RubyGems - cloud-mu - Versions diffs - 2.1.0beta → 3.0.0beta - Mend

cloud-mu 2.1.0beta → 3.0.0beta

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (291) hide show

checksums.yaml +5 -5
data/Berksfile +4 -5
data/Berksfile.lock +179 -0
data/README.md +1 -6
data/ansible/roles/geerlingguy.firewall/templates/firewall.bash.j2 +0 -0
data/ansible/roles/mu-installer/README.md +33 -0
data/ansible/roles/mu-installer/defaults/main.yml +2 -0
data/ansible/roles/mu-installer/handlers/main.yml +2 -0
data/ansible/roles/mu-installer/meta/main.yml +60 -0
data/ansible/roles/mu-installer/tasks/main.yml +13 -0
data/ansible/roles/mu-installer/tests/inventory +2 -0
data/ansible/roles/mu-installer/tests/test.yml +5 -0
data/ansible/roles/mu-installer/vars/main.yml +2 -0
data/bin/mu-adopt +125 -0
data/bin/mu-aws-setup +4 -4
data/bin/mu-azure-setup +265 -0
data/bin/mu-azure-tests +43 -0
data/bin/mu-cleanup +20 -8
data/bin/mu-configure +224 -98
data/bin/mu-deploy +8 -3
data/bin/mu-gcp-setup +16 -8
data/bin/mu-gen-docs +92 -8
data/bin/mu-load-config.rb +52 -12
data/bin/mu-momma-cat +36 -0
data/bin/mu-node-manage +34 -27
data/bin/mu-self-update +2 -2
data/bin/mu-ssh +12 -8
data/bin/mu-upload-chef-artifacts +11 -4
data/bin/mu-user-manage +3 -0
data/cloud-mu.gemspec +8 -11
data/cookbooks/firewall/libraries/helpers_iptables.rb +2 -2
data/cookbooks/firewall/metadata.json +1 -1
data/cookbooks/firewall/recipes/default.rb +5 -9
data/cookbooks/mu-firewall/attributes/default.rb +2 -0
data/cookbooks/mu-firewall/metadata.rb +1 -1
data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +0 -0
data/cookbooks/mu-master/Berksfile +2 -2
data/cookbooks/mu-master/files/default/check_mem.pl +0 -0
data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
data/cookbooks/mu-master/metadata.rb +5 -4
data/cookbooks/mu-master/recipes/389ds.rb +1 -1
data/cookbooks/mu-master/recipes/basepackages.rb +30 -10
data/cookbooks/mu-master/recipes/default.rb +59 -7
data/cookbooks/mu-master/recipes/firewall-holes.rb +1 -1
data/cookbooks/mu-master/recipes/init.rb +65 -47
data/cookbooks/mu-master/recipes/{eks-kubectl.rb → kubectl.rb} +4 -10
data/cookbooks/mu-master/recipes/sssd.rb +2 -1
data/cookbooks/mu-master/recipes/update_nagios_only.rb +6 -6
data/cookbooks/mu-master/templates/default/web_app.conf.erb +2 -2
data/cookbooks/mu-master/templates/mods/ldap.conf.erb +4 -0
data/cookbooks/mu-php54/Berksfile +1 -2
data/cookbooks/mu-php54/metadata.rb +4 -5
data/cookbooks/mu-php54/recipes/default.rb +1 -1
data/cookbooks/mu-splunk/templates/default/splunk-init.erb +0 -0
data/cookbooks/mu-tools/Berksfile +3 -2
data/cookbooks/mu-tools/files/default/Mu_CA.pem +33 -0
data/cookbooks/mu-tools/libraries/helper.rb +20 -8
data/cookbooks/mu-tools/metadata.rb +5 -2
data/cookbooks/mu-tools/recipes/apply_security.rb +2 -3
data/cookbooks/mu-tools/recipes/eks.rb +1 -1
data/cookbooks/mu-tools/recipes/gcloud.rb +5 -30
data/cookbooks/mu-tools/recipes/nagios.rb +1 -1
data/cookbooks/mu-tools/recipes/rsyslog.rb +1 -0
data/cookbooks/mu-tools/recipes/selinux.rb +19 -0
data/cookbooks/mu-tools/recipes/split_var_partitions.rb +0 -1
data/cookbooks/mu-tools/recipes/windows-client.rb +256 -122
data/cookbooks/mu-tools/resources/disk.rb +3 -1
data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +1 -1
data/cookbooks/mu-tools/templates/default/etc_hosts.erb +1 -1
data/cookbooks/mu-tools/templates/default/{kubeconfig.erb → kubeconfig-eks.erb} +0 -0
data/cookbooks/mu-tools/templates/default/kubeconfig-gke.erb +27 -0
data/cookbooks/mu-tools/templates/windows-10/sshd_config.erb +137 -0
data/cookbooks/mu-utility/recipes/nat.rb +4 -0
data/extras/alpha.png +0 -0
data/extras/beta.png +0 -0
data/extras/clean-stock-amis +2 -2
data/extras/generate-stock-images +131 -0
data/extras/git-fix-permissions-hook +0 -0
data/extras/image-generators/AWS/centos6.yaml +17 -0
data/extras/image-generators/{aws → AWS}/centos7-govcloud.yaml +0 -0
data/extras/image-generators/{aws → AWS}/centos7.yaml +0 -0
data/extras/image-generators/{aws → AWS}/rhel7.yaml +0 -0
data/extras/image-generators/{aws → AWS}/win2k12.yaml +0 -0
data/extras/image-generators/{aws → AWS}/win2k16.yaml +0 -0
data/extras/image-generators/{aws → AWS}/windows.yaml +0 -0
data/extras/image-generators/{gcp → Google}/centos6.yaml +1 -0
data/extras/image-generators/Google/centos7.yaml +18 -0
data/extras/python_rpm/build.sh +0 -0
data/extras/release.png +0 -0
data/extras/ruby_rpm/build.sh +0 -0
data/extras/ruby_rpm/muby.spec +1 -1
data/install/README.md +43 -5
data/install/deprecated-bash-library.sh +0 -0
data/install/installer +1 -1
data/install/jenkinskeys.rb +0 -0
data/install/mu-master.yaml +55 -0
data/modules/mommacat.ru +41 -7
data/modules/mu.rb +444 -149
data/modules/mu/adoption.rb +500 -0
data/modules/mu/cleanup.rb +235 -158
data/modules/mu/cloud.rb +675 -138
data/modules/mu/clouds/aws.rb +156 -24
data/modules/mu/clouds/aws/alarm.rb +4 -14
data/modules/mu/clouds/aws/bucket.rb +60 -18
data/modules/mu/clouds/aws/cache_cluster.rb +8 -20
data/modules/mu/clouds/aws/collection.rb +12 -22
data/modules/mu/clouds/aws/container_cluster.rb +209 -118
data/modules/mu/clouds/aws/database.rb +120 -45
data/modules/mu/clouds/aws/dnszone.rb +7 -18
data/modules/mu/clouds/aws/endpoint.rb +5 -15
data/modules/mu/clouds/aws/firewall_rule.rb +144 -72
data/modules/mu/clouds/aws/folder.rb +4 -11
data/modules/mu/clouds/aws/function.rb +6 -16
data/modules/mu/clouds/aws/group.rb +4 -12
data/modules/mu/clouds/aws/habitat.rb +11 -13
data/modules/mu/clouds/aws/loadbalancer.rb +40 -28
data/modules/mu/clouds/aws/log.rb +5 -13
data/modules/mu/clouds/aws/msg_queue.rb +9 -24
data/modules/mu/clouds/aws/nosqldb.rb +4 -12
data/modules/mu/clouds/aws/notifier.rb +6 -13
data/modules/mu/clouds/aws/role.rb +69 -40
data/modules/mu/clouds/aws/search_domain.rb +17 -20
data/modules/mu/clouds/aws/server.rb +184 -94
data/modules/mu/clouds/aws/server_pool.rb +33 -38
data/modules/mu/clouds/aws/storage_pool.rb +5 -12
data/modules/mu/clouds/aws/user.rb +59 -33
data/modules/mu/clouds/aws/userdata/linux.erb +18 -30
data/modules/mu/clouds/aws/userdata/windows.erb +9 -9
data/modules/mu/clouds/aws/vpc.rb +214 -145
data/modules/mu/clouds/azure.rb +978 -44
data/modules/mu/clouds/azure/container_cluster.rb +413 -0
data/modules/mu/clouds/azure/firewall_rule.rb +500 -0
data/modules/mu/clouds/azure/habitat.rb +167 -0
data/modules/mu/clouds/azure/loadbalancer.rb +205 -0
data/modules/mu/clouds/azure/role.rb +211 -0
data/modules/mu/clouds/azure/server.rb +810 -0
data/modules/mu/clouds/azure/user.rb +257 -0
data/modules/mu/clouds/azure/userdata/README.md +4 -0
data/modules/mu/clouds/azure/userdata/linux.erb +137 -0
data/modules/mu/clouds/azure/userdata/windows.erb +275 -0
data/modules/mu/clouds/azure/vpc.rb +782 -0
data/modules/mu/clouds/cloudformation.rb +12 -9
data/modules/mu/clouds/cloudformation/firewall_rule.rb +5 -13
data/modules/mu/clouds/cloudformation/server.rb +10 -1
data/modules/mu/clouds/cloudformation/server_pool.rb +1 -0
data/modules/mu/clouds/cloudformation/vpc.rb +0 -2
data/modules/mu/clouds/google.rb +554 -117
data/modules/mu/clouds/google/bucket.rb +173 -32
data/modules/mu/clouds/google/container_cluster.rb +1112 -157
data/modules/mu/clouds/google/database.rb +24 -47
data/modules/mu/clouds/google/firewall_rule.rb +344 -89
data/modules/mu/clouds/google/folder.rb +156 -79
data/modules/mu/clouds/google/group.rb +272 -82
data/modules/mu/clouds/google/habitat.rb +177 -52
data/modules/mu/clouds/google/loadbalancer.rb +9 -34
data/modules/mu/clouds/google/role.rb +1211 -0
data/modules/mu/clouds/google/server.rb +491 -227
data/modules/mu/clouds/google/server_pool.rb +233 -48
data/modules/mu/clouds/google/user.rb +479 -125
data/modules/mu/clouds/google/userdata/linux.erb +3 -3
data/modules/mu/clouds/google/userdata/windows.erb +9 -9
data/modules/mu/clouds/google/vpc.rb +381 -223
data/modules/mu/config.rb +689 -214
data/modules/mu/config/bucket.rb +1 -1
data/modules/mu/config/cache_cluster.rb +1 -1
data/modules/mu/config/cache_cluster.yml +0 -4
data/modules/mu/config/container_cluster.rb +18 -9
data/modules/mu/config/database.rb +6 -23
data/modules/mu/config/firewall_rule.rb +9 -15
data/modules/mu/config/folder.rb +22 -21
data/modules/mu/config/habitat.rb +22 -21
data/modules/mu/config/loadbalancer.rb +2 -2
data/modules/mu/config/role.rb +9 -40
data/modules/mu/config/server.rb +26 -5
data/modules/mu/config/server_pool.rb +1 -1
data/modules/mu/config/storage_pool.rb +2 -2
data/modules/mu/config/user.rb +4 -0
data/modules/mu/config/vpc.rb +350 -110
data/modules/mu/defaults/{amazon_images.yaml → AWS.yaml} +37 -39
data/modules/mu/defaults/Azure.yaml +17 -0
data/modules/mu/defaults/Google.yaml +24 -0
data/modules/mu/defaults/README.md +1 -1
data/modules/mu/deploy.rb +168 -125
data/modules/mu/groomer.rb +2 -1
data/modules/mu/groomers/ansible.rb +104 -32
data/modules/mu/groomers/chef.rb +96 -44
data/modules/mu/kittens.rb +20602 -0
data/modules/mu/logger.rb +38 -11
data/modules/mu/master.rb +90 -8
data/modules/mu/master/chef.rb +2 -3
data/modules/mu/master/ldap.rb +0 -1
data/modules/mu/master/ssl.rb +250 -0
data/modules/mu/mommacat.rb +917 -513
data/modules/scratchpad.erb +1 -1
data/modules/tests/super_complex_bok.yml +0 -0
data/modules/tests/super_simple_bok.yml +0 -0
data/roles/mu-master.json +2 -1
data/spec/azure_creds +5 -0
data/spec/mu.yaml +56 -0
data/spec/mu/clouds/azure_spec.rb +164 -27
data/spec/spec_helper.rb +5 -0
data/test/clean_up.py +0 -0
data/test/exec_inspec.py +0 -0
data/test/exec_mu_install.py +0 -0
data/test/exec_retry.py +0 -0
data/test/smoke_test.rb +0 -0
metadata +90 -118
data/cookbooks/mu-jenkins/Berksfile +0 -14
data/cookbooks/mu-jenkins/CHANGELOG.md +0 -13
data/cookbooks/mu-jenkins/LICENSE +0 -37
data/cookbooks/mu-jenkins/README.md +0 -105
data/cookbooks/mu-jenkins/attributes/default.rb +0 -42
data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +0 -73
data/cookbooks/mu-jenkins/files/default/deploy_config.xml +0 -44
data/cookbooks/mu-jenkins/metadata.rb +0 -21
data/cookbooks/mu-jenkins/recipes/default.rb +0 -195
data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +0 -54
data/cookbooks/mu-jenkins/recipes/public_key.rb +0 -24
data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +0 -24
data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +0 -14
data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +0 -6
data/cookbooks/nagios/Berksfile +0 -11
data/cookbooks/nagios/CHANGELOG.md +0 -589
data/cookbooks/nagios/CONTRIBUTING.md +0 -11
data/cookbooks/nagios/LICENSE +0 -37
data/cookbooks/nagios/README.md +0 -328
data/cookbooks/nagios/TESTING.md +0 -2
data/cookbooks/nagios/attributes/config.rb +0 -171
data/cookbooks/nagios/attributes/default.rb +0 -228
data/cookbooks/nagios/chefignore +0 -102
data/cookbooks/nagios/definitions/command.rb +0 -33
data/cookbooks/nagios/definitions/contact.rb +0 -33
data/cookbooks/nagios/definitions/contactgroup.rb +0 -33
data/cookbooks/nagios/definitions/host.rb +0 -33
data/cookbooks/nagios/definitions/hostdependency.rb +0 -33
data/cookbooks/nagios/definitions/hostescalation.rb +0 -34
data/cookbooks/nagios/definitions/hostgroup.rb +0 -33
data/cookbooks/nagios/definitions/nagios_conf.rb +0 -38
data/cookbooks/nagios/definitions/resource.rb +0 -33
data/cookbooks/nagios/definitions/service.rb +0 -33
data/cookbooks/nagios/definitions/servicedependency.rb +0 -33
data/cookbooks/nagios/definitions/serviceescalation.rb +0 -34
data/cookbooks/nagios/definitions/servicegroup.rb +0 -33
data/cookbooks/nagios/definitions/timeperiod.rb +0 -33
data/cookbooks/nagios/libraries/base.rb +0 -314
data/cookbooks/nagios/libraries/command.rb +0 -91
data/cookbooks/nagios/libraries/contact.rb +0 -230
data/cookbooks/nagios/libraries/contactgroup.rb +0 -112
data/cookbooks/nagios/libraries/custom_option.rb +0 -36
data/cookbooks/nagios/libraries/data_bag_helper.rb +0 -23
data/cookbooks/nagios/libraries/default.rb +0 -90
data/cookbooks/nagios/libraries/host.rb +0 -412
data/cookbooks/nagios/libraries/hostdependency.rb +0 -181
data/cookbooks/nagios/libraries/hostescalation.rb +0 -173
data/cookbooks/nagios/libraries/hostgroup.rb +0 -119
data/cookbooks/nagios/libraries/nagios.rb +0 -282
data/cookbooks/nagios/libraries/resource.rb +0 -59
data/cookbooks/nagios/libraries/service.rb +0 -455
data/cookbooks/nagios/libraries/servicedependency.rb +0 -215
data/cookbooks/nagios/libraries/serviceescalation.rb +0 -195
data/cookbooks/nagios/libraries/servicegroup.rb +0 -144
data/cookbooks/nagios/libraries/timeperiod.rb +0 -160
data/cookbooks/nagios/libraries/users_helper.rb +0 -54
data/cookbooks/nagios/metadata.rb +0 -25
data/cookbooks/nagios/recipes/_load_databag_config.rb +0 -153
data/cookbooks/nagios/recipes/_load_default_config.rb +0 -241
data/cookbooks/nagios/recipes/apache.rb +0 -48
data/cookbooks/nagios/recipes/default.rb +0 -204
data/cookbooks/nagios/recipes/nginx.rb +0 -82
data/cookbooks/nagios/recipes/pagerduty.rb +0 -143
data/cookbooks/nagios/recipes/server_package.rb +0 -40
data/cookbooks/nagios/recipes/server_source.rb +0 -164
data/cookbooks/nagios/templates/default/apache2.conf.erb +0 -96
data/cookbooks/nagios/templates/default/cgi.cfg.erb +0 -266
data/cookbooks/nagios/templates/default/commands.cfg.erb +0 -13
data/cookbooks/nagios/templates/default/contacts.cfg.erb +0 -37
data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +0 -25
data/cookbooks/nagios/templates/default/hosts.cfg.erb +0 -15
data/cookbooks/nagios/templates/default/htpasswd.users.erb +0 -6
data/cookbooks/nagios/templates/default/nagios.cfg.erb +0 -22
data/cookbooks/nagios/templates/default/nginx.conf.erb +0 -62
data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +0 -185
data/cookbooks/nagios/templates/default/resource.cfg.erb +0 -27
data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +0 -15
data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +0 -14
data/cookbooks/nagios/templates/default/services.cfg.erb +0 -14
data/cookbooks/nagios/templates/default/templates.cfg.erb +0 -31
data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +0 -13
data/extras/image-generators/aws/centos6.yaml +0 -18
data/modules/mu/defaults/google_images.yaml +0 -16
data/roles/mu-master-jenkins.json +0 -24

data/cookbooks/mu-tools/recipes/eks.rb CHANGED

@@ -145,7 +145,7 @@ Environment='KUBELET_EXTRA_ARGS=$KUBELET_EXTRA_ARGS'
   ["/var/lib/kubelet/kubeconfig", "/root/.kube/config"].each { |kubecfg|
     template kubecfg do
-      source "kubeconfig.erb"
+      source "kubeconfig-eks.erb"
       variables(
         :endpoint => endpoint,
         :cluster => cluster,

data/cookbooks/mu-tools/recipes/gcloud.rb CHANGED

@@ -28,49 +28,24 @@ if platform_family?("rhel") or platform_family?("amazon")
     end
     package "google-cloud-sdk"
   elsif node['platform_version'].to_i == 6
-    rpm_package "IUS" do
-      source "https://#{node['platform']}#{node['platform_version'].to_i}.iuscommunity.org/ius-release.rpm"
-    end
-    package ["python27", "python27-libs"]
+    version = "267.0.0"
     remote_file "#{Chef::Config[:file_cache_path]}/gcloud-cli.sh" do
       source "https://sdk.cloud.google.com"
       action :nothing
     end
     remote_file "#{Chef::Config[:file_cache_path]}/gcloud-cli.tar.gz" do
-      source "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-167.0.0-linux-x86_64.tar.gz"
+      source "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-#{version}-linux-x86_64.tar.gz"
       action :nothing
     end
     bash "install gcloud-cli" do
       cwd "/opt"
       code <<-EOH
-        # This broken-arsed package set install themselves in the wrong prefix
-        # for some reason, but if you do it manually they land in the right
-        # place. Whatever, just symlink it.
-        filelist=`rpm -qa | grep ^python27- | xargs rpm -ql`
-        for d in $filelist;do
-          if [ -d "$d" ];then
-            rightpath=`echo $d | sed 's/^\\/opt\\/rh\\/python27\\/root//'`
-            if [ "$rightpath" != "$d" -a ! -e "$rightpath" ];then
-              echo $rightpath | grep -v /
-              mkdir -p "$rightpath"
-            fi
-          fi
-        done
-        for f in $filelist;do
-          if [ -f "$f" ];then
-            rightpath=`echo $f | sed 's/^\\/opt\\/rh\\/python27\\/root//'`
-            if [ "$rightpath" != "$f" -a ! -e "$rightpath" ];then
-              ln -s "$f" "$rightpath"
-            fi
-          fi
-        done
         tar -xzf #{Chef::Config[:file_cache_path]}/gcloud-cli.tar.gz
-        CLOUDSDK_PYTHON=/usr/bin/python2.7 ./google-cloud-sdk/install.sh -q
-#        CLOUDSDK_PYTHON=/usr/bin/python2.7 sh #{Chef::Config[:file_cache_path]}/gcloud-cli.sh --install-dir=/opt --disable-prompts
+        CLOUDSDK_PYTHON="`/bin/rpm -ql muthon | grep '/bin/python$'`" ./google-cloud-sdk/install.sh -q
       EOH
       notifies :create, "remote_file[#{Chef::Config[:file_cache_path]}/gcloud-cli.sh]", :before
       notifies :create, "remote_file[#{Chef::Config[:file_cache_path]}/gcloud-cli.tar.gz]", :before
-      not_if { ::File.exist?("/opt/google-cloud-sdk/bin/gcloud") }
+      not_if "/opt/google-cloud-sdk/bin/gcloud version | grep 'Google Cloud SDK #{version}'"
     end
     link "/etc/bash_completion.d/gcloud" do
       to "/opt/google-cloud-sdk/completion.bash.inc"
@@ -79,7 +54,7 @@ if platform_family?("rhel") or platform_family?("amazon")
       to "/opt/google-cloud-sdk/path.bash.inc"
     end
     file "/etc/profile.d/gcloud_python.sh" do
-      content "export CLOUDSDK_PYTHON=/usr/bin/python2.7\n"
+      content "export CLOUDSDK_PYTHON=\"`/bin/rpm -ql muthon | grep '/bin/python$'`\"\n"
       mode 0644
     end
   end

data/cookbooks/mu-tools/recipes/nagios.rb CHANGED

@@ -16,4 +16,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-include_recipe "nagios"
+include_recipe "mu-nagios"

data/cookbooks/mu-tools/recipes/rsyslog.rb CHANGED

@@ -24,6 +24,7 @@ if !node['application_attributes']['skip_recipes'].include?('rsyslog')
     execute "chcon -R -h -t var_log_t /Mu_Logs" do
       action :nothing
       only_if { ::Dir.exist?("/Mu_Logs") }
+      not_if "/sbin/getenforce | grep -cim1  disabled"
     end
     service "rsyslog" do
       action [:enable, :start]

data/cookbooks/mu-tools/recipes/selinux.rb ADDED

@@ -0,0 +1,19 @@
+#
+# Cookbook:: mu-tools
+# Recipe:: selinux
+#
+# Copyright:: 2019, The Authors, All Rights Reserved.
+if !node['application_attributes']['skip_recipes'].include?('selinux')
+  selinux_state "SELinux Enforcing" do
+    action :enforcing
+    notifies :request_reboot, 'reboot[now]', :immediately
+  end
+  reboot 'now' do
+    action :nothing
+    reason 'Must reboot to enable SELinux.'
+  end
+end

data/cookbooks/mu-tools/recipes/split_var_partitions.rb CHANGED

@@ -23,7 +23,6 @@
 # make it part of your regular build process.
 if !node['application_attributes']['skip_recipes'].include?('split_var_partitions')
-  log "*************** "+node['platform']
   case node['platform']
     when "redhat", "rhel", "centos", "amazon"

data/cookbooks/mu-tools/recipes/windows-client.rb CHANGED

@@ -19,16 +19,148 @@ if !node['application_attributes']['skip_recipes'].include?('windows-client')
   case node['platform']
     when "windows"
       include_recipe 'chef-vault'
-      ::Chef::Recipe.send(:include, Chef::Mixin::PowershellOut)
+      windows_vault = chef_vault_item node['windows_auth_vault'], node['windows_auth_item']
+      sshd_user = 'SYSTEM' #windows_vault[node['windows_sshd_username_field']]
+      sshd_password = windows_vault[node['windows_sshd_password_field']]
+      windows_version = node['platform_version'].to_i
+      public_keys = Array.new
+      if windows_version == 10
+        Chef::Log.info "version #{windows_version}, using openssh"
+        include_recipe 'chocolatey'
+        openssh_path = 'C:\Program Files\OpenSSH-Win64'
+        ssh_program_data = "#{ENV['ProgramData']}/ssh"
+        ssh_dir = "C:/Users/Administrator/.ssh"
+        authorized_keys = "#{ssh_dir}/authorized_keys"
+        public_key = node['deployment']['ssh_public_key']
+        files = []
+        packages = %w(openssh ruby)
+        chocolatey_package packages
+        windows_path 'Add OpenSSH to path' do
+          path openssh_path
+          action :add
+        end
+        powershell_script 'Install SSH' do
+          code '.\install-sshd.ps1'
+          cwd openssh_path
+        end
+#        firewall 'default' do
+#          ipv6_enabled node['firewall']['ipv6_enabled']
+#          action :disable
+#        end
+#
+#        firewall_rule 'allow ssh' do
+#          port     22
+#          command  :allow
+#          description 'OpenSSH Server (sshd)'
+#        end
+#
+#        firewall_rule 'allow RDP' do
+#          port    3389
+#          command :allow
+#        end
+#
+#        firewall_rule 'allow winrm' do
+#          port    5989
+#          command :allow
+#        end
+        directory 'create ssh ProgramData' do
+          path ssh_program_data
+          owner sshd_user
+          rights :full_control, sshd_user
+          rights :full_control, 'Administrator'
+          notifies :run, 'powershell_script[Generate Host Key]', :immediately
+        end
+        powershell_script 'Generate Host Key' do
+          code '.\ssh-keygen.exe -A'
+          cwd openssh_path
+          action :nothing
+          notifies :create, "template[#{ssh_program_data}/sshd_config]", :immediately
+        end
+        template "#{ssh_program_data}/sshd_config" do
+          action :nothing
+          owner sshd_user
+          source "sshd_config.erb"
+          mode '0600'
+          cookbook "mu-tools"
+          notifies :run, 'ruby[find files to change ownership of]', :immediately
+        end
+        directory "set file ownership" do
+          action :nothing
+          path ssh_program_data
+          owner sshd_user
+          mode '0600'
+          rights :full_control, sshd_user
+          deny_rights :full_control, 'Administrator'
+        end
+        windows_service 'sshd' do
+          action :nothing #[ :enable, :start ]
+        end
+        group 'sshusers' do
+          members [sshd_user, 'Administrator']
+        end
+        ruby 'find files to change ownership of' do
+          action :nothing
+          code <<-EOH
+            files = Dir.entries ssh_program_data
+            puts files
+          EOH
+        end
+        log 'files in ssh' do
+          message files.join
+          level :info
+        end
+        files.each do |file|
+          file "#{ssh_program_data}#{file}" do
+            owner sshd_user
+            deny_rights :full_control, 'Administrator'
+          end
+        end
+        directory "create Admin's .ssh directory" do
+          path ssh_dir
+          recursive true
+          owner sshd_user
+        end
+        file authorized_keys do
+          owner 'Administrator'
+          content public_key
+        end
+      else
+        ::Chef::Recipe.send(:include, Chef::Mixin::PowershellOut)
 #      remote_file "cygwin-x86_64.exe" do
 #        path "#{Chef::Config[:file_cache_path]}/cygwin-x86_64.exe"
 #        source "http://cygwin.com/setup-x86_64.exe"
-# XXX guard with a version check
-#      end
-# XXX keep a local cache of packages... really our own damn mirror
-      cygwindir = "c:/bin/cygwin"
+        cygwindir = "c:/bin/cygwin"
 #      pkgs = ["bash", "mintty", "vim", "curl", "openssl", "wget", "lynx", "openssh"]
 #      powershell_script "install Cygwin" do
@@ -38,7 +170,7 @@ if !node['application_attributes']['skip_recipes'].include?('windows-client')
 #        not_if { ::File.exist?("#{cygwindir}/Cygwin.bat") }
 #      end
-      # Be prepared to reinit installs that are missing key utilities
+        # Be prepared to reinit installs that are missing key utilities
 #      file "#{cygwindir}/etc/setup/installed.db" do
 #        action :delete
 #        not_if { ::File.exist?("#{cygwindir}/bin/cygcheck.exe") }
@@ -52,138 +184,135 @@ if !node['application_attributes']['skip_recipes'].include?('windows-client')
 #        end
 #      }
-      reboot "Cygwin LSA" do
-        action :nothing
-        reason "Enabling Cygwin LSA support"
-      end
-      powershell_script "Configuring Cygwin LSA support" do
-        code <<-EOH
-          Invoke-Expression '& #{cygwindir}/bin/bash.exe --login -c "echo yes | /bin/cyglsa-config"'
-        EOH
-        not_if {
-          lsa_found = false
-          if registry_key_exists?("HKLM\\SYSTEM\\CurrentControlSet\\Control\\Lsa")
-            registry_get_values("HKLM\\SYSTEM\\CurrentControlSet\\Control\\Lsa").each { |val|
-              if val[:name] == "Authentication Packages"
-                lsa_found = true if val[:data].grep(/cyglsa64\.dll/)
-                break
-              end
-            }
-          end
-          lsa_found
-        }
-        notifies :reboot_now, "reboot[Cygwin LSA]", :immediately
-      end
+        reboot "Cygwin LSA" do
+          action :nothing
+          reason "Enabling Cygwin LSA support"
+        end
-      windows_vault = chef_vault_item(node['windows_auth_vault'], node['windows_auth_item'])
-      sshd_user = windows_vault[node['windows_sshd_username_field']]
-      sshd_password = windows_vault[node['windows_sshd_password_field']]
-      powershell_script "enable Cygwin sshd" do
-        code <<-EOH
-          Invoke-Expression -Debug '& #{cygwindir}/bin/bash.exe --login -c "ssh-host-config -y -c ntsec -w ''#{sshd_password}'' -u #{sshd_user}"'
-          Invoke-Expression -Debug '& #{cygwindir}/bin/bash.exe --login -c "sed -i.bak ''s/#.*StrictModes.*yes/StrictModes no/'' /etc/sshd_config"'
-          Invoke-Expression -Debug '& #{cygwindir}/bin/bash.exe --login -c "sed -i.bak ''s/#.*PasswordAuthentication.*yes/PasswordAuthentication no/'' /etc/sshd_config"'
-          Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "chown #{sshd_user} /var/empty /var/log/sshd.log /etc/ssh*; chmod 755 /var/empty"'
-        EOH
-        sensitive true
-        not_if %Q{Get-Service "sshd"}
-      end
-      powershell_script "set unix-style Cygwin sshd permissions" do
-        code <<-EOH
-          if((Get-WmiObject win32_computersystem).partofdomain){
-            Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "mkpasswd -d > /etc/passwd"'
-            Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "mkgroup -l -d > /etc/group"'
-          } else {
-            Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "mkpasswd -l > /etc/passwd"'
-            Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "mkgroup -l > /etc/group"'
+        powershell_script "Configuring Cygwin LSA support" do
+          code <<-EOH
+            Invoke-Expression '& #{cygwindir}/bin/bash.exe --login -c "echo yes | /bin/cyglsa-config"'
+          EOH
+          not_if {
+            lsa_found = false
+            if registry_key_exists?("HKLM\\SYSTEM\\CurrentControlSet\\Control\\Lsa")
+              registry_get_values("HKLM\\SYSTEM\\CurrentControlSet\\Control\\Lsa").each { |val|
+                if val[:name] == "Authentication Packages"
+                  lsa_found = true if val[:data].grep(/cyglsa64\.dll/)
+                  break
+                end
+              }
+            end
+            lsa_found
           }
-          Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "chown #{sshd_user} /var/empty /var/log/sshd.log /etc/ssh*; chmod 755 /var/empty"'
-        EOH
-      end
+          notifies :reboot_now, "reboot[Cygwin LSA]", :immediately
+        end
-      include_recipe 'mu-activedirectory'
+        powershell_script "enable Cygwin sshd" do
+          code <<-EOH
+            Invoke-Expression -Debug '& #{cygwindir}/bin/bash.exe --login -c "ssh-host-config -y -c ntsec -w ''#{sshd_password}'' -u #{sshd_user}"'
+            Invoke-Expression -Debug '& #{cygwindir}/bin/bash.exe --login -c "sed -i.bak ''s/#.*StrictModes.*yes/StrictModes no/'' /etc/sshd_config"'
+            Invoke-Expression -Debug '& #{cygwindir}/bin/bash.exe --login -c "sed -i.bak ''s/#.*PasswordAuthentication.*yes/PasswordAuthentication no/'' /etc/sshd_config"'
+            Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "chown #{sshd_user} /var/empty /var/log/sshd.log /etc/ssh*; chmod 755 /var/empty"'
+          EOH
+          sensitive true
+          not_if %Q{Get-Service "sshd"}
+        end
+        powershell_script "set unix-style Cygwin sshd permissions" do
+          code <<-EOH
+            if((Get-WmiObject win32_computersystem).partofdomain){
+              Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "mkpasswd -d > /etc/passwd"'
+              Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "mkgroup -l -d > /etc/group"'
+            } else {
+              Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "mkpasswd -l > /etc/passwd"'
+              Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "mkgroup -l > /etc/group"'
+            }
+            Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "chown #{sshd_user} /var/empty /var/log/sshd.log /etc/ssh*; chmod 755 /var/empty"'
+          EOH
+        end
-      ::Chef::Recipe.send(:include, Chef::Mixin::PowershellOut)
+        include_recipe 'mu-activedirectory'
-      template "c:/bin/cygwin/etc/sshd_config" do
-        source "sshd_config.erb"
-        mode 0644
-        cookbook "mu-tools"
-        ignore_failure true
-      end
+        ::Chef::Recipe.send(:include, Chef::Mixin::PowershellOut)
-      ec2config_user= windows_vault[node['windows_ec2config_username_field']]
-      ec2config_password = windows_vault[node['windows_ec2config_password_field']]
-      login_dom = "."
+        template "c:/bin/cygwin/etc/sshd_config" do
+          source "sshd_config.erb"
+          mode 0644
+          cookbook "mu-tools"
+          ignore_failure true
+        end
-      if in_domain?
+        ec2config_user= windows_vault[node['windows_ec2config_username_field']]
+        ec2config_password = windows_vault[node['windows_ec2config_password_field']]
+        login_dom = "."
-        ad_vault = chef_vault_item(node['ad']['domain_admin_vault'], node['ad']['domain_admin_item'])
-        login_dom = node['ad']['netbios_name']
+        if in_domain?
-        windows_users node['ad']['computer_name'] do
-          username ad_vault[node['ad']['domain_admin_username_field']]
-          password ad_vault[node['ad']['domain_admin_password_field']]
-          domain_name node['ad']['domain_name']
-          netbios_name node['ad']['netbios_name']
-          dc_ips node['ad']['dc_ips']
-          ssh_user sshd_user
-          ssh_password sshd_password
-          ec2config_user ec2config_user
-          ec2config_password ec2config_password
-        end
+          ad_vault = chef_vault_item(node['ad']['domain_admin_vault'], node['ad']['domain_admin_item'])
+          login_dom = node['ad']['netbios_name']
-        aws_windows "ec2" do
-          username ec2config_user
-          service_username "#{node['ad']['netbios_name']}\\#{ec2config_user}"
-          password ec2config_password
-        end
+          windows_users node['ad']['computer_name'] do
+            username ad_vault[node['ad']['domain_admin_username_field']]
+            password ad_vault[node['ad']['domain_admin_password_field']]
+            domain_name node['ad']['domain_name']
+            netbios_name node['ad']['netbios_name']
+            dc_ips node['ad']['dc_ips']
+            ssh_user sshd_user
+            ssh_password sshd_password
+            ec2config_user ec2config_user
+            ec2config_password ec2config_password
+          end
-        scheduled_tasks "tasks" do
-          username ad_vault[node['ad']['domain_admin_username_field']]
-          password ad_vault[node['ad']['domain_admin_password_field']]
-        end
+          aws_windows "ec2" do
+            username ec2config_user
+            service_username "#{node['ad']['netbios_name']}\\#{ec2config_user}"
+            password ec2config_password
+          end
-        sshd_service "sshd" do
-          service_username "#{node['ad']['netbios_name']}\\#{sshd_user}"
-          username sshd_user
-          password sshd_password
-        end
+          scheduled_tasks "tasks" do
+            username ad_vault[node['ad']['domain_admin_username_field']]
+            password ad_vault[node['ad']['domain_admin_password_field']]
+          end
-        begin
-          resources('service[sshd]')
-        rescue Chef::Exceptions::ResourceNotFound
-          service "sshd" do
-            action [:enable, :start]
-            sensitive true
+          sshd_service "sshd" do
+            service_username "#{node['ad']['netbios_name']}\\#{sshd_user}"
+            username sshd_user
+            password sshd_password
           end
-        end
-      else
-        windows_users node['hostname'] do
-          username node['windows_admin_username']
-          password windows_vault[node['windows_auth_password_field']]
-          ssh_user sshd_user
-          ssh_password sshd_password
-          ec2config_user ec2config_user
-          ec2config_password ec2config_password
-        end
-        aws_windows "ec2" do
-          username ec2config_user
-          service_username ".\\#{ec2config_user}"
-          password ec2config_password
-        end
+          begin
+            resources('service[sshd]')
+          escue Chef::Exceptions::ResourceNotFound
+            service "sshd" do
+              action [:enable, :start]
+              sensitive true
+            end
+          end
+        else
+          windows_users node['hostname'] do
+            username node['windows_admin_username']
+            password windows_vault[node['windows_auth_password_field']]
+            ssh_user sshd_user
+            ssh_password sshd_password
+            ec2config_user ec2config_user
+            ec2config_password ec2config_password
+          end
-        scheduled_tasks "tasks" do
-          username node['windows_admin_username']
-          password windows_vault[node['windows_auth_password_field']]
-        end
+          aws_windows "ec2" do
+            username ec2config_user
+            service_username ".\\#{ec2config_user}"
+            password ec2config_password
+          end
-        sshd_service "sshd" do
-          username sshd_user
-          service_username ".\\#{sshd_user}"
-          password sshd_password
+          scheduled_tasks "tasks" do
+            username node['windows_admin_username']
+            password windows_vault[node['windows_auth_password_field']]
+          end
+          sshd_service "sshd" do
+            username sshd_user
+            service_username ".\\#{sshd_user}"
+            password sshd_password
         end
         begin
           resources('service[sshd]')
@@ -195,8 +324,13 @@ if !node['application_attributes']['skip_recipes'].include?('windows-client')
           end
         end
       end
+    end
     else
       Chef::Log.info("mu-tools::windows-client: Unsupported platform #{node['platform']}")
   end
 end
+# Copyright:: Copyright (c) 2014 eGlobalTech, Inc., all rights reserved
+#
+# Cookbook Name:: mu-tools
+# Recipe:: windows-client