cloud-mu 2.1.0beta → 3.0.0beta

Sign up to get free protection for your applications and to get access to all the features.
Files changed (291) hide show
  1. checksums.yaml +5 -5
  2. data/Berksfile +4 -5
  3. data/Berksfile.lock +179 -0
  4. data/README.md +1 -6
  5. data/ansible/roles/geerlingguy.firewall/templates/firewall.bash.j2 +0 -0
  6. data/ansible/roles/mu-installer/README.md +33 -0
  7. data/ansible/roles/mu-installer/defaults/main.yml +2 -0
  8. data/ansible/roles/mu-installer/handlers/main.yml +2 -0
  9. data/ansible/roles/mu-installer/meta/main.yml +60 -0
  10. data/ansible/roles/mu-installer/tasks/main.yml +13 -0
  11. data/ansible/roles/mu-installer/tests/inventory +2 -0
  12. data/ansible/roles/mu-installer/tests/test.yml +5 -0
  13. data/ansible/roles/mu-installer/vars/main.yml +2 -0
  14. data/bin/mu-adopt +125 -0
  15. data/bin/mu-aws-setup +4 -4
  16. data/bin/mu-azure-setup +265 -0
  17. data/bin/mu-azure-tests +43 -0
  18. data/bin/mu-cleanup +20 -8
  19. data/bin/mu-configure +224 -98
  20. data/bin/mu-deploy +8 -3
  21. data/bin/mu-gcp-setup +16 -8
  22. data/bin/mu-gen-docs +92 -8
  23. data/bin/mu-load-config.rb +52 -12
  24. data/bin/mu-momma-cat +36 -0
  25. data/bin/mu-node-manage +34 -27
  26. data/bin/mu-self-update +2 -2
  27. data/bin/mu-ssh +12 -8
  28. data/bin/mu-upload-chef-artifacts +11 -4
  29. data/bin/mu-user-manage +3 -0
  30. data/cloud-mu.gemspec +8 -11
  31. data/cookbooks/firewall/libraries/helpers_iptables.rb +2 -2
  32. data/cookbooks/firewall/metadata.json +1 -1
  33. data/cookbooks/firewall/recipes/default.rb +5 -9
  34. data/cookbooks/mu-firewall/attributes/default.rb +2 -0
  35. data/cookbooks/mu-firewall/metadata.rb +1 -1
  36. data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +0 -0
  37. data/cookbooks/mu-master/Berksfile +2 -2
  38. data/cookbooks/mu-master/files/default/check_mem.pl +0 -0
  39. data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
  40. data/cookbooks/mu-master/metadata.rb +5 -4
  41. data/cookbooks/mu-master/recipes/389ds.rb +1 -1
  42. data/cookbooks/mu-master/recipes/basepackages.rb +30 -10
  43. data/cookbooks/mu-master/recipes/default.rb +59 -7
  44. data/cookbooks/mu-master/recipes/firewall-holes.rb +1 -1
  45. data/cookbooks/mu-master/recipes/init.rb +65 -47
  46. data/cookbooks/mu-master/recipes/{eks-kubectl.rb → kubectl.rb} +4 -10
  47. data/cookbooks/mu-master/recipes/sssd.rb +2 -1
  48. data/cookbooks/mu-master/recipes/update_nagios_only.rb +6 -6
  49. data/cookbooks/mu-master/templates/default/web_app.conf.erb +2 -2
  50. data/cookbooks/mu-master/templates/mods/ldap.conf.erb +4 -0
  51. data/cookbooks/mu-php54/Berksfile +1 -2
  52. data/cookbooks/mu-php54/metadata.rb +4 -5
  53. data/cookbooks/mu-php54/recipes/default.rb +1 -1
  54. data/cookbooks/mu-splunk/templates/default/splunk-init.erb +0 -0
  55. data/cookbooks/mu-tools/Berksfile +3 -2
  56. data/cookbooks/mu-tools/files/default/Mu_CA.pem +33 -0
  57. data/cookbooks/mu-tools/libraries/helper.rb +20 -8
  58. data/cookbooks/mu-tools/metadata.rb +5 -2
  59. data/cookbooks/mu-tools/recipes/apply_security.rb +2 -3
  60. data/cookbooks/mu-tools/recipes/eks.rb +1 -1
  61. data/cookbooks/mu-tools/recipes/gcloud.rb +5 -30
  62. data/cookbooks/mu-tools/recipes/nagios.rb +1 -1
  63. data/cookbooks/mu-tools/recipes/rsyslog.rb +1 -0
  64. data/cookbooks/mu-tools/recipes/selinux.rb +19 -0
  65. data/cookbooks/mu-tools/recipes/split_var_partitions.rb +0 -1
  66. data/cookbooks/mu-tools/recipes/windows-client.rb +256 -122
  67. data/cookbooks/mu-tools/resources/disk.rb +3 -1
  68. data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +1 -1
  69. data/cookbooks/mu-tools/templates/default/etc_hosts.erb +1 -1
  70. data/cookbooks/mu-tools/templates/default/{kubeconfig.erb → kubeconfig-eks.erb} +0 -0
  71. data/cookbooks/mu-tools/templates/default/kubeconfig-gke.erb +27 -0
  72. data/cookbooks/mu-tools/templates/windows-10/sshd_config.erb +137 -0
  73. data/cookbooks/mu-utility/recipes/nat.rb +4 -0
  74. data/extras/alpha.png +0 -0
  75. data/extras/beta.png +0 -0
  76. data/extras/clean-stock-amis +2 -2
  77. data/extras/generate-stock-images +131 -0
  78. data/extras/git-fix-permissions-hook +0 -0
  79. data/extras/image-generators/AWS/centos6.yaml +17 -0
  80. data/extras/image-generators/{aws → AWS}/centos7-govcloud.yaml +0 -0
  81. data/extras/image-generators/{aws → AWS}/centos7.yaml +0 -0
  82. data/extras/image-generators/{aws → AWS}/rhel7.yaml +0 -0
  83. data/extras/image-generators/{aws → AWS}/win2k12.yaml +0 -0
  84. data/extras/image-generators/{aws → AWS}/win2k16.yaml +0 -0
  85. data/extras/image-generators/{aws → AWS}/windows.yaml +0 -0
  86. data/extras/image-generators/{gcp → Google}/centos6.yaml +1 -0
  87. data/extras/image-generators/Google/centos7.yaml +18 -0
  88. data/extras/python_rpm/build.sh +0 -0
  89. data/extras/release.png +0 -0
  90. data/extras/ruby_rpm/build.sh +0 -0
  91. data/extras/ruby_rpm/muby.spec +1 -1
  92. data/install/README.md +43 -5
  93. data/install/deprecated-bash-library.sh +0 -0
  94. data/install/installer +1 -1
  95. data/install/jenkinskeys.rb +0 -0
  96. data/install/mu-master.yaml +55 -0
  97. data/modules/mommacat.ru +41 -7
  98. data/modules/mu.rb +444 -149
  99. data/modules/mu/adoption.rb +500 -0
  100. data/modules/mu/cleanup.rb +235 -158
  101. data/modules/mu/cloud.rb +675 -138
  102. data/modules/mu/clouds/aws.rb +156 -24
  103. data/modules/mu/clouds/aws/alarm.rb +4 -14
  104. data/modules/mu/clouds/aws/bucket.rb +60 -18
  105. data/modules/mu/clouds/aws/cache_cluster.rb +8 -20
  106. data/modules/mu/clouds/aws/collection.rb +12 -22
  107. data/modules/mu/clouds/aws/container_cluster.rb +209 -118
  108. data/modules/mu/clouds/aws/database.rb +120 -45
  109. data/modules/mu/clouds/aws/dnszone.rb +7 -18
  110. data/modules/mu/clouds/aws/endpoint.rb +5 -15
  111. data/modules/mu/clouds/aws/firewall_rule.rb +144 -72
  112. data/modules/mu/clouds/aws/folder.rb +4 -11
  113. data/modules/mu/clouds/aws/function.rb +6 -16
  114. data/modules/mu/clouds/aws/group.rb +4 -12
  115. data/modules/mu/clouds/aws/habitat.rb +11 -13
  116. data/modules/mu/clouds/aws/loadbalancer.rb +40 -28
  117. data/modules/mu/clouds/aws/log.rb +5 -13
  118. data/modules/mu/clouds/aws/msg_queue.rb +9 -24
  119. data/modules/mu/clouds/aws/nosqldb.rb +4 -12
  120. data/modules/mu/clouds/aws/notifier.rb +6 -13
  121. data/modules/mu/clouds/aws/role.rb +69 -40
  122. data/modules/mu/clouds/aws/search_domain.rb +17 -20
  123. data/modules/mu/clouds/aws/server.rb +184 -94
  124. data/modules/mu/clouds/aws/server_pool.rb +33 -38
  125. data/modules/mu/clouds/aws/storage_pool.rb +5 -12
  126. data/modules/mu/clouds/aws/user.rb +59 -33
  127. data/modules/mu/clouds/aws/userdata/linux.erb +18 -30
  128. data/modules/mu/clouds/aws/userdata/windows.erb +9 -9
  129. data/modules/mu/clouds/aws/vpc.rb +214 -145
  130. data/modules/mu/clouds/azure.rb +978 -44
  131. data/modules/mu/clouds/azure/container_cluster.rb +413 -0
  132. data/modules/mu/clouds/azure/firewall_rule.rb +500 -0
  133. data/modules/mu/clouds/azure/habitat.rb +167 -0
  134. data/modules/mu/clouds/azure/loadbalancer.rb +205 -0
  135. data/modules/mu/clouds/azure/role.rb +211 -0
  136. data/modules/mu/clouds/azure/server.rb +810 -0
  137. data/modules/mu/clouds/azure/user.rb +257 -0
  138. data/modules/mu/clouds/azure/userdata/README.md +4 -0
  139. data/modules/mu/clouds/azure/userdata/linux.erb +137 -0
  140. data/modules/mu/clouds/azure/userdata/windows.erb +275 -0
  141. data/modules/mu/clouds/azure/vpc.rb +782 -0
  142. data/modules/mu/clouds/cloudformation.rb +12 -9
  143. data/modules/mu/clouds/cloudformation/firewall_rule.rb +5 -13
  144. data/modules/mu/clouds/cloudformation/server.rb +10 -1
  145. data/modules/mu/clouds/cloudformation/server_pool.rb +1 -0
  146. data/modules/mu/clouds/cloudformation/vpc.rb +0 -2
  147. data/modules/mu/clouds/google.rb +554 -117
  148. data/modules/mu/clouds/google/bucket.rb +173 -32
  149. data/modules/mu/clouds/google/container_cluster.rb +1112 -157
  150. data/modules/mu/clouds/google/database.rb +24 -47
  151. data/modules/mu/clouds/google/firewall_rule.rb +344 -89
  152. data/modules/mu/clouds/google/folder.rb +156 -79
  153. data/modules/mu/clouds/google/group.rb +272 -82
  154. data/modules/mu/clouds/google/habitat.rb +177 -52
  155. data/modules/mu/clouds/google/loadbalancer.rb +9 -34
  156. data/modules/mu/clouds/google/role.rb +1211 -0
  157. data/modules/mu/clouds/google/server.rb +491 -227
  158. data/modules/mu/clouds/google/server_pool.rb +233 -48
  159. data/modules/mu/clouds/google/user.rb +479 -125
  160. data/modules/mu/clouds/google/userdata/linux.erb +3 -3
  161. data/modules/mu/clouds/google/userdata/windows.erb +9 -9
  162. data/modules/mu/clouds/google/vpc.rb +381 -223
  163. data/modules/mu/config.rb +689 -214
  164. data/modules/mu/config/bucket.rb +1 -1
  165. data/modules/mu/config/cache_cluster.rb +1 -1
  166. data/modules/mu/config/cache_cluster.yml +0 -4
  167. data/modules/mu/config/container_cluster.rb +18 -9
  168. data/modules/mu/config/database.rb +6 -23
  169. data/modules/mu/config/firewall_rule.rb +9 -15
  170. data/modules/mu/config/folder.rb +22 -21
  171. data/modules/mu/config/habitat.rb +22 -21
  172. data/modules/mu/config/loadbalancer.rb +2 -2
  173. data/modules/mu/config/role.rb +9 -40
  174. data/modules/mu/config/server.rb +26 -5
  175. data/modules/mu/config/server_pool.rb +1 -1
  176. data/modules/mu/config/storage_pool.rb +2 -2
  177. data/modules/mu/config/user.rb +4 -0
  178. data/modules/mu/config/vpc.rb +350 -110
  179. data/modules/mu/defaults/{amazon_images.yaml → AWS.yaml} +37 -39
  180. data/modules/mu/defaults/Azure.yaml +17 -0
  181. data/modules/mu/defaults/Google.yaml +24 -0
  182. data/modules/mu/defaults/README.md +1 -1
  183. data/modules/mu/deploy.rb +168 -125
  184. data/modules/mu/groomer.rb +2 -1
  185. data/modules/mu/groomers/ansible.rb +104 -32
  186. data/modules/mu/groomers/chef.rb +96 -44
  187. data/modules/mu/kittens.rb +20602 -0
  188. data/modules/mu/logger.rb +38 -11
  189. data/modules/mu/master.rb +90 -8
  190. data/modules/mu/master/chef.rb +2 -3
  191. data/modules/mu/master/ldap.rb +0 -1
  192. data/modules/mu/master/ssl.rb +250 -0
  193. data/modules/mu/mommacat.rb +917 -513
  194. data/modules/scratchpad.erb +1 -1
  195. data/modules/tests/super_complex_bok.yml +0 -0
  196. data/modules/tests/super_simple_bok.yml +0 -0
  197. data/roles/mu-master.json +2 -1
  198. data/spec/azure_creds +5 -0
  199. data/spec/mu.yaml +56 -0
  200. data/spec/mu/clouds/azure_spec.rb +164 -27
  201. data/spec/spec_helper.rb +5 -0
  202. data/test/clean_up.py +0 -0
  203. data/test/exec_inspec.py +0 -0
  204. data/test/exec_mu_install.py +0 -0
  205. data/test/exec_retry.py +0 -0
  206. data/test/smoke_test.rb +0 -0
  207. metadata +90 -118
  208. data/cookbooks/mu-jenkins/Berksfile +0 -14
  209. data/cookbooks/mu-jenkins/CHANGELOG.md +0 -13
  210. data/cookbooks/mu-jenkins/LICENSE +0 -37
  211. data/cookbooks/mu-jenkins/README.md +0 -105
  212. data/cookbooks/mu-jenkins/attributes/default.rb +0 -42
  213. data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +0 -73
  214. data/cookbooks/mu-jenkins/files/default/deploy_config.xml +0 -44
  215. data/cookbooks/mu-jenkins/metadata.rb +0 -21
  216. data/cookbooks/mu-jenkins/recipes/default.rb +0 -195
  217. data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +0 -54
  218. data/cookbooks/mu-jenkins/recipes/public_key.rb +0 -24
  219. data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +0 -24
  220. data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +0 -14
  221. data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +0 -6
  222. data/cookbooks/nagios/Berksfile +0 -11
  223. data/cookbooks/nagios/CHANGELOG.md +0 -589
  224. data/cookbooks/nagios/CONTRIBUTING.md +0 -11
  225. data/cookbooks/nagios/LICENSE +0 -37
  226. data/cookbooks/nagios/README.md +0 -328
  227. data/cookbooks/nagios/TESTING.md +0 -2
  228. data/cookbooks/nagios/attributes/config.rb +0 -171
  229. data/cookbooks/nagios/attributes/default.rb +0 -228
  230. data/cookbooks/nagios/chefignore +0 -102
  231. data/cookbooks/nagios/definitions/command.rb +0 -33
  232. data/cookbooks/nagios/definitions/contact.rb +0 -33
  233. data/cookbooks/nagios/definitions/contactgroup.rb +0 -33
  234. data/cookbooks/nagios/definitions/host.rb +0 -33
  235. data/cookbooks/nagios/definitions/hostdependency.rb +0 -33
  236. data/cookbooks/nagios/definitions/hostescalation.rb +0 -34
  237. data/cookbooks/nagios/definitions/hostgroup.rb +0 -33
  238. data/cookbooks/nagios/definitions/nagios_conf.rb +0 -38
  239. data/cookbooks/nagios/definitions/resource.rb +0 -33
  240. data/cookbooks/nagios/definitions/service.rb +0 -33
  241. data/cookbooks/nagios/definitions/servicedependency.rb +0 -33
  242. data/cookbooks/nagios/definitions/serviceescalation.rb +0 -34
  243. data/cookbooks/nagios/definitions/servicegroup.rb +0 -33
  244. data/cookbooks/nagios/definitions/timeperiod.rb +0 -33
  245. data/cookbooks/nagios/libraries/base.rb +0 -314
  246. data/cookbooks/nagios/libraries/command.rb +0 -91
  247. data/cookbooks/nagios/libraries/contact.rb +0 -230
  248. data/cookbooks/nagios/libraries/contactgroup.rb +0 -112
  249. data/cookbooks/nagios/libraries/custom_option.rb +0 -36
  250. data/cookbooks/nagios/libraries/data_bag_helper.rb +0 -23
  251. data/cookbooks/nagios/libraries/default.rb +0 -90
  252. data/cookbooks/nagios/libraries/host.rb +0 -412
  253. data/cookbooks/nagios/libraries/hostdependency.rb +0 -181
  254. data/cookbooks/nagios/libraries/hostescalation.rb +0 -173
  255. data/cookbooks/nagios/libraries/hostgroup.rb +0 -119
  256. data/cookbooks/nagios/libraries/nagios.rb +0 -282
  257. data/cookbooks/nagios/libraries/resource.rb +0 -59
  258. data/cookbooks/nagios/libraries/service.rb +0 -455
  259. data/cookbooks/nagios/libraries/servicedependency.rb +0 -215
  260. data/cookbooks/nagios/libraries/serviceescalation.rb +0 -195
  261. data/cookbooks/nagios/libraries/servicegroup.rb +0 -144
  262. data/cookbooks/nagios/libraries/timeperiod.rb +0 -160
  263. data/cookbooks/nagios/libraries/users_helper.rb +0 -54
  264. data/cookbooks/nagios/metadata.rb +0 -25
  265. data/cookbooks/nagios/recipes/_load_databag_config.rb +0 -153
  266. data/cookbooks/nagios/recipes/_load_default_config.rb +0 -241
  267. data/cookbooks/nagios/recipes/apache.rb +0 -48
  268. data/cookbooks/nagios/recipes/default.rb +0 -204
  269. data/cookbooks/nagios/recipes/nginx.rb +0 -82
  270. data/cookbooks/nagios/recipes/pagerduty.rb +0 -143
  271. data/cookbooks/nagios/recipes/server_package.rb +0 -40
  272. data/cookbooks/nagios/recipes/server_source.rb +0 -164
  273. data/cookbooks/nagios/templates/default/apache2.conf.erb +0 -96
  274. data/cookbooks/nagios/templates/default/cgi.cfg.erb +0 -266
  275. data/cookbooks/nagios/templates/default/commands.cfg.erb +0 -13
  276. data/cookbooks/nagios/templates/default/contacts.cfg.erb +0 -37
  277. data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +0 -25
  278. data/cookbooks/nagios/templates/default/hosts.cfg.erb +0 -15
  279. data/cookbooks/nagios/templates/default/htpasswd.users.erb +0 -6
  280. data/cookbooks/nagios/templates/default/nagios.cfg.erb +0 -22
  281. data/cookbooks/nagios/templates/default/nginx.conf.erb +0 -62
  282. data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +0 -185
  283. data/cookbooks/nagios/templates/default/resource.cfg.erb +0 -27
  284. data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +0 -15
  285. data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +0 -14
  286. data/cookbooks/nagios/templates/default/services.cfg.erb +0 -14
  287. data/cookbooks/nagios/templates/default/templates.cfg.erb +0 -31
  288. data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +0 -13
  289. data/extras/image-generators/aws/centos6.yaml +0 -18
  290. data/modules/mu/defaults/google_images.yaml +0 -16
  291. data/roles/mu-master-jenkins.json +0 -24
@@ -18,25 +18,11 @@ module MU
18
18
  # A server pool as configured in {MU::Config::BasketofKittens::server_pools}
19
19
  class ServerPool < MU::Cloud::ServerPool
20
20
 
21
- @deploy = nil
22
- @config = nil
23
- attr_reader :mu_name
24
- attr_reader :cloud_id
25
- attr_reader :config
26
-
27
- # @param mommacat [MU::MommaCat]: A {MU::Mommacat} object containing the deploy of which this resource is/will be a member.
28
- # @param kitten_cfg [Hash]: The fully parsed and resolved {MU::Config} resource descriptor as defined in {MU::Config::BasketofKittens::server_pools}
29
- def initialize(mommacat: nil, kitten_cfg: nil, mu_name: nil, cloud_id: nil)
30
- @deploy = mommacat
31
- @config = MU::Config.manxify(kitten_cfg)
32
- @cloud_id ||= cloud_id
33
- if !mu_name.nil?
34
- @mu_name = mu_name
35
- elsif @config['scrub_mu_isms']
36
- @mu_name = @config['name']
37
- else
38
- @mu_name = @deploy.getResourceName(@config['name'])
39
- end
21
+ # Initialize this cloud resource object. Calling +super+ will invoke the initializer defined under {MU::Cloud}, which should set the attribtues listed in {MU::Cloud::PUBLIC_ATTRS} as well as applicable dependency shortcuts, like +@vpc+, for us.
22
+ # @param args [Hash]: Hash of named arguments passed via Ruby's double-splat
23
+ def initialize(**args)
24
+ super
25
+ @mu_name ||= @deploy.getResourceName(@config['name'])
40
26
  end
41
27
 
42
28
  # Called automatically by {MU::Deploy#createResources}
@@ -148,8 +134,6 @@ module MU
148
134
  setScaleInProtection(need_instances)
149
135
  end
150
136
 
151
- MU.log "See /var/log/mu-momma-cat.log for asynchronous bootstrap progress.", MU::NOTICE
152
-
153
137
  return asg
154
138
  end
155
139
 
@@ -476,6 +460,8 @@ module MU
476
460
  # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
477
461
  def self.schema(config)
478
462
  toplevel_required = []
463
+
464
+ term_policies = MU::Cloud::AWS.credConfig ? MU::Cloud::AWS.autoscale.describe_termination_policy_types.termination_policy_types : ["AllocationStrategy", "ClosestToNextInstanceHour", "Default", "NewestInstance", "OldestInstance", "OldestLaunchConfiguration", "OldestLaunchTemplate"]
479
465
 
480
466
  schema = {
481
467
  "role_strip_path" => {
@@ -586,7 +572,7 @@ module MU
586
572
  "items" => {
587
573
  "type" => "String",
588
574
  "default" => "Default",
589
- "enum" => MU::Cloud::AWS.autoscale.describe_termination_policy_types.termination_policy_types
575
+ "enum" => term_policies
590
576
  }
591
577
  },
592
578
  "scaling_policies" => {
@@ -839,10 +825,11 @@ module MU
839
825
  ok = false
840
826
  end
841
827
  else
842
- s3_objs = ['arn:'+(MU::Cloud::AWS.isGovCloud?(pool['region']) ? "aws-us-gov" : "aws")+':s3:::'+MU.adminBucketName+'/Mu_CA.pem']
828
+ s3_objs = ['arn:'+(MU::Cloud::AWS.isGovCloud?(pool['region']) ? "aws-us-gov" : "aws")+':s3:::'+MU::Cloud::AWS.adminBucketName(pool['credentials'])+'/Mu_CA.pem']
843
829
 
844
830
  role = {
845
831
  "name" => pool["name"],
832
+ "cloud" => "AWS",
846
833
  "strip_path" => pool["role_strip_path"],
847
834
  "can_assume" => [
848
835
  {
@@ -878,9 +865,9 @@ module MU
878
865
  end
879
866
  launch["ami_id"] ||= launch["image_id"]
880
867
  if launch["server"].nil? and launch["instance_id"].nil? and launch["ami_id"].nil?
881
- if MU::Config.amazon_images.has_key?(pool['platform']) and
882
- MU::Config.amazon_images[pool['platform']].has_key?(pool['region'])
883
- launch['ami_id'] = configurator.getTail("pool"+pool['name']+"AMI", value: MU::Config.amazon_images[pool['platform']][pool['region']], prettyname: "pool"+pool['name']+"AMI", cloudtype: "AWS::EC2::Image::Id")
868
+ img_id = MU::Cloud.getStockImage("AWS", platform: pool['platform'], region: pool['region'])
869
+ if img_id
870
+ launch['ami_id'] = configurator.getTail("pool"+pool['name']+"AMI", value: img_id, prettyname: "pool"+pool['name']+"AMI", cloudtype: "AWS::EC2::Image::Id")
884
871
 
885
872
  else
886
873
  ok = false
@@ -961,6 +948,7 @@ module MU
961
948
  if policy["alarms"] && !policy["alarms"].empty?
962
949
  policy["alarms"].each { |alarm|
963
950
  alarm["name"] = "scaling-policy-#{pool["name"]}-#{alarm["name"]}"
951
+ alarm["cloud"] = "AWS",
964
952
  alarm['dimensions'] = [] if !alarm['dimensions']
965
953
  alarm['dimensions'] << { "name" => pool["name"], "cloud_class" => "AutoScalingGroupName" }
966
954
  alarm["namespace"] = "AWS/EC2" if alarm["namespace"].nil?
@@ -1086,8 +1074,9 @@ module MU
1086
1074
  @config['basis']['launch_config']["ami_id"] = MU::Cloud::AWS::Server.createImage(
1087
1075
  name: @mu_name,
1088
1076
  instance_id: @config['basis']['launch_config']["instance_id"],
1089
- credentials: @config['credentials']
1090
- )
1077
+ credentials: @config['credentials'],
1078
+ region: @config['region']
1079
+ )[@config['region']]
1091
1080
  end
1092
1081
  MU::Cloud::AWS::Server.waitForAMI(@config['basis']['launch_config']["ami_id"], credentials: @config['credentials'])
1093
1082
 
@@ -1097,13 +1086,17 @@ module MU
1097
1086
 
1098
1087
  userdata = MU::Cloud.fetchUserdata(
1099
1088
  platform: @config["platform"],
1100
- cloud: "aws",
1089
+ cloud: "AWS",
1090
+ credentials: @config['credentials'],
1101
1091
  template_variables: {
1102
1092
  "deployKey" => Base64.urlsafe_encode64(@deploy.public_key),
1103
1093
  "deploySSHKey" => @deploy.ssh_public_key,
1104
1094
  "muID" => @deploy.deploy_id,
1105
1095
  "muUser" => MU.chef_user,
1106
1096
  "publicIP" => MU.mu_public_ip,
1097
+ "mommaCatPort" => MU.mommaCatPort,
1098
+ "chefVersion" => MU.chefVersion,
1099
+ "adminBucketName" => MU::Cloud::AWS.adminBucketName(@credentials),
1107
1100
  "windowsAdminName" => @config['windows_admin_username'],
1108
1101
  "skipApplyUpdates" => @config['skipinitialupdates'],
1109
1102
  "resourceName" => @config["name"],
@@ -1149,19 +1142,21 @@ module MU
1149
1142
 
1150
1143
  if @config['basis']['launch_config']['generate_iam_role']
1151
1144
  role = @deploy.findLitterMate(name: @config['name'], type: "roles")
1152
- s3_objs = ["#{@deploy.deploy_id}-secret", "#{role.mu_name}.pfx", "#{role.mu_name}.crt", "#{role.mu_name}.key", "#{role.mu_name}-winrm.crt", "#{role.mu_name}-winrm.key"].map { |file|
1153
- 'arn:'+(MU::Cloud::AWS.isGovCloud?(@config['region']) ? "aws-us-gov" : "aws")+':s3:::'+MU.adminBucketName+'/'+file
1154
- }
1155
- role.cloudobj.injectPolicyTargets("MuSecrets", s3_objs)
1145
+ if role
1146
+ s3_objs = ["#{@deploy.deploy_id}-secret", "#{role.mu_name}.pfx", "#{role.mu_name}.crt", "#{role.mu_name}.key", "#{role.mu_name}-winrm.crt", "#{role.mu_name}-winrm.key"].map { |file|
1147
+ 'arn:'+(MU::Cloud::AWS.isGovCloud?(@config['region']) ? "aws-us-gov" : "aws")+':s3:::'+MU::Cloud::AWS.adminBucketName(@credentials)+'/'+file
1148
+ }
1149
+ role.cloudobj.injectPolicyTargets("MuSecrets", s3_objs)
1150
+ end
1156
1151
  end
1157
1152
 
1158
1153
  if !oldlaunch.nil?
1159
1154
  olduserdata = Base64.decode64(oldlaunch.user_data)
1160
- if userdata != olduserdata or
1161
- oldlaunch.image_id != @config["basis"]["launch_config"]["ami_id"] or
1162
- oldlaunch.ebs_optimized != @config["basis"]["launch_config"]["ebs_optimized"] or
1163
- oldlaunch.instance_type != @config["basis"]["launch_config"]["size"] or
1164
- oldlaunch.instance_monitoring.enabled != @config["basis"]["launch_config"]["monitoring"]
1155
+ if userdata == olduserdata and
1156
+ oldlaunch.image_id == @config["basis"]["launch_config"]["ami_id"] and
1157
+ oldlaunch.ebs_optimized == @config["basis"]["launch_config"]["ebs_optimized"] and
1158
+ oldlaunch.instance_type == @config["basis"]["launch_config"]["size"] and
1159
+ oldlaunch.instance_monitoring.enabled == @config["basis"]["launch_config"]["monitoring"]
1165
1160
  # XXX check more things
1166
1161
  # launch.block_device_mappings != storage
1167
1162
  # XXX block device comparison isn't this simple
@@ -17,18 +17,11 @@ module MU
17
17
  class AWS
18
18
  # A storage pool as configured in {MU::Config::BasketofKittens::storage_pools}
19
19
  class StoragePool < MU::Cloud::StoragePool
20
- @deploy = nil
21
- @config = nil
22
- attr_reader :mu_name
23
- attr_reader :cloud_id
24
- attr_reader :config
25
-
26
- # @param mommacat [MU::MommaCat]: A {MU::Mommacat} object containing the deploy of which this resource is/will be a member.
27
- # @param kitten_cfg [Hash]: The fully parsed and resolved {MU::Config} resource descriptor as defined in {MU::Config::BasketofKittens::storage_pools}
28
- def initialize(mommacat: nil, kitten_cfg: nil, mu_name: nil, cloud_id: nil)
29
- @deploy = mommacat
30
- @config = MU::Config.manxify(kitten_cfg)
31
- @cloud_id ||= cloud_id
20
+
21
+ # Initialize this cloud resource object. Calling +super+ will invoke the initializer defined under {MU::Cloud}, which should set the attribtues listed in {MU::Cloud::PUBLIC_ATTRS} as well as applicable dependency shortcuts, like +@vpc+, for us.
22
+ # @param args [Hash]: Hash of named arguments passed via Ruby's double-splat
23
+ def initialize(**args)
24
+ super
32
25
  @mu_name ||= @deploy.getResourceName(@config['name'])
33
26
  end
34
27
 
@@ -17,18 +17,11 @@ module MU
17
17
  class AWS
18
18
  # A user as configured in {MU::Config::BasketofKittens::users}
19
19
  class User < MU::Cloud::User
20
- @deploy = nil
21
- @config = nil
22
- attr_reader :mu_name
23
- attr_reader :config
24
- attr_reader :cloud_id
25
-
26
- # @param mommacat [MU::MommaCat]: A {MU::Mommacat} object containing the deploy of which this resource is/will be a member.
27
- # @param kitten_cfg [Hash]: The fully parsed and resolved {MU::Config} resource descriptor as defined in {MU::Config::BasketofKittens::users}
28
- def initialize(mommacat: nil, kitten_cfg: nil, mu_name: nil, cloud_id: nil)
29
- @deploy = mommacat
30
- @config = MU::Config.manxify(kitten_cfg)
31
- @cloud_id ||= cloud_id
20
+
21
+ # Initialize this cloud resource object. Calling +super+ will invoke the initializer defined under {MU::Cloud}, which should set the attribtues listed in {MU::Cloud::PUBLIC_ATTRS} as well as applicable dependency shortcuts, like +@vpc+, for us.
22
+ # @param args [Hash]: Hash of named arguments passed via Ruby's double-splat
23
+ def initialize(**args)
24
+ super
32
25
  @mu_name ||= if @config['unique_name']
33
26
  @deploy.getResourceName(@config["name"])
34
27
  else
@@ -157,30 +150,63 @@ module MU
157
150
  resp.policies.each { |policy|
158
151
  MU.log "Deleting policy /#{MU.deploy_id}/#{policy.policy_name}"
159
152
  if !noop
160
- attachments = MU::Cloud::AWS.iam(credentials: credentials).list_entities_for_policy(
161
- policy_arn: policy.arn
162
- )
163
- attachments.policy_users.each { |u|
164
- MU::Cloud::AWS.iam(credentials: credentials).detach_user_policy(
165
- user_name: u.user_name,
166
- policy_arn: policy.arn
167
- )
168
- }
169
- attachments.policy_groups.each { |g|
170
- MU::Cloud::AWS.iam(credentials: credentials).detach_role_policy(
171
- group_name: g.group_name,
153
+ attachments = begin
154
+ MU::Cloud::AWS.iam(credentials: credentials).list_entities_for_policy(
172
155
  policy_arn: policy.arn
173
156
  )
174
- }
175
- attachments.policy_roles.each { |r|
176
- MU::Cloud::AWS.iam(credentials: credentials).detach_role_policy(
177
- role_name: r.role_name,
157
+ rescue ::Aws::IAM::Errors::NoSuchEntity
158
+ end
159
+ if attachments
160
+ begin
161
+ attachments.policy_users.each { |u|
162
+ MU::Cloud::AWS.iam(credentials: credentials).detach_user_policy(
163
+ user_name: u.user_name,
164
+ policy_arn: policy.arn
165
+ )
166
+ }
167
+ rescue ::Aws::IAM::Errors::NoSuchEntity
168
+ end
169
+ begin
170
+ attachments.policy_groups.each { |g|
171
+ MU::Cloud::AWS.iam(credentials: credentials).detach_role_policy(
172
+ group_name: g.group_name,
173
+ policy_arn: policy.arn
174
+ )
175
+ }
176
+ rescue ::Aws::IAM::Errors::NoSuchEntity
177
+ end
178
+ begin
179
+ attachments.policy_roles.each { |r|
180
+ MU::Cloud::AWS.iam(credentials: credentials).detach_role_policy(
181
+ role_name: r.role_name,
182
+ policy_arn: policy.arn
183
+ )
184
+ }
185
+ rescue ::Aws::IAM::Errors::NoSuchEntity
186
+ end
187
+ end
188
+
189
+ begin
190
+ MU::Cloud::AWS.iam(credentials: credentials).delete_policy(
178
191
  policy_arn: policy.arn
179
192
  )
180
- }
181
- MU::Cloud::AWS.iam(credentials: credentials).delete_policy(
182
- policy_arn: policy.arn
183
- )
193
+ rescue ::Aws::IAM::Errors::DeleteConflict
194
+ versions = MU::Cloud::AWS.iam(credentials: credentials).list_policy_versions(
195
+ policy_arn: policy.arn,
196
+ ).versions
197
+ versions.each { |v|
198
+ next if v.is_default_version
199
+ begin
200
+ MU::Cloud::AWS.iam(credentials: credentials).delete_policy_version(
201
+ policy_arn: policy.arn,
202
+ version_id: v.version_id
203
+ )
204
+ rescue ::Aws::IAM::Errors::NoSuchEntity
205
+ end
206
+ }
207
+ retry
208
+ rescue ::Aws::IAM::Errors::NoSuchEntity
209
+ end
184
210
  end
185
211
  }
186
212
  end
@@ -282,7 +308,7 @@ module MU
282
308
  schema = {
283
309
  "name" => {
284
310
  "type" => "string",
285
- "description" => "A plain IAM user. If the user already exists, we will operate on that existing user. Otherwise, we will attempt to create a new user."
311
+ "description" => "A plain IAM user. If the user already exists, we will operate on that existing user. Otherwise, we will attempt to create a new user. AWS IAM does not distinguish between human user accounts and machine accounts."
286
312
  },
287
313
  "path" => {
288
314
  "type" => "string",
@@ -14,7 +14,6 @@
14
14
  # limitations under the License.
15
15
 
16
16
  updates_run=0
17
- need_reboot=0
18
17
  instance_id="`curl http://169.254.169.254/latest/meta-data/instance-id`"
19
18
  region="`curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone | sed 's/[a-z]$//'`"
20
19
 
@@ -35,27 +34,25 @@ if ping -c 5 8.8.8.8 > /dev/null; then
35
34
  if [ ! -f /usr/bin/curl ] ;then /usr/bin/apt-get --fix-missing -y install curl;fi
36
35
  AWSCLI=/usr/local/bin/aws
37
36
  <% if !$mu.skipApplyUpdates %>
37
+ set +e
38
38
  if [ ! -f /.mu-installer-ran-updates ];then
39
39
  service ssh stop
40
40
  apt-get --fix-missing -y upgrade
41
+ touch /.mu-installer-ran-updates
41
42
  if [ $? -eq 0 ]
42
43
  then
43
44
  echo "Successfully updated packages"
44
45
  updates_run=1
46
+ # XXX this logic works on Ubuntu, is it Debian-friendly?
47
+ latest_kernel="`ls -1 /boot/vmlinuz-* | sed -r 's/^\/boot\/vmlinuz-//' | tail -1`"
48
+ running_kernel="`uname -r`"
49
+ if [ "$running_kernel" != "$latest_kernel" -a "$latest_kernel" != "" ];then
50
+ shutdown -r now "Applying new kernel"
51
+ fi
45
52
  else
46
53
  echo "FAILED PACKAGE UPDATE" >&2
47
54
  fi
48
- # Proceed regardless
49
- touch /.mu-installer-ran-updates
50
-
51
- # XXX this logic works on Ubuntu, is it Debian-friendly?
52
- latest_kernel="`ls -1 /boot/vmlinuz-* | sed -r 's/^\/boot\/vmlinuz-//' | tail -1`"
53
- running_kernel="`uname -r`"
54
- if [ "$running_kernel" != "$latest_kernel" -a "$latest_kernel" != "" ];then
55
- need_reboot=1
56
- else
57
- service ssh start
58
- fi
55
+ service ssh start
59
56
  fi
60
57
  <% end %>
61
58
  elif [ -x /usr/bin/yum ];then
@@ -89,24 +86,23 @@ if ping -c 5 8.8.8.8 > /dev/null; then
89
86
  /bin/rpm -ivh http://mirror.metrocast.net/fedora/epel/epel-release-latest-$version.noarch.rpm
90
87
  fi
91
88
  <% if !$mu.skipApplyUpdates %>
89
+ set +e
92
90
  if [ ! -f /.mu-installer-ran-updates ];then
93
91
  service sshd stop
94
92
  kernel_update=`yum list updates | grep kernel`
95
93
  yum -y update
94
+ touch /.mu-installer-ran-updates
96
95
  if [ $? -eq 0 ]
97
96
  then
98
97
  echo "Successfully updated packages"
99
98
  updates_run=1
99
+ if [ -n "$kernel_update" ]; then
100
+ shutdown -r now "Applying new kernel"
101
+ fi
100
102
  else
101
103
  echo "FAILED PACKAGE UPDATE" >&2
102
104
  fi
103
- # Proceed regardless
104
- touch /.mu-installer-ran-updates
105
- if [ -n "$kernel_update" ]; then
106
- need_reboot=1
107
- else
108
- service sshd start
109
- fi
105
+ service sshd start
110
106
  fi
111
107
  <% end %>
112
108
  fi
@@ -143,27 +139,19 @@ fi
143
139
 
144
140
  umask 0077
145
141
 
146
- # Install Chef now, because why not?
147
142
  if [ ! -f /opt/chef/embedded/bin/ruby ];then
148
143
  curl https://www.chef.io/chef/install.sh > chef-install.sh
149
144
  set +e
150
145
  # We may run afoul of a synchronous bootstrap process doing the same thing. So
151
146
  # wait until we've managed to run successfully.
152
- while ! sh chef-install.sh -v <%= MU.chefVersion %>;do
147
+ while ! sh chef-install.sh -v <%= $mu.chefVersion %>;do
153
148
  sleep 10
154
149
  done
155
150
  touch /opt/mu_installed_chef
156
- set -e
157
- fi
158
-
159
- <% if !$mu.skipApplyUpdates %>
160
- if [ "$need_reboot" == "1" ];then
161
- shutdown -r now "Applying new kernel"
162
151
  fi
163
- <% end %>
164
152
 
165
153
  if [ "$AWSCLI" != "" ];then
166
- $AWSCLI --region="$region" s3 cp s3://<%= MU.adminBucketName %>/<%= $mu.muID %>-secret .
154
+ $AWSCLI --region="$region" s3 cp s3://<%= $mu.adminBucketName %>/<%= $mu.muID %>-secret .
167
155
  fi
168
156
 
169
157
  echo '
@@ -181,6 +169,6 @@ if ! ( netstat -na | grep LISTEN | grep ':22 ' );then
181
169
  service sshd start
182
170
  fi
183
171
 
184
- /usr/bin/curl -k --data mu_id="<%= $mu.muID %>" --data mu_resource_name="<%= $mu.resourceName %>" --data mu_resource_type="<%= $mu.resourceType %>" --data mu_instance_id="$instance_id" --data mu_bootstrap="1" --data mu_user="<%= $mu.muUser %>" --data mu_deploy_secret="`/opt/chef/embedded/bin/ruby encrypt_deploy_secret.rb`" https://<%= $mu.publicIP %>:2260/
172
+ /usr/bin/curl -k --data mu_id="<%= $mu.muID %>" --data mu_resource_name="<%= $mu.resourceName %>" --data mu_resource_type="<%= $mu.resourceType %>" --data mu_instance_id="$instance_id" --data mu_bootstrap="1" --data mu_user="<%= $mu.muUser %>" --data mu_deploy_secret="`/opt/chef/embedded/bin/ruby encrypt_deploy_secret.rb`" https://<%= $mu.publicIP %>:<%= $mu.mommaCatPort %>/
185
173
  /bin/rm -f <%= $mu.muID %>-secret mu_deploy_key.pub chef-install.sh encrypt_deploy_secret.rb
186
174
  touch /.mu_userdata_complete
@@ -23,8 +23,8 @@ function log
23
23
  }
24
24
 
25
25
  function fetchSecret([string]$file){
26
- log "Fetching s3://<%= MU.adminBucketName %>/$file to $tmp/$file"
27
- aws.cmd --region $region s3 cp s3://<%= MU.adminBucketName %>/$file $tmp/$file
26
+ log "Fetching s3://<%= $mu.adminBucketName %>/$file to $tmp/$file"
27
+ aws.cmd --region $region s3 cp s3://<%= $mu.adminBucketName %>/$file $tmp/$file
28
28
  }
29
29
 
30
30
  function importCert([string]$cert, [string]$store){
@@ -113,7 +113,7 @@ function removeChef($location){
113
113
  $install_chef = $false
114
114
  $my_chef = (Get-ItemProperty $location | Where-Object {$_.DisplayName -like "chef client*"}).DisplayName
115
115
  if ($my_chef) {
116
- if ($my_chef -match '<%= MU.chefVersion %>'.split('-')[0]) {
116
+ if ($my_chef -match '<%= $mu.chefVersion %>'.split('-')[0]) {
117
117
  $install_chef = $false
118
118
  } else{
119
119
  log "Uninstalling Chef"
@@ -143,13 +143,13 @@ If (!(Test-Path "c:\opscode\chef\embedded\bin\ruby.exe")){
143
143
  }
144
144
 
145
145
  If ($install_chef){
146
- log "Installing Chef <%= MU.chefVersion %>"
147
- If (!(Test-Path $env:Temp/chef-installer-<%= MU.chefVersion %>.msi)){
146
+ log "Installing Chef <%= $mu.chefVersion %>"
147
+ If (!(Test-Path $env:Temp/chef-installer-<%= $mu.chefVersion %>.msi)){
148
148
  log "Downloading Chef installer"
149
- $WebClient.DownloadFile("https://www.chef.io/chef/download?p=windows&pv=2012&m=x86_64&v=<%= MU.chefVersion %>","$env:Temp/chef-installer-<%= MU.chefVersion %>.msi")
149
+ $WebClient.DownloadFile("https://www.chef.io/chef/download?p=windows&pv=2012&m=x86_64&v=<%= $mu.chefVersion %>","$env:Temp/chef-installer-<%= $mu.chefVersion %>.msi")
150
150
  }
151
151
  log "Running Chef installer"
152
- (Start-Process -FilePath msiexec -ArgumentList "/i $env:Temp\chef-installer-<%= MU.chefVersion %>.msi ALLUSERS=1 /le $env:Temp\chef-client-install.log /qn" -Wait -Passthru).ExitCode
152
+ (Start-Process -FilePath msiexec -ArgumentList "/i $env:Temp\chef-installer-<%= $mu.chefVersion %>.msi ALLUSERS=1 /le $env:Temp\chef-client-install.log /qn" -Wait -Passthru).ExitCode
153
153
  Set-Content "c:/mu_installed_chef" "yup"
154
154
  }
155
155
 
@@ -163,9 +163,9 @@ $deploy_secret = & "c:\opscode\chef\embedded\bin\ruby" -ropenssl -rbase64 -e "ke
163
163
  function callMomma([string]$act)
164
164
  {
165
165
  $params = @{mu_id='<%= $mu.muID %>';mu_resource_name='<%= $mu.resourceName %>';mu_resource_type='<%= $mu.resourceType %>';mu_instance_id="$awsid";mu_user='<%= $mu.muUser %>';mu_deploy_secret="$deploy_secret";$act="1"}
166
- log "Calling Momma Cat at https://<%= $mu.publicIP %>:2260 with $act"
166
+ log "Calling Momma Cat at https://<%= $mu.publicIP %>:<%= $mu.mommaCatPort %> with $act"
167
167
  [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
168
- $resp = Invoke-WebRequest -Uri https://<%= $mu.publicIP %>:2260 -Method POST -Body $params
168
+ $resp = Invoke-WebRequest -Uri https://<%= $mu.publicIP %>:<%= $mu.mommaCatPort %> -Method POST -Body $params
169
169
  return $resp.Content
170
170
  }
171
171