['region'] ||= MU::Cloud::AWS.myRegion(kitten['credentials'])
|
1640
1643
|
end
|
1641
1644
|
|
1642
1645
|
kitten['us_only'] ||= @config['us_only']
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cloud-mu
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.0.pre.
|
4
|
+
version: 2.0.0.pre.alpha8
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- John Stange
|
@@ -12,7 +12,7 @@ authors:
|
|
12
12
|
autorequire:
|
13
13
|
bindir: bin
|
14
14
|
cert_chain: []
|
15
|
-
date: 2019-02-
|
15
|
+
date: 2019-02-14 00:00:00.000000000 Z
|
16
16
|
dependencies:
|
17
17
|
- !ruby/object:Gem::Dependency
|
18
18
|
name: erubis
|