cloud-mu 2.1.0beta → 3.0.0beta

Sign up to get free protection for your applications and to get access to all the features.
Files changed (291) hide show
  1. checksums.yaml +5 -5
  2. data/Berksfile +4 -5
  3. data/Berksfile.lock +179 -0
  4. data/README.md +1 -6
  5. data/ansible/roles/geerlingguy.firewall/templates/firewall.bash.j2 +0 -0
  6. data/ansible/roles/mu-installer/README.md +33 -0
  7. data/ansible/roles/mu-installer/defaults/main.yml +2 -0
  8. data/ansible/roles/mu-installer/handlers/main.yml +2 -0
  9. data/ansible/roles/mu-installer/meta/main.yml +60 -0
  10. data/ansible/roles/mu-installer/tasks/main.yml +13 -0
  11. data/ansible/roles/mu-installer/tests/inventory +2 -0
  12. data/ansible/roles/mu-installer/tests/test.yml +5 -0
  13. data/ansible/roles/mu-installer/vars/main.yml +2 -0
  14. data/bin/mu-adopt +125 -0
  15. data/bin/mu-aws-setup +4 -4
  16. data/bin/mu-azure-setup +265 -0
  17. data/bin/mu-azure-tests +43 -0
  18. data/bin/mu-cleanup +20 -8
  19. data/bin/mu-configure +224 -98
  20. data/bin/mu-deploy +8 -3
  21. data/bin/mu-gcp-setup +16 -8
  22. data/bin/mu-gen-docs +92 -8
  23. data/bin/mu-load-config.rb +52 -12
  24. data/bin/mu-momma-cat +36 -0
  25. data/bin/mu-node-manage +34 -27
  26. data/bin/mu-self-update +2 -2
  27. data/bin/mu-ssh +12 -8
  28. data/bin/mu-upload-chef-artifacts +11 -4
  29. data/bin/mu-user-manage +3 -0
  30. data/cloud-mu.gemspec +8 -11
  31. data/cookbooks/firewall/libraries/helpers_iptables.rb +2 -2
  32. data/cookbooks/firewall/metadata.json +1 -1
  33. data/cookbooks/firewall/recipes/default.rb +5 -9
  34. data/cookbooks/mu-firewall/attributes/default.rb +2 -0
  35. data/cookbooks/mu-firewall/metadata.rb +1 -1
  36. data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +0 -0
  37. data/cookbooks/mu-master/Berksfile +2 -2
  38. data/cookbooks/mu-master/files/default/check_mem.pl +0 -0
  39. data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
  40. data/cookbooks/mu-master/metadata.rb +5 -4
  41. data/cookbooks/mu-master/recipes/389ds.rb +1 -1
  42. data/cookbooks/mu-master/recipes/basepackages.rb +30 -10
  43. data/cookbooks/mu-master/recipes/default.rb +59 -7
  44. data/cookbooks/mu-master/recipes/firewall-holes.rb +1 -1
  45. data/cookbooks/mu-master/recipes/init.rb +65 -47
  46. data/cookbooks/mu-master/recipes/{eks-kubectl.rb → kubectl.rb} +4 -10
  47. data/cookbooks/mu-master/recipes/sssd.rb +2 -1
  48. data/cookbooks/mu-master/recipes/update_nagios_only.rb +6 -6
  49. data/cookbooks/mu-master/templates/default/web_app.conf.erb +2 -2
  50. data/cookbooks/mu-master/templates/mods/ldap.conf.erb +4 -0
  51. data/cookbooks/mu-php54/Berksfile +1 -2
  52. data/cookbooks/mu-php54/metadata.rb +4 -5
  53. data/cookbooks/mu-php54/recipes/default.rb +1 -1
  54. data/cookbooks/mu-splunk/templates/default/splunk-init.erb +0 -0
  55. data/cookbooks/mu-tools/Berksfile +3 -2
  56. data/cookbooks/mu-tools/files/default/Mu_CA.pem +33 -0
  57. data/cookbooks/mu-tools/libraries/helper.rb +20 -8
  58. data/cookbooks/mu-tools/metadata.rb +5 -2
  59. data/cookbooks/mu-tools/recipes/apply_security.rb +2 -3
  60. data/cookbooks/mu-tools/recipes/eks.rb +1 -1
  61. data/cookbooks/mu-tools/recipes/gcloud.rb +5 -30
  62. data/cookbooks/mu-tools/recipes/nagios.rb +1 -1
  63. data/cookbooks/mu-tools/recipes/rsyslog.rb +1 -0
  64. data/cookbooks/mu-tools/recipes/selinux.rb +19 -0
  65. data/cookbooks/mu-tools/recipes/split_var_partitions.rb +0 -1
  66. data/cookbooks/mu-tools/recipes/windows-client.rb +256 -122
  67. data/cookbooks/mu-tools/resources/disk.rb +3 -1
  68. data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +1 -1
  69. data/cookbooks/mu-tools/templates/default/etc_hosts.erb +1 -1
  70. data/cookbooks/mu-tools/templates/default/{kubeconfig.erb → kubeconfig-eks.erb} +0 -0
  71. data/cookbooks/mu-tools/templates/default/kubeconfig-gke.erb +27 -0
  72. data/cookbooks/mu-tools/templates/windows-10/sshd_config.erb +137 -0
  73. data/cookbooks/mu-utility/recipes/nat.rb +4 -0
  74. data/extras/alpha.png +0 -0
  75. data/extras/beta.png +0 -0
  76. data/extras/clean-stock-amis +2 -2
  77. data/extras/generate-stock-images +131 -0
  78. data/extras/git-fix-permissions-hook +0 -0
  79. data/extras/image-generators/AWS/centos6.yaml +17 -0
  80. data/extras/image-generators/{aws → AWS}/centos7-govcloud.yaml +0 -0
  81. data/extras/image-generators/{aws → AWS}/centos7.yaml +0 -0
  82. data/extras/image-generators/{aws → AWS}/rhel7.yaml +0 -0
  83. data/extras/image-generators/{aws → AWS}/win2k12.yaml +0 -0
  84. data/extras/image-generators/{aws → AWS}/win2k16.yaml +0 -0
  85. data/extras/image-generators/{aws → AWS}/windows.yaml +0 -0
  86. data/extras/image-generators/{gcp → Google}/centos6.yaml +1 -0
  87. data/extras/image-generators/Google/centos7.yaml +18 -0
  88. data/extras/python_rpm/build.sh +0 -0
  89. data/extras/release.png +0 -0
  90. data/extras/ruby_rpm/build.sh +0 -0
  91. data/extras/ruby_rpm/muby.spec +1 -1
  92. data/install/README.md +43 -5
  93. data/install/deprecated-bash-library.sh +0 -0
  94. data/install/installer +1 -1
  95. data/install/jenkinskeys.rb +0 -0
  96. data/install/mu-master.yaml +55 -0
  97. data/modules/mommacat.ru +41 -7
  98. data/modules/mu.rb +444 -149
  99. data/modules/mu/adoption.rb +500 -0
  100. data/modules/mu/cleanup.rb +235 -158
  101. data/modules/mu/cloud.rb +675 -138
  102. data/modules/mu/clouds/aws.rb +156 -24
  103. data/modules/mu/clouds/aws/alarm.rb +4 -14
  104. data/modules/mu/clouds/aws/bucket.rb +60 -18
  105. data/modules/mu/clouds/aws/cache_cluster.rb +8 -20
  106. data/modules/mu/clouds/aws/collection.rb +12 -22
  107. data/modules/mu/clouds/aws/container_cluster.rb +209 -118
  108. data/modules/mu/clouds/aws/database.rb +120 -45
  109. data/modules/mu/clouds/aws/dnszone.rb +7 -18
  110. data/modules/mu/clouds/aws/endpoint.rb +5 -15
  111. data/modules/mu/clouds/aws/firewall_rule.rb +144 -72
  112. data/modules/mu/clouds/aws/folder.rb +4 -11
  113. data/modules/mu/clouds/aws/function.rb +6 -16
  114. data/modules/mu/clouds/aws/group.rb +4 -12
  115. data/modules/mu/clouds/aws/habitat.rb +11 -13
  116. data/modules/mu/clouds/aws/loadbalancer.rb +40 -28
  117. data/modules/mu/clouds/aws/log.rb +5 -13
  118. data/modules/mu/clouds/aws/msg_queue.rb +9 -24
  119. data/modules/mu/clouds/aws/nosqldb.rb +4 -12
  120. data/modules/mu/clouds/aws/notifier.rb +6 -13
  121. data/modules/mu/clouds/aws/role.rb +69 -40
  122. data/modules/mu/clouds/aws/search_domain.rb +17 -20
  123. data/modules/mu/clouds/aws/server.rb +184 -94
  124. data/modules/mu/clouds/aws/server_pool.rb +33 -38
  125. data/modules/mu/clouds/aws/storage_pool.rb +5 -12
  126. data/modules/mu/clouds/aws/user.rb +59 -33
  127. data/modules/mu/clouds/aws/userdata/linux.erb +18 -30
  128. data/modules/mu/clouds/aws/userdata/windows.erb +9 -9
  129. data/modules/mu/clouds/aws/vpc.rb +214 -145
  130. data/modules/mu/clouds/azure.rb +978 -44
  131. data/modules/mu/clouds/azure/container_cluster.rb +413 -0
  132. data/modules/mu/clouds/azure/firewall_rule.rb +500 -0
  133. data/modules/mu/clouds/azure/habitat.rb +167 -0
  134. data/modules/mu/clouds/azure/loadbalancer.rb +205 -0
  135. data/modules/mu/clouds/azure/role.rb +211 -0
  136. data/modules/mu/clouds/azure/server.rb +810 -0
  137. data/modules/mu/clouds/azure/user.rb +257 -0
  138. data/modules/mu/clouds/azure/userdata/README.md +4 -0
  139. data/modules/mu/clouds/azure/userdata/linux.erb +137 -0
  140. data/modules/mu/clouds/azure/userdata/windows.erb +275 -0
  141. data/modules/mu/clouds/azure/vpc.rb +782 -0
  142. data/modules/mu/clouds/cloudformation.rb +12 -9
  143. data/modules/mu/clouds/cloudformation/firewall_rule.rb +5 -13
  144. data/modules/mu/clouds/cloudformation/server.rb +10 -1
  145. data/modules/mu/clouds/cloudformation/server_pool.rb +1 -0
  146. data/modules/mu/clouds/cloudformation/vpc.rb +0 -2
  147. data/modules/mu/clouds/google.rb +554 -117
  148. data/modules/mu/clouds/google/bucket.rb +173 -32
  149. data/modules/mu/clouds/google/container_cluster.rb +1112 -157
  150. data/modules/mu/clouds/google/database.rb +24 -47
  151. data/modules/mu/clouds/google/firewall_rule.rb +344 -89
  152. data/modules/mu/clouds/google/folder.rb +156 -79
  153. data/modules/mu/clouds/google/group.rb +272 -82
  154. data/modules/mu/clouds/google/habitat.rb +177 -52
  155. data/modules/mu/clouds/google/loadbalancer.rb +9 -34
  156. data/modules/mu/clouds/google/role.rb +1211 -0
  157. data/modules/mu/clouds/google/server.rb +491 -227
  158. data/modules/mu/clouds/google/server_pool.rb +233 -48
  159. data/modules/mu/clouds/google/user.rb +479 -125
  160. data/modules/mu/clouds/google/userdata/linux.erb +3 -3
  161. data/modules/mu/clouds/google/userdata/windows.erb +9 -9
  162. data/modules/mu/clouds/google/vpc.rb +381 -223
  163. data/modules/mu/config.rb +689 -214
  164. data/modules/mu/config/bucket.rb +1 -1
  165. data/modules/mu/config/cache_cluster.rb +1 -1
  166. data/modules/mu/config/cache_cluster.yml +0 -4
  167. data/modules/mu/config/container_cluster.rb +18 -9
  168. data/modules/mu/config/database.rb +6 -23
  169. data/modules/mu/config/firewall_rule.rb +9 -15
  170. data/modules/mu/config/folder.rb +22 -21
  171. data/modules/mu/config/habitat.rb +22 -21
  172. data/modules/mu/config/loadbalancer.rb +2 -2
  173. data/modules/mu/config/role.rb +9 -40
  174. data/modules/mu/config/server.rb +26 -5
  175. data/modules/mu/config/server_pool.rb +1 -1
  176. data/modules/mu/config/storage_pool.rb +2 -2
  177. data/modules/mu/config/user.rb +4 -0
  178. data/modules/mu/config/vpc.rb +350 -110
  179. data/modules/mu/defaults/{amazon_images.yaml → AWS.yaml} +37 -39
  180. data/modules/mu/defaults/Azure.yaml +17 -0
  181. data/modules/mu/defaults/Google.yaml +24 -0
  182. data/modules/mu/defaults/README.md +1 -1
  183. data/modules/mu/deploy.rb +168 -125
  184. data/modules/mu/groomer.rb +2 -1
  185. data/modules/mu/groomers/ansible.rb +104 -32
  186. data/modules/mu/groomers/chef.rb +96 -44
  187. data/modules/mu/kittens.rb +20602 -0
  188. data/modules/mu/logger.rb +38 -11
  189. data/modules/mu/master.rb +90 -8
  190. data/modules/mu/master/chef.rb +2 -3
  191. data/modules/mu/master/ldap.rb +0 -1
  192. data/modules/mu/master/ssl.rb +250 -0
  193. data/modules/mu/mommacat.rb +917 -513
  194. data/modules/scratchpad.erb +1 -1
  195. data/modules/tests/super_complex_bok.yml +0 -0
  196. data/modules/tests/super_simple_bok.yml +0 -0
  197. data/roles/mu-master.json +2 -1
  198. data/spec/azure_creds +5 -0
  199. data/spec/mu.yaml +56 -0
  200. data/spec/mu/clouds/azure_spec.rb +164 -27
  201. data/spec/spec_helper.rb +5 -0
  202. data/test/clean_up.py +0 -0
  203. data/test/exec_inspec.py +0 -0
  204. data/test/exec_mu_install.py +0 -0
  205. data/test/exec_retry.py +0 -0
  206. data/test/smoke_test.rb +0 -0
  207. metadata +90 -118
  208. data/cookbooks/mu-jenkins/Berksfile +0 -14
  209. data/cookbooks/mu-jenkins/CHANGELOG.md +0 -13
  210. data/cookbooks/mu-jenkins/LICENSE +0 -37
  211. data/cookbooks/mu-jenkins/README.md +0 -105
  212. data/cookbooks/mu-jenkins/attributes/default.rb +0 -42
  213. data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +0 -73
  214. data/cookbooks/mu-jenkins/files/default/deploy_config.xml +0 -44
  215. data/cookbooks/mu-jenkins/metadata.rb +0 -21
  216. data/cookbooks/mu-jenkins/recipes/default.rb +0 -195
  217. data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +0 -54
  218. data/cookbooks/mu-jenkins/recipes/public_key.rb +0 -24
  219. data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +0 -24
  220. data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +0 -14
  221. data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +0 -6
  222. data/cookbooks/nagios/Berksfile +0 -11
  223. data/cookbooks/nagios/CHANGELOG.md +0 -589
  224. data/cookbooks/nagios/CONTRIBUTING.md +0 -11
  225. data/cookbooks/nagios/LICENSE +0 -37
  226. data/cookbooks/nagios/README.md +0 -328
  227. data/cookbooks/nagios/TESTING.md +0 -2
  228. data/cookbooks/nagios/attributes/config.rb +0 -171
  229. data/cookbooks/nagios/attributes/default.rb +0 -228
  230. data/cookbooks/nagios/chefignore +0 -102
  231. data/cookbooks/nagios/definitions/command.rb +0 -33
  232. data/cookbooks/nagios/definitions/contact.rb +0 -33
  233. data/cookbooks/nagios/definitions/contactgroup.rb +0 -33
  234. data/cookbooks/nagios/definitions/host.rb +0 -33
  235. data/cookbooks/nagios/definitions/hostdependency.rb +0 -33
  236. data/cookbooks/nagios/definitions/hostescalation.rb +0 -34
  237. data/cookbooks/nagios/definitions/hostgroup.rb +0 -33
  238. data/cookbooks/nagios/definitions/nagios_conf.rb +0 -38
  239. data/cookbooks/nagios/definitions/resource.rb +0 -33
  240. data/cookbooks/nagios/definitions/service.rb +0 -33
  241. data/cookbooks/nagios/definitions/servicedependency.rb +0 -33
  242. data/cookbooks/nagios/definitions/serviceescalation.rb +0 -34
  243. data/cookbooks/nagios/definitions/servicegroup.rb +0 -33
  244. data/cookbooks/nagios/definitions/timeperiod.rb +0 -33
  245. data/cookbooks/nagios/libraries/base.rb +0 -314
  246. data/cookbooks/nagios/libraries/command.rb +0 -91
  247. data/cookbooks/nagios/libraries/contact.rb +0 -230
  248. data/cookbooks/nagios/libraries/contactgroup.rb +0 -112
  249. data/cookbooks/nagios/libraries/custom_option.rb +0 -36
  250. data/cookbooks/nagios/libraries/data_bag_helper.rb +0 -23
  251. data/cookbooks/nagios/libraries/default.rb +0 -90
  252. data/cookbooks/nagios/libraries/host.rb +0 -412
  253. data/cookbooks/nagios/libraries/hostdependency.rb +0 -181
  254. data/cookbooks/nagios/libraries/hostescalation.rb +0 -173
  255. data/cookbooks/nagios/libraries/hostgroup.rb +0 -119
  256. data/cookbooks/nagios/libraries/nagios.rb +0 -282
  257. data/cookbooks/nagios/libraries/resource.rb +0 -59
  258. data/cookbooks/nagios/libraries/service.rb +0 -455
  259. data/cookbooks/nagios/libraries/servicedependency.rb +0 -215
  260. data/cookbooks/nagios/libraries/serviceescalation.rb +0 -195
  261. data/cookbooks/nagios/libraries/servicegroup.rb +0 -144
  262. data/cookbooks/nagios/libraries/timeperiod.rb +0 -160
  263. data/cookbooks/nagios/libraries/users_helper.rb +0 -54
  264. data/cookbooks/nagios/metadata.rb +0 -25
  265. data/cookbooks/nagios/recipes/_load_databag_config.rb +0 -153
  266. data/cookbooks/nagios/recipes/_load_default_config.rb +0 -241
  267. data/cookbooks/nagios/recipes/apache.rb +0 -48
  268. data/cookbooks/nagios/recipes/default.rb +0 -204
  269. data/cookbooks/nagios/recipes/nginx.rb +0 -82
  270. data/cookbooks/nagios/recipes/pagerduty.rb +0 -143
  271. data/cookbooks/nagios/recipes/server_package.rb +0 -40
  272. data/cookbooks/nagios/recipes/server_source.rb +0 -164
  273. data/cookbooks/nagios/templates/default/apache2.conf.erb +0 -96
  274. data/cookbooks/nagios/templates/default/cgi.cfg.erb +0 -266
  275. data/cookbooks/nagios/templates/default/commands.cfg.erb +0 -13
  276. data/cookbooks/nagios/templates/default/contacts.cfg.erb +0 -37
  277. data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +0 -25
  278. data/cookbooks/nagios/templates/default/hosts.cfg.erb +0 -15
  279. data/cookbooks/nagios/templates/default/htpasswd.users.erb +0 -6
  280. data/cookbooks/nagios/templates/default/nagios.cfg.erb +0 -22
  281. data/cookbooks/nagios/templates/default/nginx.conf.erb +0 -62
  282. data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +0 -185
  283. data/cookbooks/nagios/templates/default/resource.cfg.erb +0 -27
  284. data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +0 -15
  285. data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +0 -14
  286. data/cookbooks/nagios/templates/default/services.cfg.erb +0 -14
  287. data/cookbooks/nagios/templates/default/templates.cfg.erb +0 -31
  288. data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +0 -13
  289. data/extras/image-generators/aws/centos6.yaml +0 -18
  290. data/modules/mu/defaults/google_images.yaml +0 -16
  291. data/roles/mu-master-jenkins.json +0 -24
@@ -1,6 +1,7 @@
1
1
 
2
2
  property :mountpoint, String, name_property: true
3
3
  property :device, String, required: true
4
+ property :delete_on_termination, :kind_of => [TrueClass, FalseClass], default: true
4
5
  property :preserve_data, :kind_of => [TrueClass, FalseClass], :required => false, :default => false
5
6
  property :reboot_after_create, :kind_of => [TrueClass, FalseClass], :required => false, :default => false
6
7
  property :size, Integer, default: 8
@@ -22,7 +23,8 @@ action :create do
22
23
  request "add_volume"
23
24
  passparams(
24
25
  :dev => devicename,
25
- :size => new_resource.size
26
+ :size => new_resource.size,
27
+ :delete_on_termination => new_resource.delete_on_termination
26
28
  )
27
29
  not_if { ::File.exist?(device) }
28
30
  end
@@ -165,4 +165,4 @@ UseDNS no
165
165
 
166
166
  # CAP Mod, restrict ciphers
167
167
  Ciphers aes128-ctr,aes192-ctr,aes256-ctr
168
- AllowUsers root
168
+ AllowUsers ec2-user root
@@ -6,7 +6,7 @@
6
6
  # doing only private IPs although that can be problematic
7
7
  # if the same deploy has cross VPC or cross region resources
8
8
  if n.name != @hostname %>
9
- <%= n.ipaddress %> <%= n.name %>
9
+ <%= n['ipaddress'] %> <%= n.name %>
10
10
  <%
11
11
  end
12
12
  }
@@ -0,0 +1,27 @@
1
+ apiVersion: v1
2
+ clusters:
3
+ - cluster:
4
+ server: <%= @endpoint %>
5
+ certificate-authority-data: <%= @cacert %>
6
+ name: <%= @cluster %>
7
+ kind: Config
8
+ preferences: {}
9
+ contexts:
10
+ - context:
11
+ cluster: <%= @cluster %>
12
+ user: client
13
+ name: client
14
+ <% if @username and @password %>- context:
15
+ cluster: <%= @cluster %>
16
+ user: <%= @username %>
17
+ name: <%= @username %>
18
+ current-context: <%= @username %><% else %>current-context: client<% end %>
19
+ users:
20
+ - name: client
21
+ user:
22
+ client-certificate-data: <%= @clientcert %>
23
+ client-key-data: <%= @clientkey %>
24
+ <% if @username and @password %>- name: <%= @username %>
25
+ user:
26
+ username: <%= @username %>
27
+ password: <%= @password %><% end %>
@@ -0,0 +1,137 @@
1
+ # $OpenBSD: sshd_config,v 1.99 2016/07/11 03:19:44 tedu Exp $
2
+
3
+ # This is the sshd server system-wide configuration file. See
4
+ # sshd_config(5) for more information.
5
+
6
+ # This sshd was compiled with PATH=/bin:/usr/sbin:/sbin:/usr/bin
7
+
8
+ # The strategy used for options in the default sshd_config shipped with
9
+ # OpenSSH is to specify options with their default value where
10
+ # possible, but leave them commented. Uncommented options override the
11
+ # default value.
12
+
13
+ #Port 22
14
+ #AddressFamily any
15
+ #ListenAddress 0.0.0.0
16
+ #ListenAddress ::
17
+
18
+ # The default requires explicit activation of protocol 1
19
+ #Protocol 2
20
+
21
+ # HostKey for protocol version 1
22
+ #HostKey C:\ProgramData\ssh\ssh_host_key
23
+ # HostKeys for protocol version 2
24
+ HostKey C:\ProgramData\ssh\ssh_host_rsa_key
25
+ HostKey C:\ProgramData\ssh\ssh_host_dsa_key
26
+ HostKey C:\ProgramData\ssh\ssh_host_ecdsa_key
27
+ HostKey C:\ProgramData\ssh\ssh_host_ed25519_key
28
+
29
+ # Lifetime and size of ephemeral version 1 server key
30
+ #KeyRegenerationInterval 1h
31
+ #ServerKeyBits 1024
32
+
33
+ # Ciphers and keying
34
+ #RekeyLimit default none
35
+
36
+ Ciphers aes256-ctr
37
+ KexAlgorithms diffie-hellman-group-exchange-sha256
38
+ MACs hmac-sha2-256
39
+
40
+ # Logging
41
+ #SyslogFacility AUTH
42
+ #LogLevel ERROR
43
+
44
+ # Authentication:
45
+
46
+ #LoginGraceTime 2m
47
+ #PermitRootLogin prohibit-password
48
+ StrictModes no
49
+ #MaxAuthTries 6
50
+ #MaxSessions 10
51
+
52
+ #RSAAuthentication yes
53
+ #PubkeyAuthentication yes
54
+
55
+ # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
56
+ # but this is overridden so installations will only check .ssh/authorized_keys
57
+ AuthorizedKeysFile .ssh/authorized_keys
58
+
59
+ #AuthorizedPrincipalsFile none
60
+
61
+ #AuthorizedKeysCommand none
62
+ #AuthorizedKeysCommandUser nobody
63
+
64
+ # For this to work you will also need host keys in /etc/ssh_known_hosts
65
+ #RhostsRSAAuthentication no
66
+ # similar for protocol version 2
67
+ #HostbasedAuthentication no
68
+ # Change to yes if you don't trust ~/.ssh/known_hosts for
69
+ # RhostsRSAAuthentication and HostbasedAuthentication
70
+ #IgnoreUserKnownHosts no
71
+ # Don't read the user's ~/.rhosts and ~/.shosts files
72
+ #IgnoreRhosts yes
73
+
74
+ # To disable tunneled clear text passwords, change to no here!
75
+ PasswordAuthentication no
76
+ #PermitEmptyPasswords no
77
+
78
+ # Change to no to disable s/key passwords
79
+ #ChallengeResponseAuthentication yes
80
+
81
+ # Kerberos options
82
+ #KerberosAuthentication no
83
+ #KerberosOrLocalPasswd yes
84
+ #KerberosTicketCleanup yes
85
+ #KerberosGetAFSToken no
86
+
87
+ # GSSAPI options
88
+ #GSSAPIAuthentication no
89
+ #GSSAPICleanupCredentials yes
90
+
91
+ # Set this to 'yes' to enable PAM authentication, account processing,
92
+ # and session processing. If this is enabled, PAM authentication will
93
+ # be allowed through the ChallengeResponseAuthentication and
94
+ # PasswordAuthentication. Depending on your PAM configuration,
95
+ # PAM authentication via ChallengeResponseAuthentication may bypass
96
+ # the setting of "PermitRootLogin without-password".
97
+ # If you just want the PAM account and session checks to run without
98
+ # PAM authentication, then enable this but set PasswordAuthentication
99
+ # and ChallengeResponseAuthentication to 'no'.
100
+ #UsePAM no
101
+
102
+ #AllowAgentForwarding yes
103
+ #AllowTcpForwarding yes
104
+ #GatewayPorts no
105
+ #X11Forwarding no
106
+ #X11DisplayOffset 10
107
+ #X11UseLocalhost yes
108
+ #PermitTTY yes
109
+ #PrintMotd yes
110
+ #PrintLastLog yes
111
+ #TCPKeepAlive yes
112
+ #UseLogin no
113
+ #PermitUserEnvironment no
114
+ #Compression delayed
115
+ #ClientAliveInterval 0
116
+ #ClientAliveCountMax 3
117
+ #UseDNS no
118
+ #PidFile /var/run/sshd.pid
119
+ #MaxStartups 10:30:100
120
+ #PermitTunnel no
121
+ #ChrootDirectory none
122
+ #VersionAddendum none
123
+
124
+ # no default banner path
125
+ #Banner none
126
+
127
+ # override default of no subsystems
128
+ Subsystem sftp /usr/sbin/sftp-server
129
+
130
+ # Example of overriding settings on a per-user basis
131
+ #Match User anoncvs
132
+ # X11Forwarding no
133
+ # AllowTcpForwarding no
134
+ # PermitTTY no
135
+ # ForceCommand cvs server
136
+
137
+ AllowGroups Administrators sshusers
@@ -56,6 +56,10 @@ else
56
56
  raw "-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT"
57
57
  position 97
58
58
  end
59
+ firewall_rule "inbound from NAT network" do
60
+ raw "-A INPUT -s #{$ip_block} -j ACCEPT"
61
+ position 98
62
+ end
59
63
  firewall_rule "NAT forwarding" do
60
64
  raw "-A FORWARD -s #{$ip_block} -j ACCEPT"
61
65
  position 98
Binary file
Binary file
@@ -46,8 +46,8 @@ MU::Cloud::AWS.listRegions.each { | r|
46
46
  }
47
47
  MU.log "Deregistering #{ami.name} (#{ami.creation_date})", MU::WARN, details: snaps
48
48
  MU::Cloud::AWS.ec2(region: r, credentials: credentials).deregister_image(image_id: ami.image_id)
49
- snaps.each { |snap_id|
50
- MU::Cloud::AWS.ec2(region: r, credentials: credentials).delete_snapshot(snapshot_id: snap_id)
49
+ snaps.each { |snap_id|
50
+ MU::Cloud::AWS.ec2(region: r, credentials: credentials).delete_snapshot(snapshot_id: snap_id)
51
51
  }
52
52
  end
53
53
  }
@@ -0,0 +1,131 @@
1
+ #!/usr/local/ruby-current/bin/ruby
2
+ # Copyright:: Copyright (c) 2019 eGlobalTech, Inc., all rights reserved
3
+ #
4
+ # Licensed under the BSD-3 license (the "License");
5
+ # you may not use this file except in compliance with the License.
6
+ # You may obtain a copy of the License in the root of the project or at
7
+ #
8
+ # http://egt-labs.com/mu/LICENSE.html
9
+ #
10
+ # Unless required by applicable law or agreed to in writing, software
11
+ # distributed under the License is distributed on an "AS IS" BASIS,
12
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ # See the License for the specific language governing permissions and
14
+ # limitations under the License.
15
+
16
+
17
+ require File.realpath(File.expand_path(File.dirname(__FILE__)+"/../bin/mu-load-config.rb"))
18
+ # now we have our global config available as the read-only hash $MU_CFG
19
+
20
+ require 'rubygems'
21
+ require 'bundler/setup'
22
+ require 'optimist'
23
+ require 'mu'
24
+
25
+ bok_dir = MU.myRoot+"/extras/image-generators"
26
+
27
+ available_clouds = {}
28
+ Dir.foreach(bok_dir) { |d|
29
+ next if d == "." or d == ".."
30
+ next if !Dir.exist?(MU.myRoot+"/extras/image-generators/"+d)
31
+ available_clouds[d] = []
32
+ Dir.foreach(bok_dir+"/"+d) { |yamlfile|
33
+ next if !yamlfile.match(/(.+?)\.yaml$/)
34
+ platform = Regexp.last_match[1]
35
+ available_clouds[d] << platform
36
+ }
37
+ }
38
+
39
+ $opts = Optimist::options do
40
+ banner <<-EOS
41
+ Usage:
42
+ #{$0} [-c <cloud>] [-p <platform>]
43
+ EOS
44
+ opt :clouds, "Clouds for which to generate images", :require => false, :type => :strings, :default => available_clouds.keys
45
+ opt :platforms, "Platforms for which to generate images", :require => false, :type => :strings, :default => available_clouds.values.flatten.sort.uniq
46
+ opt :environment, "Environment with which to tag our generated images.", :require => false, :type => :string, :default => "prod"
47
+ opt :age, "Minimum age, in days, at which we will replace existing images. Set to 0 to force a new build regardless of age.", :require => false, :type => :integer, :default => 30
48
+ if available_clouds.keys.include?("AWS")
49
+ opt :upload_to, "AWS S3 bucket and path to which we should upload our updated image list.", :require => false, :type => :string, :default => "s3://"+MU::Cloud::BASE_IMAGE_BUCKET+MU::Cloud::BASE_IMAGE_PATH
50
+ end
51
+ available_clouds.keys.each { |cloud|
52
+ opt (cloud.downcase+"_creds").to_sym, "Credentials to use when creating images in #{cloud}.", :require => false, :type => :string
53
+ }
54
+ opt :dryrun, "Don't actually run our deploy.", :require => false, :type => :boolean, :default => false
55
+ end
56
+
57
+ pwd = Dir.pwd
58
+
59
+ if !available_clouds.keys.include?("AWS") # XXX or if we don't have permissions to write $opt[:upload_to]
60
+ MU.log "No AWS credentials available- I have nowhere to upload new imaged lists. Will print to STDOUT instead.", MU::WARN
61
+ end
62
+
63
+ now = DateTime.now
64
+
65
+ exitcode = 0
66
+ $opts[:clouds].each { |cloud|
67
+ current_images = MU::Cloud.getStockImage(cloud, fail_hard: true)
68
+ $opts[:platforms].each { |platform|
69
+ if File.exists?(bok_dir+"/"+cloud+"/"+platform+".yaml")
70
+ cloudclass = Object.const_get("MU").const_get("Cloud").const_get(cloud).const_get("Server")
71
+ if current_images[platform].is_a?(String)
72
+ age = cloudclass.imageTimeStamp(current_images[platform])
73
+ if (now - age) >= $opts[:age]
74
+ MU.log "#{cloud} image for #{platform} was last built #{age.to_s}, refreshing", MU::NOTICE
75
+ else
76
+ next
77
+ end
78
+ else
79
+ needed = false
80
+ if !current_images[platform]
81
+ needed = true
82
+ else
83
+ current_images[platform].each_pair { |r, img_id|
84
+ age = cloudclass.imageTimeStamp(img_id, region: r)
85
+ if (now - age) >= $opts[:age]
86
+ MU.log "#{cloud} image for #{platform} was last built #{age.to_s}, refreshing", MU::NOTICE
87
+ needed = true
88
+ break
89
+ end
90
+ }
91
+ end
92
+ next if !needed
93
+ end
94
+ conf_engine = MU::Config.new(
95
+ bok_dir+"/"+cloud+"/"+platform+".yaml",
96
+ default_credentials: $opts[(cloud.downcase+"_creds").to_sym]
97
+ )
98
+ stack_conf = conf_engine.config
99
+
100
+ if $opts[:dryrun]
101
+ puts stack_conf.to_yaml
102
+ else
103
+ begin
104
+ deployer = MU::Deploy.new(
105
+ $opts[:environment],
106
+ stack_conf: stack_conf
107
+ )
108
+ deployer.run
109
+ MU.log "New images for #{cloud}:#{platform}", MU::NOTICE, details: deployer.mommacat.deployment['images']
110
+ current_images[platform] ||= {}
111
+ current_images.deep_merge!(deployer.mommacat.deployment['images'])
112
+
113
+ # Scrub any loose metadata left over from our image deployment. It's
114
+ # ok, this won't touch the images we just made.
115
+ MU::Cleanup.run(deployer.mommacat.deploy_id, skipsnapshots: true, verbosity: MU::Logger::QUIET)
116
+ rescue Exception => e
117
+ MU.log e.message, MU::ERR
118
+ exitcode = 1
119
+ end
120
+ end
121
+ end
122
+ }
123
+
124
+ if !available_clouds.keys.include?("AWS") # XXX or if we don't have permissions
125
+ puts current_images.to_yaml
126
+ elsif !$opts[:dryrun]
127
+ MU::Cloud::AWS::Bucket.upload($opts[:upload_to]+"/"+cloud+".yaml", data: current_images.to_yaml, credentials: $opts[:aws_creds], acl: "public-read")
128
+ end
129
+ }
130
+
131
+ exit exitcode
File without changes
@@ -0,0 +1,17 @@
1
+ ---
2
+ appname: mu
3
+ servers:
4
+ - name: centos6
5
+ platform: centos6
6
+ size: m3.medium
7
+ scrub_groomer: true
8
+ run_list:
9
+ - recipe[mu-tools::cloudinit]
10
+ - recipe[mu-tools::apply_security]
11
+ - recipe[mu-tools::updates]
12
+ - recipe[mu-tools::split_var_partitions]
13
+ create_image:
14
+ image_then_destroy: true
15
+ public: true
16
+ copy_to_regions:
17
+ - "#ALL"
@@ -3,6 +3,7 @@
3
3
  servers:
4
4
  - name: centos6
5
5
  cloud: Google
6
+ image_id: "centos-cloud/centos-6"
6
7
  platform: centos6
7
8
  ssh_user: centos
8
9
  size: g1-small
@@ -0,0 +1,18 @@
1
+ ---
2
+ appname: mu
3
+ servers:
4
+ - name: centos7
5
+ cloud: Google
6
+ image_id: "centos-cloud/centos-7"
7
+ platform: centos6
8
+ ssh_user: centos
9
+ size: g1-small
10
+ associate_public_ip: true
11
+ run_list:
12
+ - recipe[mu-tools::cloudinit]
13
+ - recipe[mu-tools::apply_security]
14
+ - recipe[mu-tools::updates]
15
+ - recipe[mu-tools::split_var_partitions]
16
+ create_image:
17
+ image_then_destroy: true
18
+ public: true
File without changes
Binary file
File without changes
@@ -1,7 +1,7 @@
1
1
  Summary: Ruby for Mu(by)
2
2
  BuildArch: x86_64
3
3
  Name: muby
4
- Version: 2.5.3
4
+ Version: 2.5.5
5
5
  Release: 1%{dist}
6
6
  Group: Development/Languages
7
7
  License: Ruby License/GPL - see COPYING
@@ -1,8 +1,46 @@
1
1
  # Cloudamatic Mu Master Installation
2
- There are two paths to creating a Mu Master.
2
+ There are two paths to creating a Mu Master. _Typical Installation_ and _CloudFormation Installation_
3
3
 
4
- - **Typical Installation**: The simplest and recommended path is to use our CloudFormation script to configure an appropriate Virtual Private Cloud and master with all features enabled, including both a command line and Jenkins GUI user interface.
5
- - **Custom Installation:** If you prefer, you can also create your own VPC and manually provision a Mu Master. This gives you more control over the shape of the master VPC and individual settings
4
+ ## Typical Instalation
5
+ In the standard instsatation create your original VPC and manually provision a Mu Master instance.
6
6
 
7
- For detailed instructions on both installation techniques see [our Wiki Installation page](https://github.com/cloudamatic/mu/wiki/Install-Home)
8
- For mu master usage instructions see [our Wiki usage page](https://github.com/cloudamatic/mu/wiki/Usage)
7
+ ### Prerequisites
8
+ 1. Fully configured networking for the Mu Master
9
+ * Must have access to the internet
10
+ * Must manually configure any security on the networking
11
+ 1. Properly configured instance
12
+ * Supported OS `CentOS 6-7`, `RHEL 6-7`, or `Amazon Linux 2`
13
+ * API credentials to grant proper Mu-Master permissions. (Cloud provider roles recomended when hosted in the same cloud you intend to work in.)
14
+
15
+ ### Installation
16
+
17
+ **To Install From Master**
18
+ ```
19
+ curl https://raw.githubusercontent.com/cloudamatic/mu/master/install/installer > installer
20
+ chmod +x installer
21
+ ./installer
22
+ ```
23
+
24
+ **To Install From Development or Other Branch**
25
+ ```
26
+ curl https://raw.githubusercontent.com/cloudamatic/mu/development/install/installer > installer
27
+ chmod +x installer
28
+ MU_BRANCH=development ./installer
29
+ ```
30
+
31
+ **Silent Install**
32
+ ```
33
+ TODO: @zr2d2
34
+ ```
35
+ >For detailed instructions on installation techniques see [our Wiki Installation page](https://github.com/cloudamatic/mu/wiki/Install-Home)
36
+
37
+ ## CloudFormation Installation
38
+ > This method is depricated and may be removed from future releases
39
+
40
+ The simplest path is to use our CloudFormation script to configure an appropriate Virtual Private Cloud and master with all features enabled.
41
+
42
+ ### Get Started by Clicking the Launch Button!!
43
+
44
+ [![Launch Stack](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=CloudamaticInstaller&templateURL=https://s3.amazonaws.com/mu-cfn-installer/cfn_create_mu_master.json)
45
+
46
+ >All AWS resources Created in `us-east-1` region.