cloud-mu 2.1.0beta → 3.0.0beta
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/Berksfile +4 -5
- data/Berksfile.lock +179 -0
- data/README.md +1 -6
- data/ansible/roles/geerlingguy.firewall/templates/firewall.bash.j2 +0 -0
- data/ansible/roles/mu-installer/README.md +33 -0
- data/ansible/roles/mu-installer/defaults/main.yml +2 -0
- data/ansible/roles/mu-installer/handlers/main.yml +2 -0
- data/ansible/roles/mu-installer/meta/main.yml +60 -0
- data/ansible/roles/mu-installer/tasks/main.yml +13 -0
- data/ansible/roles/mu-installer/tests/inventory +2 -0
- data/ansible/roles/mu-installer/tests/test.yml +5 -0
- data/ansible/roles/mu-installer/vars/main.yml +2 -0
- data/bin/mu-adopt +125 -0
- data/bin/mu-aws-setup +4 -4
- data/bin/mu-azure-setup +265 -0
- data/bin/mu-azure-tests +43 -0
- data/bin/mu-cleanup +20 -8
- data/bin/mu-configure +224 -98
- data/bin/mu-deploy +8 -3
- data/bin/mu-gcp-setup +16 -8
- data/bin/mu-gen-docs +92 -8
- data/bin/mu-load-config.rb +52 -12
- data/bin/mu-momma-cat +36 -0
- data/bin/mu-node-manage +34 -27
- data/bin/mu-self-update +2 -2
- data/bin/mu-ssh +12 -8
- data/bin/mu-upload-chef-artifacts +11 -4
- data/bin/mu-user-manage +3 -0
- data/cloud-mu.gemspec +8 -11
- data/cookbooks/firewall/libraries/helpers_iptables.rb +2 -2
- data/cookbooks/firewall/metadata.json +1 -1
- data/cookbooks/firewall/recipes/default.rb +5 -9
- data/cookbooks/mu-firewall/attributes/default.rb +2 -0
- data/cookbooks/mu-firewall/metadata.rb +1 -1
- data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +0 -0
- data/cookbooks/mu-master/Berksfile +2 -2
- data/cookbooks/mu-master/files/default/check_mem.pl +0 -0
- data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
- data/cookbooks/mu-master/metadata.rb +5 -4
- data/cookbooks/mu-master/recipes/389ds.rb +1 -1
- data/cookbooks/mu-master/recipes/basepackages.rb +30 -10
- data/cookbooks/mu-master/recipes/default.rb +59 -7
- data/cookbooks/mu-master/recipes/firewall-holes.rb +1 -1
- data/cookbooks/mu-master/recipes/init.rb +65 -47
- data/cookbooks/mu-master/recipes/{eks-kubectl.rb → kubectl.rb} +4 -10
- data/cookbooks/mu-master/recipes/sssd.rb +2 -1
- data/cookbooks/mu-master/recipes/update_nagios_only.rb +6 -6
- data/cookbooks/mu-master/templates/default/web_app.conf.erb +2 -2
- data/cookbooks/mu-master/templates/mods/ldap.conf.erb +4 -0
- data/cookbooks/mu-php54/Berksfile +1 -2
- data/cookbooks/mu-php54/metadata.rb +4 -5
- data/cookbooks/mu-php54/recipes/default.rb +1 -1
- data/cookbooks/mu-splunk/templates/default/splunk-init.erb +0 -0
- data/cookbooks/mu-tools/Berksfile +3 -2
- data/cookbooks/mu-tools/files/default/Mu_CA.pem +33 -0
- data/cookbooks/mu-tools/libraries/helper.rb +20 -8
- data/cookbooks/mu-tools/metadata.rb +5 -2
- data/cookbooks/mu-tools/recipes/apply_security.rb +2 -3
- data/cookbooks/mu-tools/recipes/eks.rb +1 -1
- data/cookbooks/mu-tools/recipes/gcloud.rb +5 -30
- data/cookbooks/mu-tools/recipes/nagios.rb +1 -1
- data/cookbooks/mu-tools/recipes/rsyslog.rb +1 -0
- data/cookbooks/mu-tools/recipes/selinux.rb +19 -0
- data/cookbooks/mu-tools/recipes/split_var_partitions.rb +0 -1
- data/cookbooks/mu-tools/recipes/windows-client.rb +256 -122
- data/cookbooks/mu-tools/resources/disk.rb +3 -1
- data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +1 -1
- data/cookbooks/mu-tools/templates/default/etc_hosts.erb +1 -1
- data/cookbooks/mu-tools/templates/default/{kubeconfig.erb → kubeconfig-eks.erb} +0 -0
- data/cookbooks/mu-tools/templates/default/kubeconfig-gke.erb +27 -0
- data/cookbooks/mu-tools/templates/windows-10/sshd_config.erb +137 -0
- data/cookbooks/mu-utility/recipes/nat.rb +4 -0
- data/extras/alpha.png +0 -0
- data/extras/beta.png +0 -0
- data/extras/clean-stock-amis +2 -2
- data/extras/generate-stock-images +131 -0
- data/extras/git-fix-permissions-hook +0 -0
- data/extras/image-generators/AWS/centos6.yaml +17 -0
- data/extras/image-generators/{aws → AWS}/centos7-govcloud.yaml +0 -0
- data/extras/image-generators/{aws → AWS}/centos7.yaml +0 -0
- data/extras/image-generators/{aws → AWS}/rhel7.yaml +0 -0
- data/extras/image-generators/{aws → AWS}/win2k12.yaml +0 -0
- data/extras/image-generators/{aws → AWS}/win2k16.yaml +0 -0
- data/extras/image-generators/{aws → AWS}/windows.yaml +0 -0
- data/extras/image-generators/{gcp → Google}/centos6.yaml +1 -0
- data/extras/image-generators/Google/centos7.yaml +18 -0
- data/extras/python_rpm/build.sh +0 -0
- data/extras/release.png +0 -0
- data/extras/ruby_rpm/build.sh +0 -0
- data/extras/ruby_rpm/muby.spec +1 -1
- data/install/README.md +43 -5
- data/install/deprecated-bash-library.sh +0 -0
- data/install/installer +1 -1
- data/install/jenkinskeys.rb +0 -0
- data/install/mu-master.yaml +55 -0
- data/modules/mommacat.ru +41 -7
- data/modules/mu.rb +444 -149
- data/modules/mu/adoption.rb +500 -0
- data/modules/mu/cleanup.rb +235 -158
- data/modules/mu/cloud.rb +675 -138
- data/modules/mu/clouds/aws.rb +156 -24
- data/modules/mu/clouds/aws/alarm.rb +4 -14
- data/modules/mu/clouds/aws/bucket.rb +60 -18
- data/modules/mu/clouds/aws/cache_cluster.rb +8 -20
- data/modules/mu/clouds/aws/collection.rb +12 -22
- data/modules/mu/clouds/aws/container_cluster.rb +209 -118
- data/modules/mu/clouds/aws/database.rb +120 -45
- data/modules/mu/clouds/aws/dnszone.rb +7 -18
- data/modules/mu/clouds/aws/endpoint.rb +5 -15
- data/modules/mu/clouds/aws/firewall_rule.rb +144 -72
- data/modules/mu/clouds/aws/folder.rb +4 -11
- data/modules/mu/clouds/aws/function.rb +6 -16
- data/modules/mu/clouds/aws/group.rb +4 -12
- data/modules/mu/clouds/aws/habitat.rb +11 -13
- data/modules/mu/clouds/aws/loadbalancer.rb +40 -28
- data/modules/mu/clouds/aws/log.rb +5 -13
- data/modules/mu/clouds/aws/msg_queue.rb +9 -24
- data/modules/mu/clouds/aws/nosqldb.rb +4 -12
- data/modules/mu/clouds/aws/notifier.rb +6 -13
- data/modules/mu/clouds/aws/role.rb +69 -40
- data/modules/mu/clouds/aws/search_domain.rb +17 -20
- data/modules/mu/clouds/aws/server.rb +184 -94
- data/modules/mu/clouds/aws/server_pool.rb +33 -38
- data/modules/mu/clouds/aws/storage_pool.rb +5 -12
- data/modules/mu/clouds/aws/user.rb +59 -33
- data/modules/mu/clouds/aws/userdata/linux.erb +18 -30
- data/modules/mu/clouds/aws/userdata/windows.erb +9 -9
- data/modules/mu/clouds/aws/vpc.rb +214 -145
- data/modules/mu/clouds/azure.rb +978 -44
- data/modules/mu/clouds/azure/container_cluster.rb +413 -0
- data/modules/mu/clouds/azure/firewall_rule.rb +500 -0
- data/modules/mu/clouds/azure/habitat.rb +167 -0
- data/modules/mu/clouds/azure/loadbalancer.rb +205 -0
- data/modules/mu/clouds/azure/role.rb +211 -0
- data/modules/mu/clouds/azure/server.rb +810 -0
- data/modules/mu/clouds/azure/user.rb +257 -0
- data/modules/mu/clouds/azure/userdata/README.md +4 -0
- data/modules/mu/clouds/azure/userdata/linux.erb +137 -0
- data/modules/mu/clouds/azure/userdata/windows.erb +275 -0
- data/modules/mu/clouds/azure/vpc.rb +782 -0
- data/modules/mu/clouds/cloudformation.rb +12 -9
- data/modules/mu/clouds/cloudformation/firewall_rule.rb +5 -13
- data/modules/mu/clouds/cloudformation/server.rb +10 -1
- data/modules/mu/clouds/cloudformation/server_pool.rb +1 -0
- data/modules/mu/clouds/cloudformation/vpc.rb +0 -2
- data/modules/mu/clouds/google.rb +554 -117
- data/modules/mu/clouds/google/bucket.rb +173 -32
- data/modules/mu/clouds/google/container_cluster.rb +1112 -157
- data/modules/mu/clouds/google/database.rb +24 -47
- data/modules/mu/clouds/google/firewall_rule.rb +344 -89
- data/modules/mu/clouds/google/folder.rb +156 -79
- data/modules/mu/clouds/google/group.rb +272 -82
- data/modules/mu/clouds/google/habitat.rb +177 -52
- data/modules/mu/clouds/google/loadbalancer.rb +9 -34
- data/modules/mu/clouds/google/role.rb +1211 -0
- data/modules/mu/clouds/google/server.rb +491 -227
- data/modules/mu/clouds/google/server_pool.rb +233 -48
- data/modules/mu/clouds/google/user.rb +479 -125
- data/modules/mu/clouds/google/userdata/linux.erb +3 -3
- data/modules/mu/clouds/google/userdata/windows.erb +9 -9
- data/modules/mu/clouds/google/vpc.rb +381 -223
- data/modules/mu/config.rb +689 -214
- data/modules/mu/config/bucket.rb +1 -1
- data/modules/mu/config/cache_cluster.rb +1 -1
- data/modules/mu/config/cache_cluster.yml +0 -4
- data/modules/mu/config/container_cluster.rb +18 -9
- data/modules/mu/config/database.rb +6 -23
- data/modules/mu/config/firewall_rule.rb +9 -15
- data/modules/mu/config/folder.rb +22 -21
- data/modules/mu/config/habitat.rb +22 -21
- data/modules/mu/config/loadbalancer.rb +2 -2
- data/modules/mu/config/role.rb +9 -40
- data/modules/mu/config/server.rb +26 -5
- data/modules/mu/config/server_pool.rb +1 -1
- data/modules/mu/config/storage_pool.rb +2 -2
- data/modules/mu/config/user.rb +4 -0
- data/modules/mu/config/vpc.rb +350 -110
- data/modules/mu/defaults/{amazon_images.yaml → AWS.yaml} +37 -39
- data/modules/mu/defaults/Azure.yaml +17 -0
- data/modules/mu/defaults/Google.yaml +24 -0
- data/modules/mu/defaults/README.md +1 -1
- data/modules/mu/deploy.rb +168 -125
- data/modules/mu/groomer.rb +2 -1
- data/modules/mu/groomers/ansible.rb +104 -32
- data/modules/mu/groomers/chef.rb +96 -44
- data/modules/mu/kittens.rb +20602 -0
- data/modules/mu/logger.rb +38 -11
- data/modules/mu/master.rb +90 -8
- data/modules/mu/master/chef.rb +2 -3
- data/modules/mu/master/ldap.rb +0 -1
- data/modules/mu/master/ssl.rb +250 -0
- data/modules/mu/mommacat.rb +917 -513
- data/modules/scratchpad.erb +1 -1
- data/modules/tests/super_complex_bok.yml +0 -0
- data/modules/tests/super_simple_bok.yml +0 -0
- data/roles/mu-master.json +2 -1
- data/spec/azure_creds +5 -0
- data/spec/mu.yaml +56 -0
- data/spec/mu/clouds/azure_spec.rb +164 -27
- data/spec/spec_helper.rb +5 -0
- data/test/clean_up.py +0 -0
- data/test/exec_inspec.py +0 -0
- data/test/exec_mu_install.py +0 -0
- data/test/exec_retry.py +0 -0
- data/test/smoke_test.rb +0 -0
- metadata +90 -118
- data/cookbooks/mu-jenkins/Berksfile +0 -14
- data/cookbooks/mu-jenkins/CHANGELOG.md +0 -13
- data/cookbooks/mu-jenkins/LICENSE +0 -37
- data/cookbooks/mu-jenkins/README.md +0 -105
- data/cookbooks/mu-jenkins/attributes/default.rb +0 -42
- data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +0 -73
- data/cookbooks/mu-jenkins/files/default/deploy_config.xml +0 -44
- data/cookbooks/mu-jenkins/metadata.rb +0 -21
- data/cookbooks/mu-jenkins/recipes/default.rb +0 -195
- data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +0 -54
- data/cookbooks/mu-jenkins/recipes/public_key.rb +0 -24
- data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +0 -24
- data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +0 -14
- data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +0 -6
- data/cookbooks/nagios/Berksfile +0 -11
- data/cookbooks/nagios/CHANGELOG.md +0 -589
- data/cookbooks/nagios/CONTRIBUTING.md +0 -11
- data/cookbooks/nagios/LICENSE +0 -37
- data/cookbooks/nagios/README.md +0 -328
- data/cookbooks/nagios/TESTING.md +0 -2
- data/cookbooks/nagios/attributes/config.rb +0 -171
- data/cookbooks/nagios/attributes/default.rb +0 -228
- data/cookbooks/nagios/chefignore +0 -102
- data/cookbooks/nagios/definitions/command.rb +0 -33
- data/cookbooks/nagios/definitions/contact.rb +0 -33
- data/cookbooks/nagios/definitions/contactgroup.rb +0 -33
- data/cookbooks/nagios/definitions/host.rb +0 -33
- data/cookbooks/nagios/definitions/hostdependency.rb +0 -33
- data/cookbooks/nagios/definitions/hostescalation.rb +0 -34
- data/cookbooks/nagios/definitions/hostgroup.rb +0 -33
- data/cookbooks/nagios/definitions/nagios_conf.rb +0 -38
- data/cookbooks/nagios/definitions/resource.rb +0 -33
- data/cookbooks/nagios/definitions/service.rb +0 -33
- data/cookbooks/nagios/definitions/servicedependency.rb +0 -33
- data/cookbooks/nagios/definitions/serviceescalation.rb +0 -34
- data/cookbooks/nagios/definitions/servicegroup.rb +0 -33
- data/cookbooks/nagios/definitions/timeperiod.rb +0 -33
- data/cookbooks/nagios/libraries/base.rb +0 -314
- data/cookbooks/nagios/libraries/command.rb +0 -91
- data/cookbooks/nagios/libraries/contact.rb +0 -230
- data/cookbooks/nagios/libraries/contactgroup.rb +0 -112
- data/cookbooks/nagios/libraries/custom_option.rb +0 -36
- data/cookbooks/nagios/libraries/data_bag_helper.rb +0 -23
- data/cookbooks/nagios/libraries/default.rb +0 -90
- data/cookbooks/nagios/libraries/host.rb +0 -412
- data/cookbooks/nagios/libraries/hostdependency.rb +0 -181
- data/cookbooks/nagios/libraries/hostescalation.rb +0 -173
- data/cookbooks/nagios/libraries/hostgroup.rb +0 -119
- data/cookbooks/nagios/libraries/nagios.rb +0 -282
- data/cookbooks/nagios/libraries/resource.rb +0 -59
- data/cookbooks/nagios/libraries/service.rb +0 -455
- data/cookbooks/nagios/libraries/servicedependency.rb +0 -215
- data/cookbooks/nagios/libraries/serviceescalation.rb +0 -195
- data/cookbooks/nagios/libraries/servicegroup.rb +0 -144
- data/cookbooks/nagios/libraries/timeperiod.rb +0 -160
- data/cookbooks/nagios/libraries/users_helper.rb +0 -54
- data/cookbooks/nagios/metadata.rb +0 -25
- data/cookbooks/nagios/recipes/_load_databag_config.rb +0 -153
- data/cookbooks/nagios/recipes/_load_default_config.rb +0 -241
- data/cookbooks/nagios/recipes/apache.rb +0 -48
- data/cookbooks/nagios/recipes/default.rb +0 -204
- data/cookbooks/nagios/recipes/nginx.rb +0 -82
- data/cookbooks/nagios/recipes/pagerduty.rb +0 -143
- data/cookbooks/nagios/recipes/server_package.rb +0 -40
- data/cookbooks/nagios/recipes/server_source.rb +0 -164
- data/cookbooks/nagios/templates/default/apache2.conf.erb +0 -96
- data/cookbooks/nagios/templates/default/cgi.cfg.erb +0 -266
- data/cookbooks/nagios/templates/default/commands.cfg.erb +0 -13
- data/cookbooks/nagios/templates/default/contacts.cfg.erb +0 -37
- data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +0 -25
- data/cookbooks/nagios/templates/default/hosts.cfg.erb +0 -15
- data/cookbooks/nagios/templates/default/htpasswd.users.erb +0 -6
- data/cookbooks/nagios/templates/default/nagios.cfg.erb +0 -22
- data/cookbooks/nagios/templates/default/nginx.conf.erb +0 -62
- data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +0 -185
- data/cookbooks/nagios/templates/default/resource.cfg.erb +0 -27
- data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +0 -15
- data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +0 -14
- data/cookbooks/nagios/templates/default/services.cfg.erb +0 -14
- data/cookbooks/nagios/templates/default/templates.cfg.erb +0 -31
- data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +0 -13
- data/extras/image-generators/aws/centos6.yaml +0 -18
- data/modules/mu/defaults/google_images.yaml +0 -16
- data/roles/mu-master-jenkins.json +0 -24
@@ -18,25 +18,11 @@ module MU
|
|
18
18
|
# A server pool as configured in {MU::Config::BasketofKittens::server_pools}
|
19
19
|
class ServerPool < MU::Cloud::ServerPool
|
20
20
|
|
21
|
-
|
22
|
-
@
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
# @param mommacat [MU::MommaCat]: A {MU::Mommacat} object containing the deploy of which this resource is/will be a member.
|
28
|
-
# @param kitten_cfg [Hash]: The fully parsed and resolved {MU::Config} resource descriptor as defined in {MU::Config::BasketofKittens::server_pools}
|
29
|
-
def initialize(mommacat: nil, kitten_cfg: nil, mu_name: nil, cloud_id: nil)
|
30
|
-
@deploy = mommacat
|
31
|
-
@config = MU::Config.manxify(kitten_cfg)
|
32
|
-
@cloud_id ||= cloud_id
|
33
|
-
if !mu_name.nil?
|
34
|
-
@mu_name = mu_name
|
35
|
-
elsif @config['scrub_mu_isms']
|
36
|
-
@mu_name = @config['name']
|
37
|
-
else
|
38
|
-
@mu_name = @deploy.getResourceName(@config['name'])
|
39
|
-
end
|
21
|
+
# Initialize this cloud resource object. Calling +super+ will invoke the initializer defined under {MU::Cloud}, which should set the attribtues listed in {MU::Cloud::PUBLIC_ATTRS} as well as applicable dependency shortcuts, like +@vpc+, for us.
|
22
|
+
# @param args [Hash]: Hash of named arguments passed via Ruby's double-splat
|
23
|
+
def initialize(**args)
|
24
|
+
super
|
25
|
+
@mu_name ||= @deploy.getResourceName(@config['name'])
|
40
26
|
end
|
41
27
|
|
42
28
|
# Called automatically by {MU::Deploy#createResources}
|
@@ -148,8 +134,6 @@ module MU
|
|
148
134
|
setScaleInProtection(need_instances)
|
149
135
|
end
|
150
136
|
|
151
|
-
MU.log "See /var/log/mu-momma-cat.log for asynchronous bootstrap progress.", MU::NOTICE
|
152
|
-
|
153
137
|
return asg
|
154
138
|
end
|
155
139
|
|
@@ -476,6 +460,8 @@ module MU
|
|
476
460
|
# @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
|
477
461
|
def self.schema(config)
|
478
462
|
toplevel_required = []
|
463
|
+
|
464
|
+
term_policies = MU::Cloud::AWS.credConfig ? MU::Cloud::AWS.autoscale.describe_termination_policy_types.termination_policy_types : ["AllocationStrategy", "ClosestToNextInstanceHour", "Default", "NewestInstance", "OldestInstance", "OldestLaunchConfiguration", "OldestLaunchTemplate"]
|
479
465
|
|
480
466
|
schema = {
|
481
467
|
"role_strip_path" => {
|
@@ -586,7 +572,7 @@ module MU
|
|
586
572
|
"items" => {
|
587
573
|
"type" => "String",
|
588
574
|
"default" => "Default",
|
589
|
-
"enum" =>
|
575
|
+
"enum" => term_policies
|
590
576
|
}
|
591
577
|
},
|
592
578
|
"scaling_policies" => {
|
@@ -839,10 +825,11 @@ module MU
|
|
839
825
|
ok = false
|
840
826
|
end
|
841
827
|
else
|
842
|
-
s3_objs = ['arn:'+(MU::Cloud::AWS.isGovCloud?(pool['region']) ? "aws-us-gov" : "aws")+':s3:::'+MU.adminBucketName+'/Mu_CA.pem']
|
828
|
+
s3_objs = ['arn:'+(MU::Cloud::AWS.isGovCloud?(pool['region']) ? "aws-us-gov" : "aws")+':s3:::'+MU::Cloud::AWS.adminBucketName(pool['credentials'])+'/Mu_CA.pem']
|
843
829
|
|
844
830
|
role = {
|
845
831
|
"name" => pool["name"],
|
832
|
+
"cloud" => "AWS",
|
846
833
|
"strip_path" => pool["role_strip_path"],
|
847
834
|
"can_assume" => [
|
848
835
|
{
|
@@ -878,9 +865,9 @@ module MU
|
|
878
865
|
end
|
879
866
|
launch["ami_id"] ||= launch["image_id"]
|
880
867
|
if launch["server"].nil? and launch["instance_id"].nil? and launch["ami_id"].nil?
|
881
|
-
|
882
|
-
|
883
|
-
launch['ami_id'] = configurator.getTail("pool"+pool['name']+"AMI", value:
|
868
|
+
img_id = MU::Cloud.getStockImage("AWS", platform: pool['platform'], region: pool['region'])
|
869
|
+
if img_id
|
870
|
+
launch['ami_id'] = configurator.getTail("pool"+pool['name']+"AMI", value: img_id, prettyname: "pool"+pool['name']+"AMI", cloudtype: "AWS::EC2::Image::Id")
|
884
871
|
|
885
872
|
else
|
886
873
|
ok = false
|
@@ -961,6 +948,7 @@ module MU
|
|
961
948
|
if policy["alarms"] && !policy["alarms"].empty?
|
962
949
|
policy["alarms"].each { |alarm|
|
963
950
|
alarm["name"] = "scaling-policy-#{pool["name"]}-#{alarm["name"]}"
|
951
|
+
alarm["cloud"] = "AWS",
|
964
952
|
alarm['dimensions'] = [] if !alarm['dimensions']
|
965
953
|
alarm['dimensions'] << { "name" => pool["name"], "cloud_class" => "AutoScalingGroupName" }
|
966
954
|
alarm["namespace"] = "AWS/EC2" if alarm["namespace"].nil?
|
@@ -1086,8 +1074,9 @@ module MU
|
|
1086
1074
|
@config['basis']['launch_config']["ami_id"] = MU::Cloud::AWS::Server.createImage(
|
1087
1075
|
name: @mu_name,
|
1088
1076
|
instance_id: @config['basis']['launch_config']["instance_id"],
|
1089
|
-
credentials: @config['credentials']
|
1090
|
-
|
1077
|
+
credentials: @config['credentials'],
|
1078
|
+
region: @config['region']
|
1079
|
+
)[@config['region']]
|
1091
1080
|
end
|
1092
1081
|
MU::Cloud::AWS::Server.waitForAMI(@config['basis']['launch_config']["ami_id"], credentials: @config['credentials'])
|
1093
1082
|
|
@@ -1097,13 +1086,17 @@ module MU
|
|
1097
1086
|
|
1098
1087
|
userdata = MU::Cloud.fetchUserdata(
|
1099
1088
|
platform: @config["platform"],
|
1100
|
-
cloud: "
|
1089
|
+
cloud: "AWS",
|
1090
|
+
credentials: @config['credentials'],
|
1101
1091
|
template_variables: {
|
1102
1092
|
"deployKey" => Base64.urlsafe_encode64(@deploy.public_key),
|
1103
1093
|
"deploySSHKey" => @deploy.ssh_public_key,
|
1104
1094
|
"muID" => @deploy.deploy_id,
|
1105
1095
|
"muUser" => MU.chef_user,
|
1106
1096
|
"publicIP" => MU.mu_public_ip,
|
1097
|
+
"mommaCatPort" => MU.mommaCatPort,
|
1098
|
+
"chefVersion" => MU.chefVersion,
|
1099
|
+
"adminBucketName" => MU::Cloud::AWS.adminBucketName(@credentials),
|
1107
1100
|
"windowsAdminName" => @config['windows_admin_username'],
|
1108
1101
|
"skipApplyUpdates" => @config['skipinitialupdates'],
|
1109
1102
|
"resourceName" => @config["name"],
|
@@ -1149,19 +1142,21 @@ module MU
|
|
1149
1142
|
|
1150
1143
|
if @config['basis']['launch_config']['generate_iam_role']
|
1151
1144
|
role = @deploy.findLitterMate(name: @config['name'], type: "roles")
|
1152
|
-
|
1153
|
-
|
1154
|
-
|
1155
|
-
|
1145
|
+
if role
|
1146
|
+
s3_objs = ["#{@deploy.deploy_id}-secret", "#{role.mu_name}.pfx", "#{role.mu_name}.crt", "#{role.mu_name}.key", "#{role.mu_name}-winrm.crt", "#{role.mu_name}-winrm.key"].map { |file|
|
1147
|
+
'arn:'+(MU::Cloud::AWS.isGovCloud?(@config['region']) ? "aws-us-gov" : "aws")+':s3:::'+MU::Cloud::AWS.adminBucketName(@credentials)+'/'+file
|
1148
|
+
}
|
1149
|
+
role.cloudobj.injectPolicyTargets("MuSecrets", s3_objs)
|
1150
|
+
end
|
1156
1151
|
end
|
1157
1152
|
|
1158
1153
|
if !oldlaunch.nil?
|
1159
1154
|
olduserdata = Base64.decode64(oldlaunch.user_data)
|
1160
|
-
if userdata
|
1161
|
-
oldlaunch.image_id
|
1162
|
-
oldlaunch.ebs_optimized
|
1163
|
-
oldlaunch.instance_type
|
1164
|
-
oldlaunch.instance_monitoring.enabled
|
1155
|
+
if userdata == olduserdata and
|
1156
|
+
oldlaunch.image_id == @config["basis"]["launch_config"]["ami_id"] and
|
1157
|
+
oldlaunch.ebs_optimized == @config["basis"]["launch_config"]["ebs_optimized"] and
|
1158
|
+
oldlaunch.instance_type == @config["basis"]["launch_config"]["size"] and
|
1159
|
+
oldlaunch.instance_monitoring.enabled == @config["basis"]["launch_config"]["monitoring"]
|
1165
1160
|
# XXX check more things
|
1166
1161
|
# launch.block_device_mappings != storage
|
1167
1162
|
# XXX block device comparison isn't this simple
|
@@ -17,18 +17,11 @@ module MU
|
|
17
17
|
class AWS
|
18
18
|
# A storage pool as configured in {MU::Config::BasketofKittens::storage_pools}
|
19
19
|
class StoragePool < MU::Cloud::StoragePool
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
# @param mommacat [MU::MommaCat]: A {MU::Mommacat} object containing the deploy of which this resource is/will be a member.
|
27
|
-
# @param kitten_cfg [Hash]: The fully parsed and resolved {MU::Config} resource descriptor as defined in {MU::Config::BasketofKittens::storage_pools}
|
28
|
-
def initialize(mommacat: nil, kitten_cfg: nil, mu_name: nil, cloud_id: nil)
|
29
|
-
@deploy = mommacat
|
30
|
-
@config = MU::Config.manxify(kitten_cfg)
|
31
|
-
@cloud_id ||= cloud_id
|
20
|
+
|
21
|
+
# Initialize this cloud resource object. Calling +super+ will invoke the initializer defined under {MU::Cloud}, which should set the attribtues listed in {MU::Cloud::PUBLIC_ATTRS} as well as applicable dependency shortcuts, like +@vpc+, for us.
|
22
|
+
# @param args [Hash]: Hash of named arguments passed via Ruby's double-splat
|
23
|
+
def initialize(**args)
|
24
|
+
super
|
32
25
|
@mu_name ||= @deploy.getResourceName(@config['name'])
|
33
26
|
end
|
34
27
|
|
@@ -17,18 +17,11 @@ module MU
|
|
17
17
|
class AWS
|
18
18
|
# A user as configured in {MU::Config::BasketofKittens::users}
|
19
19
|
class User < MU::Cloud::User
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
# @param mommacat [MU::MommaCat]: A {MU::Mommacat} object containing the deploy of which this resource is/will be a member.
|
27
|
-
# @param kitten_cfg [Hash]: The fully parsed and resolved {MU::Config} resource descriptor as defined in {MU::Config::BasketofKittens::users}
|
28
|
-
def initialize(mommacat: nil, kitten_cfg: nil, mu_name: nil, cloud_id: nil)
|
29
|
-
@deploy = mommacat
|
30
|
-
@config = MU::Config.manxify(kitten_cfg)
|
31
|
-
@cloud_id ||= cloud_id
|
20
|
+
|
21
|
+
# Initialize this cloud resource object. Calling +super+ will invoke the initializer defined under {MU::Cloud}, which should set the attribtues listed in {MU::Cloud::PUBLIC_ATTRS} as well as applicable dependency shortcuts, like +@vpc+, for us.
|
22
|
+
# @param args [Hash]: Hash of named arguments passed via Ruby's double-splat
|
23
|
+
def initialize(**args)
|
24
|
+
super
|
32
25
|
@mu_name ||= if @config['unique_name']
|
33
26
|
@deploy.getResourceName(@config["name"])
|
34
27
|
else
|
@@ -157,30 +150,63 @@ module MU
|
|
157
150
|
resp.policies.each { |policy|
|
158
151
|
MU.log "Deleting policy /#{MU.deploy_id}/#{policy.policy_name}"
|
159
152
|
if !noop
|
160
|
-
attachments =
|
161
|
-
|
162
|
-
)
|
163
|
-
attachments.policy_users.each { |u|
|
164
|
-
MU::Cloud::AWS.iam(credentials: credentials).detach_user_policy(
|
165
|
-
user_name: u.user_name,
|
166
|
-
policy_arn: policy.arn
|
167
|
-
)
|
168
|
-
}
|
169
|
-
attachments.policy_groups.each { |g|
|
170
|
-
MU::Cloud::AWS.iam(credentials: credentials).detach_role_policy(
|
171
|
-
group_name: g.group_name,
|
153
|
+
attachments = begin
|
154
|
+
MU::Cloud::AWS.iam(credentials: credentials).list_entities_for_policy(
|
172
155
|
policy_arn: policy.arn
|
173
156
|
)
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
|
157
|
+
rescue ::Aws::IAM::Errors::NoSuchEntity
|
158
|
+
end
|
159
|
+
if attachments
|
160
|
+
begin
|
161
|
+
attachments.policy_users.each { |u|
|
162
|
+
MU::Cloud::AWS.iam(credentials: credentials).detach_user_policy(
|
163
|
+
user_name: u.user_name,
|
164
|
+
policy_arn: policy.arn
|
165
|
+
)
|
166
|
+
}
|
167
|
+
rescue ::Aws::IAM::Errors::NoSuchEntity
|
168
|
+
end
|
169
|
+
begin
|
170
|
+
attachments.policy_groups.each { |g|
|
171
|
+
MU::Cloud::AWS.iam(credentials: credentials).detach_role_policy(
|
172
|
+
group_name: g.group_name,
|
173
|
+
policy_arn: policy.arn
|
174
|
+
)
|
175
|
+
}
|
176
|
+
rescue ::Aws::IAM::Errors::NoSuchEntity
|
177
|
+
end
|
178
|
+
begin
|
179
|
+
attachments.policy_roles.each { |r|
|
180
|
+
MU::Cloud::AWS.iam(credentials: credentials).detach_role_policy(
|
181
|
+
role_name: r.role_name,
|
182
|
+
policy_arn: policy.arn
|
183
|
+
)
|
184
|
+
}
|
185
|
+
rescue ::Aws::IAM::Errors::NoSuchEntity
|
186
|
+
end
|
187
|
+
end
|
188
|
+
|
189
|
+
begin
|
190
|
+
MU::Cloud::AWS.iam(credentials: credentials).delete_policy(
|
178
191
|
policy_arn: policy.arn
|
179
192
|
)
|
180
|
-
|
181
|
-
|
182
|
-
|
183
|
-
|
193
|
+
rescue ::Aws::IAM::Errors::DeleteConflict
|
194
|
+
versions = MU::Cloud::AWS.iam(credentials: credentials).list_policy_versions(
|
195
|
+
policy_arn: policy.arn,
|
196
|
+
).versions
|
197
|
+
versions.each { |v|
|
198
|
+
next if v.is_default_version
|
199
|
+
begin
|
200
|
+
MU::Cloud::AWS.iam(credentials: credentials).delete_policy_version(
|
201
|
+
policy_arn: policy.arn,
|
202
|
+
version_id: v.version_id
|
203
|
+
)
|
204
|
+
rescue ::Aws::IAM::Errors::NoSuchEntity
|
205
|
+
end
|
206
|
+
}
|
207
|
+
retry
|
208
|
+
rescue ::Aws::IAM::Errors::NoSuchEntity
|
209
|
+
end
|
184
210
|
end
|
185
211
|
}
|
186
212
|
end
|
@@ -282,7 +308,7 @@ module MU
|
|
282
308
|
schema = {
|
283
309
|
"name" => {
|
284
310
|
"type" => "string",
|
285
|
-
"description" => "A plain IAM user. If the user already exists, we will operate on that existing user. Otherwise, we will attempt to create a new user."
|
311
|
+
"description" => "A plain IAM user. If the user already exists, we will operate on that existing user. Otherwise, we will attempt to create a new user. AWS IAM does not distinguish between human user accounts and machine accounts."
|
286
312
|
},
|
287
313
|
"path" => {
|
288
314
|
"type" => "string",
|
@@ -14,7 +14,6 @@
|
|
14
14
|
# limitations under the License.
|
15
15
|
|
16
16
|
updates_run=0
|
17
|
-
need_reboot=0
|
18
17
|
instance_id="`curl http://169.254.169.254/latest/meta-data/instance-id`"
|
19
18
|
region="`curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone | sed 's/[a-z]$//'`"
|
20
19
|
|
@@ -35,27 +34,25 @@ if ping -c 5 8.8.8.8 > /dev/null; then
|
|
35
34
|
if [ ! -f /usr/bin/curl ] ;then /usr/bin/apt-get --fix-missing -y install curl;fi
|
36
35
|
AWSCLI=/usr/local/bin/aws
|
37
36
|
<% if !$mu.skipApplyUpdates %>
|
37
|
+
set +e
|
38
38
|
if [ ! -f /.mu-installer-ran-updates ];then
|
39
39
|
service ssh stop
|
40
40
|
apt-get --fix-missing -y upgrade
|
41
|
+
touch /.mu-installer-ran-updates
|
41
42
|
if [ $? -eq 0 ]
|
42
43
|
then
|
43
44
|
echo "Successfully updated packages"
|
44
45
|
updates_run=1
|
46
|
+
# XXX this logic works on Ubuntu, is it Debian-friendly?
|
47
|
+
latest_kernel="`ls -1 /boot/vmlinuz-* | sed -r 's/^\/boot\/vmlinuz-//' | tail -1`"
|
48
|
+
running_kernel="`uname -r`"
|
49
|
+
if [ "$running_kernel" != "$latest_kernel" -a "$latest_kernel" != "" ];then
|
50
|
+
shutdown -r now "Applying new kernel"
|
51
|
+
fi
|
45
52
|
else
|
46
53
|
echo "FAILED PACKAGE UPDATE" >&2
|
47
54
|
fi
|
48
|
-
|
49
|
-
touch /.mu-installer-ran-updates
|
50
|
-
|
51
|
-
# XXX this logic works on Ubuntu, is it Debian-friendly?
|
52
|
-
latest_kernel="`ls -1 /boot/vmlinuz-* | sed -r 's/^\/boot\/vmlinuz-//' | tail -1`"
|
53
|
-
running_kernel="`uname -r`"
|
54
|
-
if [ "$running_kernel" != "$latest_kernel" -a "$latest_kernel" != "" ];then
|
55
|
-
need_reboot=1
|
56
|
-
else
|
57
|
-
service ssh start
|
58
|
-
fi
|
55
|
+
service ssh start
|
59
56
|
fi
|
60
57
|
<% end %>
|
61
58
|
elif [ -x /usr/bin/yum ];then
|
@@ -89,24 +86,23 @@ if ping -c 5 8.8.8.8 > /dev/null; then
|
|
89
86
|
/bin/rpm -ivh http://mirror.metrocast.net/fedora/epel/epel-release-latest-$version.noarch.rpm
|
90
87
|
fi
|
91
88
|
<% if !$mu.skipApplyUpdates %>
|
89
|
+
set +e
|
92
90
|
if [ ! -f /.mu-installer-ran-updates ];then
|
93
91
|
service sshd stop
|
94
92
|
kernel_update=`yum list updates | grep kernel`
|
95
93
|
yum -y update
|
94
|
+
touch /.mu-installer-ran-updates
|
96
95
|
if [ $? -eq 0 ]
|
97
96
|
then
|
98
97
|
echo "Successfully updated packages"
|
99
98
|
updates_run=1
|
99
|
+
if [ -n "$kernel_update" ]; then
|
100
|
+
shutdown -r now "Applying new kernel"
|
101
|
+
fi
|
100
102
|
else
|
101
103
|
echo "FAILED PACKAGE UPDATE" >&2
|
102
104
|
fi
|
103
|
-
|
104
|
-
touch /.mu-installer-ran-updates
|
105
|
-
if [ -n "$kernel_update" ]; then
|
106
|
-
need_reboot=1
|
107
|
-
else
|
108
|
-
service sshd start
|
109
|
-
fi
|
105
|
+
service sshd start
|
110
106
|
fi
|
111
107
|
<% end %>
|
112
108
|
fi
|
@@ -143,27 +139,19 @@ fi
|
|
143
139
|
|
144
140
|
umask 0077
|
145
141
|
|
146
|
-
# Install Chef now, because why not?
|
147
142
|
if [ ! -f /opt/chef/embedded/bin/ruby ];then
|
148
143
|
curl https://www.chef.io/chef/install.sh > chef-install.sh
|
149
144
|
set +e
|
150
145
|
# We may run afoul of a synchronous bootstrap process doing the same thing. So
|
151
146
|
# wait until we've managed to run successfully.
|
152
|
-
while ! sh chef-install.sh -v <%=
|
147
|
+
while ! sh chef-install.sh -v <%= $mu.chefVersion %>;do
|
153
148
|
sleep 10
|
154
149
|
done
|
155
150
|
touch /opt/mu_installed_chef
|
156
|
-
set -e
|
157
|
-
fi
|
158
|
-
|
159
|
-
<% if !$mu.skipApplyUpdates %>
|
160
|
-
if [ "$need_reboot" == "1" ];then
|
161
|
-
shutdown -r now "Applying new kernel"
|
162
151
|
fi
|
163
|
-
<% end %>
|
164
152
|
|
165
153
|
if [ "$AWSCLI" != "" ];then
|
166
|
-
$AWSCLI --region="$region" s3 cp s3://<%=
|
154
|
+
$AWSCLI --region="$region" s3 cp s3://<%= $mu.adminBucketName %>/<%= $mu.muID %>-secret .
|
167
155
|
fi
|
168
156
|
|
169
157
|
echo '
|
@@ -181,6 +169,6 @@ if ! ( netstat -na | grep LISTEN | grep ':22 ' );then
|
|
181
169
|
service sshd start
|
182
170
|
fi
|
183
171
|
|
184
|
-
/usr/bin/curl -k --data mu_id="<%= $mu.muID %>" --data mu_resource_name="<%= $mu.resourceName %>" --data mu_resource_type="<%= $mu.resourceType %>" --data mu_instance_id="$instance_id" --data mu_bootstrap="1" --data mu_user="<%= $mu.muUser %>" --data mu_deploy_secret="`/opt/chef/embedded/bin/ruby encrypt_deploy_secret.rb`" https://<%= $mu.publicIP
|
172
|
+
/usr/bin/curl -k --data mu_id="<%= $mu.muID %>" --data mu_resource_name="<%= $mu.resourceName %>" --data mu_resource_type="<%= $mu.resourceType %>" --data mu_instance_id="$instance_id" --data mu_bootstrap="1" --data mu_user="<%= $mu.muUser %>" --data mu_deploy_secret="`/opt/chef/embedded/bin/ruby encrypt_deploy_secret.rb`" https://<%= $mu.publicIP %>:<%= $mu.mommaCatPort %>/
|
185
173
|
/bin/rm -f <%= $mu.muID %>-secret mu_deploy_key.pub chef-install.sh encrypt_deploy_secret.rb
|
186
174
|
touch /.mu_userdata_complete
|
@@ -23,8 +23,8 @@ function log
|
|
23
23
|
}
|
24
24
|
|
25
25
|
function fetchSecret([string]$file){
|
26
|
-
log "Fetching s3://<%=
|
27
|
-
aws.cmd --region $region s3 cp s3://<%=
|
26
|
+
log "Fetching s3://<%= $mu.adminBucketName %>/$file to $tmp/$file"
|
27
|
+
aws.cmd --region $region s3 cp s3://<%= $mu.adminBucketName %>/$file $tmp/$file
|
28
28
|
}
|
29
29
|
|
30
30
|
function importCert([string]$cert, [string]$store){
|
@@ -113,7 +113,7 @@ function removeChef($location){
|
|
113
113
|
$install_chef = $false
|
114
114
|
$my_chef = (Get-ItemProperty $location | Where-Object {$_.DisplayName -like "chef client*"}).DisplayName
|
115
115
|
if ($my_chef) {
|
116
|
-
if ($my_chef -match '<%=
|
116
|
+
if ($my_chef -match '<%= $mu.chefVersion %>'.split('-')[0]) {
|
117
117
|
$install_chef = $false
|
118
118
|
} else{
|
119
119
|
log "Uninstalling Chef"
|
@@ -143,13 +143,13 @@ If (!(Test-Path "c:\opscode\chef\embedded\bin\ruby.exe")){
|
|
143
143
|
}
|
144
144
|
|
145
145
|
If ($install_chef){
|
146
|
-
log "Installing Chef <%=
|
147
|
-
If (!(Test-Path $env:Temp/chef-installer-<%=
|
146
|
+
log "Installing Chef <%= $mu.chefVersion %>"
|
147
|
+
If (!(Test-Path $env:Temp/chef-installer-<%= $mu.chefVersion %>.msi)){
|
148
148
|
log "Downloading Chef installer"
|
149
|
-
$WebClient.DownloadFile("https://www.chef.io/chef/download?p=windows&pv=2012&m=x86_64&v=<%=
|
149
|
+
$WebClient.DownloadFile("https://www.chef.io/chef/download?p=windows&pv=2012&m=x86_64&v=<%= $mu.chefVersion %>","$env:Temp/chef-installer-<%= $mu.chefVersion %>.msi")
|
150
150
|
}
|
151
151
|
log "Running Chef installer"
|
152
|
-
(Start-Process -FilePath msiexec -ArgumentList "/i $env:Temp\chef-installer-<%=
|
152
|
+
(Start-Process -FilePath msiexec -ArgumentList "/i $env:Temp\chef-installer-<%= $mu.chefVersion %>.msi ALLUSERS=1 /le $env:Temp\chef-client-install.log /qn" -Wait -Passthru).ExitCode
|
153
153
|
Set-Content "c:/mu_installed_chef" "yup"
|
154
154
|
}
|
155
155
|
|
@@ -163,9 +163,9 @@ $deploy_secret = & "c:\opscode\chef\embedded\bin\ruby" -ropenssl -rbase64 -e "ke
|
|
163
163
|
function callMomma([string]$act)
|
164
164
|
{
|
165
165
|
$params = @{mu_id='<%= $mu.muID %>';mu_resource_name='<%= $mu.resourceName %>';mu_resource_type='<%= $mu.resourceType %>';mu_instance_id="$awsid";mu_user='<%= $mu.muUser %>';mu_deploy_secret="$deploy_secret";$act="1"}
|
166
|
-
log "Calling Momma Cat at https://<%= $mu.publicIP
|
166
|
+
log "Calling Momma Cat at https://<%= $mu.publicIP %>:<%= $mu.mommaCatPort %> with $act"
|
167
167
|
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
|
168
|
-
$resp = Invoke-WebRequest -Uri https://<%= $mu.publicIP
|
168
|
+
$resp = Invoke-WebRequest -Uri https://<%= $mu.publicIP %>:<%= $mu.mommaCatPort %> -Method POST -Body $params
|
169
169
|
return $resp.Content
|
170
170
|
}
|
171
171
|
|