RubyGems - cloud-mu - Versions diffs - 2.1.0beta → 3.0.0beta - Mend

cloud-mu 2.1.0beta → 3.0.0beta

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (291) hide show

checksums.yaml +5 -5
data/Berksfile +4 -5
data/Berksfile.lock +179 -0
data/README.md +1 -6
data/ansible/roles/geerlingguy.firewall/templates/firewall.bash.j2 +0 -0
data/ansible/roles/mu-installer/README.md +33 -0
data/ansible/roles/mu-installer/defaults/main.yml +2 -0
data/ansible/roles/mu-installer/handlers/main.yml +2 -0
data/ansible/roles/mu-installer/meta/main.yml +60 -0
data/ansible/roles/mu-installer/tasks/main.yml +13 -0
data/ansible/roles/mu-installer/tests/inventory +2 -0
data/ansible/roles/mu-installer/tests/test.yml +5 -0
data/ansible/roles/mu-installer/vars/main.yml +2 -0
data/bin/mu-adopt +125 -0
data/bin/mu-aws-setup +4 -4
data/bin/mu-azure-setup +265 -0
data/bin/mu-azure-tests +43 -0
data/bin/mu-cleanup +20 -8
data/bin/mu-configure +224 -98
data/bin/mu-deploy +8 -3
data/bin/mu-gcp-setup +16 -8
data/bin/mu-gen-docs +92 -8
data/bin/mu-load-config.rb +52 -12
data/bin/mu-momma-cat +36 -0
data/bin/mu-node-manage +34 -27
data/bin/mu-self-update +2 -2
data/bin/mu-ssh +12 -8
data/bin/mu-upload-chef-artifacts +11 -4
data/bin/mu-user-manage +3 -0
data/cloud-mu.gemspec +8 -11
data/cookbooks/firewall/libraries/helpers_iptables.rb +2 -2
data/cookbooks/firewall/metadata.json +1 -1
data/cookbooks/firewall/recipes/default.rb +5 -9
data/cookbooks/mu-firewall/attributes/default.rb +2 -0
data/cookbooks/mu-firewall/metadata.rb +1 -1
data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +0 -0
data/cookbooks/mu-master/Berksfile +2 -2
data/cookbooks/mu-master/files/default/check_mem.pl +0 -0
data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
data/cookbooks/mu-master/metadata.rb +5 -4
data/cookbooks/mu-master/recipes/389ds.rb +1 -1
data/cookbooks/mu-master/recipes/basepackages.rb +30 -10
data/cookbooks/mu-master/recipes/default.rb +59 -7
data/cookbooks/mu-master/recipes/firewall-holes.rb +1 -1
data/cookbooks/mu-master/recipes/init.rb +65 -47
data/cookbooks/mu-master/recipes/{eks-kubectl.rb → kubectl.rb} +4 -10
data/cookbooks/mu-master/recipes/sssd.rb +2 -1
data/cookbooks/mu-master/recipes/update_nagios_only.rb +6 -6
data/cookbooks/mu-master/templates/default/web_app.conf.erb +2 -2
data/cookbooks/mu-master/templates/mods/ldap.conf.erb +4 -0
data/cookbooks/mu-php54/Berksfile +1 -2
data/cookbooks/mu-php54/metadata.rb +4 -5
data/cookbooks/mu-php54/recipes/default.rb +1 -1
data/cookbooks/mu-splunk/templates/default/splunk-init.erb +0 -0
data/cookbooks/mu-tools/Berksfile +3 -2
data/cookbooks/mu-tools/files/default/Mu_CA.pem +33 -0
data/cookbooks/mu-tools/libraries/helper.rb +20 -8
data/cookbooks/mu-tools/metadata.rb +5 -2
data/cookbooks/mu-tools/recipes/apply_security.rb +2 -3
data/cookbooks/mu-tools/recipes/eks.rb +1 -1
data/cookbooks/mu-tools/recipes/gcloud.rb +5 -30
data/cookbooks/mu-tools/recipes/nagios.rb +1 -1
data/cookbooks/mu-tools/recipes/rsyslog.rb +1 -0
data/cookbooks/mu-tools/recipes/selinux.rb +19 -0
data/cookbooks/mu-tools/recipes/split_var_partitions.rb +0 -1
data/cookbooks/mu-tools/recipes/windows-client.rb +256 -122
data/cookbooks/mu-tools/resources/disk.rb +3 -1
data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +1 -1
data/cookbooks/mu-tools/templates/default/etc_hosts.erb +1 -1
data/cookbooks/mu-tools/templates/default/{kubeconfig.erb → kubeconfig-eks.erb} +0 -0
data/cookbooks/mu-tools/templates/default/kubeconfig-gke.erb +27 -0
data/cookbooks/mu-tools/templates/windows-10/sshd_config.erb +137 -0
data/cookbooks/mu-utility/recipes/nat.rb +4 -0
data/extras/alpha.png +0 -0
data/extras/beta.png +0 -0
data/extras/clean-stock-amis +2 -2
data/extras/generate-stock-images +131 -0
data/extras/git-fix-permissions-hook +0 -0
data/extras/image-generators/AWS/centos6.yaml +17 -0
data/extras/image-generators/{aws → AWS}/centos7-govcloud.yaml +0 -0
data/extras/image-generators/{aws → AWS}/centos7.yaml +0 -0
data/extras/image-generators/{aws → AWS}/rhel7.yaml +0 -0
data/extras/image-generators/{aws → AWS}/win2k12.yaml +0 -0
data/extras/image-generators/{aws → AWS}/win2k16.yaml +0 -0
data/extras/image-generators/{aws → AWS}/windows.yaml +0 -0
data/extras/image-generators/{gcp → Google}/centos6.yaml +1 -0
data/extras/image-generators/Google/centos7.yaml +18 -0
data/extras/python_rpm/build.sh +0 -0
data/extras/release.png +0 -0
data/extras/ruby_rpm/build.sh +0 -0
data/extras/ruby_rpm/muby.spec +1 -1
data/install/README.md +43 -5
data/install/deprecated-bash-library.sh +0 -0
data/install/installer +1 -1
data/install/jenkinskeys.rb +0 -0
data/install/mu-master.yaml +55 -0
data/modules/mommacat.ru +41 -7
data/modules/mu.rb +444 -149
data/modules/mu/adoption.rb +500 -0
data/modules/mu/cleanup.rb +235 -158
data/modules/mu/cloud.rb +675 -138
data/modules/mu/clouds/aws.rb +156 -24
data/modules/mu/clouds/aws/alarm.rb +4 -14
data/modules/mu/clouds/aws/bucket.rb +60 -18
data/modules/mu/clouds/aws/cache_cluster.rb +8 -20
data/modules/mu/clouds/aws/collection.rb +12 -22
data/modules/mu/clouds/aws/container_cluster.rb +209 -118
data/modules/mu/clouds/aws/database.rb +120 -45
data/modules/mu/clouds/aws/dnszone.rb +7 -18
data/modules/mu/clouds/aws/endpoint.rb +5 -15
data/modules/mu/clouds/aws/firewall_rule.rb +144 -72
data/modules/mu/clouds/aws/folder.rb +4 -11
data/modules/mu/clouds/aws/function.rb +6 -16
data/modules/mu/clouds/aws/group.rb +4 -12
data/modules/mu/clouds/aws/habitat.rb +11 -13
data/modules/mu/clouds/aws/loadbalancer.rb +40 -28
data/modules/mu/clouds/aws/log.rb +5 -13
data/modules/mu/clouds/aws/msg_queue.rb +9 -24
data/modules/mu/clouds/aws/nosqldb.rb +4 -12
data/modules/mu/clouds/aws/notifier.rb +6 -13
data/modules/mu/clouds/aws/role.rb +69 -40
data/modules/mu/clouds/aws/search_domain.rb +17 -20
data/modules/mu/clouds/aws/server.rb +184 -94
data/modules/mu/clouds/aws/server_pool.rb +33 -38
data/modules/mu/clouds/aws/storage_pool.rb +5 -12
data/modules/mu/clouds/aws/user.rb +59 -33
data/modules/mu/clouds/aws/userdata/linux.erb +18 -30
data/modules/mu/clouds/aws/userdata/windows.erb +9 -9
data/modules/mu/clouds/aws/vpc.rb +214 -145
data/modules/mu/clouds/azure.rb +978 -44
data/modules/mu/clouds/azure/container_cluster.rb +413 -0
data/modules/mu/clouds/azure/firewall_rule.rb +500 -0
data/modules/mu/clouds/azure/habitat.rb +167 -0
data/modules/mu/clouds/azure/loadbalancer.rb +205 -0
data/modules/mu/clouds/azure/role.rb +211 -0
data/modules/mu/clouds/azure/server.rb +810 -0
data/modules/mu/clouds/azure/user.rb +257 -0
data/modules/mu/clouds/azure/userdata/README.md +4 -0
data/modules/mu/clouds/azure/userdata/linux.erb +137 -0
data/modules/mu/clouds/azure/userdata/windows.erb +275 -0
data/modules/mu/clouds/azure/vpc.rb +782 -0
data/modules/mu/clouds/cloudformation.rb +12 -9
data/modules/mu/clouds/cloudformation/firewall_rule.rb +5 -13
data/modules/mu/clouds/cloudformation/server.rb +10 -1
data/modules/mu/clouds/cloudformation/server_pool.rb +1 -0
data/modules/mu/clouds/cloudformation/vpc.rb +0 -2
data/modules/mu/clouds/google.rb +554 -117
data/modules/mu/clouds/google/bucket.rb +173 -32
data/modules/mu/clouds/google/container_cluster.rb +1112 -157
data/modules/mu/clouds/google/database.rb +24 -47
data/modules/mu/clouds/google/firewall_rule.rb +344 -89
data/modules/mu/clouds/google/folder.rb +156 -79
data/modules/mu/clouds/google/group.rb +272 -82
data/modules/mu/clouds/google/habitat.rb +177 -52
data/modules/mu/clouds/google/loadbalancer.rb +9 -34
data/modules/mu/clouds/google/role.rb +1211 -0
data/modules/mu/clouds/google/server.rb +491 -227
data/modules/mu/clouds/google/server_pool.rb +233 -48
data/modules/mu/clouds/google/user.rb +479 -125
data/modules/mu/clouds/google/userdata/linux.erb +3 -3
data/modules/mu/clouds/google/userdata/windows.erb +9 -9
data/modules/mu/clouds/google/vpc.rb +381 -223
data/modules/mu/config.rb +689 -214
data/modules/mu/config/bucket.rb +1 -1
data/modules/mu/config/cache_cluster.rb +1 -1
data/modules/mu/config/cache_cluster.yml +0 -4
data/modules/mu/config/container_cluster.rb +18 -9
data/modules/mu/config/database.rb +6 -23
data/modules/mu/config/firewall_rule.rb +9 -15
data/modules/mu/config/folder.rb +22 -21
data/modules/mu/config/habitat.rb +22 -21
data/modules/mu/config/loadbalancer.rb +2 -2
data/modules/mu/config/role.rb +9 -40
data/modules/mu/config/server.rb +26 -5
data/modules/mu/config/server_pool.rb +1 -1
data/modules/mu/config/storage_pool.rb +2 -2
data/modules/mu/config/user.rb +4 -0
data/modules/mu/config/vpc.rb +350 -110
data/modules/mu/defaults/{amazon_images.yaml → AWS.yaml} +37 -39
data/modules/mu/defaults/Azure.yaml +17 -0
data/modules/mu/defaults/Google.yaml +24 -0
data/modules/mu/defaults/README.md +1 -1
data/modules/mu/deploy.rb +168 -125
data/modules/mu/groomer.rb +2 -1
data/modules/mu/groomers/ansible.rb +104 -32
data/modules/mu/groomers/chef.rb +96 -44
data/modules/mu/kittens.rb +20602 -0
data/modules/mu/logger.rb +38 -11
data/modules/mu/master.rb +90 -8
data/modules/mu/master/chef.rb +2 -3
data/modules/mu/master/ldap.rb +0 -1
data/modules/mu/master/ssl.rb +250 -0
data/modules/mu/mommacat.rb +917 -513
data/modules/scratchpad.erb +1 -1
data/modules/tests/super_complex_bok.yml +0 -0
data/modules/tests/super_simple_bok.yml +0 -0
data/roles/mu-master.json +2 -1
data/spec/azure_creds +5 -0
data/spec/mu.yaml +56 -0
data/spec/mu/clouds/azure_spec.rb +164 -27
data/spec/spec_helper.rb +5 -0
data/test/clean_up.py +0 -0
data/test/exec_inspec.py +0 -0
data/test/exec_mu_install.py +0 -0
data/test/exec_retry.py +0 -0
data/test/smoke_test.rb +0 -0
metadata +90 -118
data/cookbooks/mu-jenkins/Berksfile +0 -14
data/cookbooks/mu-jenkins/CHANGELOG.md +0 -13
data/cookbooks/mu-jenkins/LICENSE +0 -37
data/cookbooks/mu-jenkins/README.md +0 -105
data/cookbooks/mu-jenkins/attributes/default.rb +0 -42
data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +0 -73
data/cookbooks/mu-jenkins/files/default/deploy_config.xml +0 -44
data/cookbooks/mu-jenkins/metadata.rb +0 -21
data/cookbooks/mu-jenkins/recipes/default.rb +0 -195
data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +0 -54
data/cookbooks/mu-jenkins/recipes/public_key.rb +0 -24
data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +0 -24
data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +0 -14
data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +0 -6
data/cookbooks/nagios/Berksfile +0 -11
data/cookbooks/nagios/CHANGELOG.md +0 -589
data/cookbooks/nagios/CONTRIBUTING.md +0 -11
data/cookbooks/nagios/LICENSE +0 -37
data/cookbooks/nagios/README.md +0 -328
data/cookbooks/nagios/TESTING.md +0 -2
data/cookbooks/nagios/attributes/config.rb +0 -171
data/cookbooks/nagios/attributes/default.rb +0 -228
data/cookbooks/nagios/chefignore +0 -102
data/cookbooks/nagios/definitions/command.rb +0 -33
data/cookbooks/nagios/definitions/contact.rb +0 -33
data/cookbooks/nagios/definitions/contactgroup.rb +0 -33
data/cookbooks/nagios/definitions/host.rb +0 -33
data/cookbooks/nagios/definitions/hostdependency.rb +0 -33
data/cookbooks/nagios/definitions/hostescalation.rb +0 -34
data/cookbooks/nagios/definitions/hostgroup.rb +0 -33
data/cookbooks/nagios/definitions/nagios_conf.rb +0 -38
data/cookbooks/nagios/definitions/resource.rb +0 -33
data/cookbooks/nagios/definitions/service.rb +0 -33
data/cookbooks/nagios/definitions/servicedependency.rb +0 -33
data/cookbooks/nagios/definitions/serviceescalation.rb +0 -34
data/cookbooks/nagios/definitions/servicegroup.rb +0 -33
data/cookbooks/nagios/definitions/timeperiod.rb +0 -33
data/cookbooks/nagios/libraries/base.rb +0 -314
data/cookbooks/nagios/libraries/command.rb +0 -91
data/cookbooks/nagios/libraries/contact.rb +0 -230
data/cookbooks/nagios/libraries/contactgroup.rb +0 -112
data/cookbooks/nagios/libraries/custom_option.rb +0 -36
data/cookbooks/nagios/libraries/data_bag_helper.rb +0 -23
data/cookbooks/nagios/libraries/default.rb +0 -90
data/cookbooks/nagios/libraries/host.rb +0 -412
data/cookbooks/nagios/libraries/hostdependency.rb +0 -181
data/cookbooks/nagios/libraries/hostescalation.rb +0 -173
data/cookbooks/nagios/libraries/hostgroup.rb +0 -119
data/cookbooks/nagios/libraries/nagios.rb +0 -282
data/cookbooks/nagios/libraries/resource.rb +0 -59
data/cookbooks/nagios/libraries/service.rb +0 -455
data/cookbooks/nagios/libraries/servicedependency.rb +0 -215
data/cookbooks/nagios/libraries/serviceescalation.rb +0 -195
data/cookbooks/nagios/libraries/servicegroup.rb +0 -144
data/cookbooks/nagios/libraries/timeperiod.rb +0 -160
data/cookbooks/nagios/libraries/users_helper.rb +0 -54
data/cookbooks/nagios/metadata.rb +0 -25
data/cookbooks/nagios/recipes/_load_databag_config.rb +0 -153
data/cookbooks/nagios/recipes/_load_default_config.rb +0 -241
data/cookbooks/nagios/recipes/apache.rb +0 -48
data/cookbooks/nagios/recipes/default.rb +0 -204
data/cookbooks/nagios/recipes/nginx.rb +0 -82
data/cookbooks/nagios/recipes/pagerduty.rb +0 -143
data/cookbooks/nagios/recipes/server_package.rb +0 -40
data/cookbooks/nagios/recipes/server_source.rb +0 -164
data/cookbooks/nagios/templates/default/apache2.conf.erb +0 -96
data/cookbooks/nagios/templates/default/cgi.cfg.erb +0 -266
data/cookbooks/nagios/templates/default/commands.cfg.erb +0 -13
data/cookbooks/nagios/templates/default/contacts.cfg.erb +0 -37
data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +0 -25
data/cookbooks/nagios/templates/default/hosts.cfg.erb +0 -15
data/cookbooks/nagios/templates/default/htpasswd.users.erb +0 -6
data/cookbooks/nagios/templates/default/nagios.cfg.erb +0 -22
data/cookbooks/nagios/templates/default/nginx.conf.erb +0 -62
data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +0 -185
data/cookbooks/nagios/templates/default/resource.cfg.erb +0 -27
data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +0 -15
data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +0 -14
data/cookbooks/nagios/templates/default/services.cfg.erb +0 -14
data/cookbooks/nagios/templates/default/templates.cfg.erb +0 -31
data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +0 -13
data/extras/image-generators/aws/centos6.yaml +0 -18
data/modules/mu/defaults/google_images.yaml +0 -16
data/roles/mu-master-jenkins.json +0 -24

data/cookbooks/mu-tools/resources/disk.rb CHANGED

@@ -1,6 +1,7 @@
 property :mountpoint, String, name_property: true
 property :device, String, required: true
+property :delete_on_termination, :kind_of => [TrueClass, FalseClass], default: true
 property :preserve_data, :kind_of => [TrueClass, FalseClass], :required => false, :default => false
 property :reboot_after_create, :kind_of => [TrueClass, FalseClass], :required => false, :default => false
 property :size, Integer, default: 8
@@ -22,7 +23,8 @@ action :create do
     request "add_volume"
     passparams(
       :dev => devicename,
-      :size => new_resource.size
+      :size => new_resource.size,
+      :delete_on_termination => new_resource.delete_on_termination
     )
     not_if { ::File.exist?(device) }
   end

data/cookbooks/mu-tools/templates/amazon/sshd_config.erb CHANGED

@@ -165,4 +165,4 @@ UseDNS no
 # CAP Mod, restrict ciphers
 Ciphers aes128-ctr,aes192-ctr,aes256-ctr
-AllowUsers root
+AllowUsers ec2-user root

data/cookbooks/mu-tools/templates/default/etc_hosts.erb CHANGED

@@ -6,7 +6,7 @@
 # doing only private IPs although that can be problematic
 # if the same deploy has cross VPC or cross region resources
   if n.name != @hostname %>
-<%= n.ipaddress %> <%= n.name %>
+<%= n['ipaddress'] %> <%= n.name %>
 <%
   end
   }

data/cookbooks/mu-tools/templates/default/{kubeconfig.erb → kubeconfig-eks.erb} RENAMED

File without changes

data/cookbooks/mu-tools/templates/default/kubeconfig-gke.erb ADDED

@@ -0,0 +1,27 @@
+apiVersion: v1
+clusters:
+- cluster:
+    server: <%= @endpoint %>
+    certificate-authority-data: <%= @cacert %>
+  name: <%= @cluster %>
+kind: Config
+preferences: {}
+contexts:
+- context:
+    cluster: <%= @cluster %>
+    user: client
+  name: client
+<% if @username and @password %>- context:
+    cluster: <%= @cluster %>
+    user: <%= @username %>
+  name: <%= @username %>
+current-context: <%= @username %><% else %>current-context: client<% end %>
+users:
+- name: client
+  user:
+    client-certificate-data: <%= @clientcert %>
+    client-key-data: <%= @clientkey %>
+<% if @username and @password %>- name: <%= @username %>
+  user:
+    username: <%= @username %>
+    password: <%= @password %><% end %>

data/cookbooks/mu-tools/templates/windows-10/sshd_config.erb ADDED

@@ -0,0 +1,137 @@
+# $OpenBSD: sshd_config,v 1.99 2016/07/11 03:19:44 tedu Exp $
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+# This sshd was compiled with PATH=/bin:/usr/sbin:/sbin:/usr/bin
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+# The default requires explicit activation of protocol 1
+#Protocol 2
+# HostKey for protocol version 1
+#HostKey C:\ProgramData\ssh\ssh_host_key
+# HostKeys for protocol version 2
+HostKey C:\ProgramData\ssh\ssh_host_rsa_key
+HostKey C:\ProgramData\ssh\ssh_host_dsa_key
+HostKey C:\ProgramData\ssh\ssh_host_ecdsa_key
+HostKey C:\ProgramData\ssh\ssh_host_ed25519_key
+# Lifetime and size of ephemeral version 1 server key
+#KeyRegenerationInterval 1h
+#ServerKeyBits 1024
+# Ciphers and keying
+#RekeyLimit default none
+Ciphers aes256-ctr
+KexAlgorithms diffie-hellman-group-exchange-sha256
+MACs hmac-sha2-256
+# Logging
+#SyslogFacility AUTH
+#LogLevel ERROR
+# Authentication:
+#LoginGraceTime 2m
+#PermitRootLogin prohibit-password
+StrictModes no
+#MaxAuthTries 6
+#MaxSessions 10
+#RSAAuthentication yes
+#PubkeyAuthentication yes
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile .ssh/authorized_keys
+#AuthorizedPrincipalsFile none
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+#RhostsRSAAuthentication no
+# similar for protocol version 2
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+# To disable tunneled clear text passwords, change to no here!
+PasswordAuthentication no
+#PermitEmptyPasswords no
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+#UsePAM no
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#UseLogin no
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+# no default banner path
+#Banner none
+# override default of no subsystems
+Subsystem sftp  /usr/sbin/sftp-server
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+# X11Forwarding no
+# AllowTcpForwarding no
+# PermitTTY no
+# ForceCommand cvs server
+AllowGroups Administrators sshusers

data/cookbooks/mu-utility/recipes/nat.rb CHANGED

@@ -56,6 +56,10 @@ else
       raw "-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT"
       position 97
     end
+    firewall_rule "inbound from NAT network" do
+      raw "-A INPUT -s #{$ip_block} -j ACCEPT"
+      position 98
+    end
     firewall_rule "NAT forwarding" do
       raw "-A FORWARD -s #{$ip_block} -j ACCEPT"
       position 98

data/extras/alpha.png ADDED

Binary file

data/extras/beta.png ADDED

Binary file

data/extras/clean-stock-amis CHANGED

@@ -46,8 +46,8 @@ MU::Cloud::AWS.listRegions.each { | r|
 			}
 			MU.log "Deregistering #{ami.name} (#{ami.creation_date})", MU::WARN, details: snaps
 			MU::Cloud::AWS.ec2(region: r, credentials: credentials).deregister_image(image_id: ami.image_id)
-			snaps.each { |snap_id|
-				MU::Cloud::AWS.ec2(region: r, credentials: credentials).delete_snapshot(snapshot_id: snap_id)
+ 		  snaps.each { |snap_id|
+			  MU::Cloud::AWS.ec2(region: r, credentials: credentials).delete_snapshot(snapshot_id: snap_id)
 			}
 		end
   }

data/extras/generate-stock-images ADDED

@@ -0,0 +1,131 @@
+#!/usr/local/ruby-current/bin/ruby
+# Copyright:: Copyright (c) 2019 eGlobalTech, Inc., all rights reserved
+#
+# Licensed under the BSD-3 license (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the root of the project or at
+#
+#     http://egt-labs.com/mu/LICENSE.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+require File.realpath(File.expand_path(File.dirname(__FILE__)+"/../bin/mu-load-config.rb"))
+# now we have our global config available as the read-only hash $MU_CFG
+require 'rubygems'
+require 'bundler/setup'
+require 'optimist'
+require 'mu'
+bok_dir = MU.myRoot+"/extras/image-generators"
+available_clouds = {}
+Dir.foreach(bok_dir) { |d|
+  next if d == "." or d == ".."
+  next if !Dir.exist?(MU.myRoot+"/extras/image-generators/"+d)
+  available_clouds[d] = []
+  Dir.foreach(bok_dir+"/"+d) { |yamlfile|
+    next if !yamlfile.match(/(.+?)\.yaml$/)
+    platform = Regexp.last_match[1]
+    available_clouds[d] << platform
+  }
+}
+$opts = Optimist::options do
+  banner <<-EOS
+Usage:
+#{$0} [-c <cloud>] [-p <platform>]
+  EOS
+  opt :clouds, "Clouds for which to generate images", :require => false, :type => :strings, :default => available_clouds.keys
+  opt :platforms, "Platforms for which to generate images", :require => false, :type => :strings, :default => available_clouds.values.flatten.sort.uniq
+  opt :environment, "Environment with which to tag our generated images.", :require => false, :type => :string, :default => "prod"
+  opt :age, "Minimum age, in days, at which we will replace existing images. Set to 0 to force a new build regardless of age.", :require => false, :type => :integer, :default => 30
+  if available_clouds.keys.include?("AWS")
+    opt :upload_to, "AWS S3 bucket and path to which we should upload our updated image list.", :require => false, :type => :string, :default => "s3://"+MU::Cloud::BASE_IMAGE_BUCKET+MU::Cloud::BASE_IMAGE_PATH
+  end
+  available_clouds.keys.each { |cloud|
+    opt (cloud.downcase+"_creds").to_sym, "Credentials to use when creating images in #{cloud}.", :require => false, :type => :string
+  }
+  opt :dryrun, "Don't actually run our deploy.", :require => false, :type => :boolean, :default => false
+end
+pwd = Dir.pwd
+if !available_clouds.keys.include?("AWS") # XXX or if we don't have permissions to write $opt[:upload_to]
+  MU.log "No AWS credentials available- I have nowhere to upload new imaged lists. Will print to STDOUT instead.", MU::WARN
+end
+now = DateTime.now
+exitcode = 0
+$opts[:clouds].each { |cloud|
+  current_images = MU::Cloud.getStockImage(cloud, fail_hard: true)
+  $opts[:platforms].each { |platform|
+    if File.exists?(bok_dir+"/"+cloud+"/"+platform+".yaml")
+      cloudclass = Object.const_get("MU").const_get("Cloud").const_get(cloud).const_get("Server")
+      if current_images[platform].is_a?(String)
+        age = cloudclass.imageTimeStamp(current_images[platform])
+        if (now - age) >= $opts[:age]
+          MU.log "#{cloud} image for #{platform} was last built #{age.to_s}, refreshing", MU::NOTICE
+        else
+          next
+        end
+      else
+        needed = false
+        if !current_images[platform]
+          needed = true
+        else
+          current_images[platform].each_pair { |r, img_id|
+            age = cloudclass.imageTimeStamp(img_id, region: r)
+            if (now - age) >= $opts[:age]
+              MU.log "#{cloud} image for #{platform} was last built #{age.to_s}, refreshing", MU::NOTICE
+              needed = true
+              break
+            end
+          }
+        end
+        next if !needed
+      end
+      conf_engine = MU::Config.new(
+        bok_dir+"/"+cloud+"/"+platform+".yaml",
+        default_credentials: $opts[(cloud.downcase+"_creds").to_sym]
+      )
+      stack_conf = conf_engine.config
+      if $opts[:dryrun]
+        puts stack_conf.to_yaml
+      else
+        begin
+          deployer = MU::Deploy.new(
+            $opts[:environment],
+            stack_conf: stack_conf
+          )
+          deployer.run
+          MU.log "New images for #{cloud}:#{platform}", MU::NOTICE, details: deployer.mommacat.deployment['images']
+          current_images[platform] ||= {}
+          current_images.deep_merge!(deployer.mommacat.deployment['images'])
+          # Scrub any loose metadata left over from our image deployment. It's
+          # ok, this won't touch the images we just made.
+          MU::Cleanup.run(deployer.mommacat.deploy_id, skipsnapshots: true, verbosity: MU::Logger::QUIET)
+        rescue Exception => e
+          MU.log e.message, MU::ERR
+          exitcode = 1
+        end
+      end
+    end
+  }
+  if !available_clouds.keys.include?("AWS") # XXX or if we don't have permissions
+    puts current_images.to_yaml
+  elsif !$opts[:dryrun]
+    MU::Cloud::AWS::Bucket.upload($opts[:upload_to]+"/"+cloud+".yaml", data: current_images.to_yaml, credentials: $opts[:aws_creds], acl: "public-read")
+  end
+}
+exit exitcode

data/extras/git-fix-permissions-hook CHANGED

File without changes

data/extras/image-generators/AWS/centos6.yaml ADDED

@@ -0,0 +1,17 @@
+---
+appname: mu
+servers:
+- name: centos6
+  platform: centos6
+  size: m3.medium
+  scrub_groomer: true
+  run_list:
+  - recipe[mu-tools::cloudinit]
+  - recipe[mu-tools::apply_security]
+  - recipe[mu-tools::updates]
+  - recipe[mu-tools::split_var_partitions]
+  create_image:
+    image_then_destroy: true
+    public: true
+    copy_to_regions:
+    - "#ALL"

data/extras/image-generators/{aws → AWS}/centos7-govcloud.yaml RENAMED

File without changes

data/extras/image-generators/{aws → AWS}/centos7.yaml RENAMED

File without changes

data/extras/image-generators/{aws → AWS}/rhel7.yaml RENAMED

File without changes

data/extras/image-generators/{aws → AWS}/win2k12.yaml RENAMED

File without changes

data/extras/image-generators/{aws → AWS}/win2k16.yaml RENAMED

File without changes

data/extras/image-generators/{aws → AWS}/windows.yaml RENAMED

File without changes

data/extras/image-generators/{gcp → Google}/centos6.yaml RENAMED

@@ -3,6 +3,7 @@
   servers:
   - name: centos6
     cloud: Google
+    image_id: "centos-cloud/centos-6"
     platform: centos6
     ssh_user: centos
     size: g1-small

data/extras/image-generators/Google/centos7.yaml ADDED

@@ -0,0 +1,18 @@
+---
+  appname: mu
+  servers:
+  - name: centos7
+    cloud: Google
+    image_id: "centos-cloud/centos-7"
+    platform: centos6
+    ssh_user: centos
+    size: g1-small
+    associate_public_ip: true
+    run_list:
+    - recipe[mu-tools::cloudinit]
+    - recipe[mu-tools::apply_security]
+    - recipe[mu-tools::updates]
+    - recipe[mu-tools::split_var_partitions]
+    create_image:
+      image_then_destroy: true
+      public: true

data/extras/python_rpm/build.sh CHANGED

File without changes

data/extras/release.png ADDED

Binary file

data/extras/ruby_rpm/build.sh CHANGED

File without changes

data/extras/ruby_rpm/muby.spec CHANGED

@@ -1,7 +1,7 @@
 Summary: Ruby for Mu(by)
 BuildArch: x86_64
 Name: muby
-Version: 2.5.3
+Version: 2.5.5
 Release: 1%{dist}
 Group: Development/Languages
 License: Ruby License/GPL - see COPYING

data/install/README.md CHANGED

@@ -1,8 +1,46 @@
 # Cloudamatic Mu Master Installation
-There are two paths to creating a Mu Master.
+There are two paths to creating a Mu Master. _Typical Installation_ and _CloudFormation Installation_
-- **Typical Installation**: The simplest and recommended path is to use our CloudFormation script to configure an appropriate Virtual Private Cloud and master with all features enabled, including both a command line and Jenkins GUI user interface.
-- **Custom Installation:** If you prefer, you can also create your own VPC and manually provision a Mu Master.  This gives you more control over the shape of the master VPC and individual settings
+## Typical Instalation
+In the standard instsatation create your original VPC and manually provision a Mu Master instance.
-For detailed instructions on both installation techniques see [our Wiki Installation page](https://github.com/cloudamatic/mu/wiki/Install-Home)
-For mu master usage instructions see [our Wiki usage page](https://github.com/cloudamatic/mu/wiki/Usage)
+### Prerequisites
+1. Fully configured networking for the Mu Master
+	* Must have access to the internet
+	* Must manually configure any security on the networking
+1. Properly configured instance
+	* Supported OS `CentOS 6-7`, `RHEL 6-7`, or `Amazon Linux 2`
+	* API credentials to grant proper Mu-Master permissions. (Cloud provider roles recomended when hosted in the same cloud you intend to work in.)
+### Installation
+**To Install From Master**
+```
+curl https://raw.githubusercontent.com/cloudamatic/mu/master/install/installer > installer
+chmod +x installer
+./installer
+```
+**To Install From Development or Other Branch**
+```
+curl https://raw.githubusercontent.com/cloudamatic/mu/development/install/installer > installer
+chmod +x installer
+MU_BRANCH=development ./installer
+```
+**Silent Install**
+```
+TODO: @zr2d2
+```
+>For detailed instructions on installation techniques see [our Wiki Installation page](https://github.com/cloudamatic/mu/wiki/Install-Home)
+## CloudFormation Installation
+> This method is depricated and may be removed from future releases
+The simplest path is to use our CloudFormation script to configure an appropriate Virtual Private Cloud and master with all features enabled.
+### Get Started by Clicking the Launch Button!!
+[![Launch Stack](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=CloudamaticInstaller&templateURL=https://s3.amazonaws.com/mu-cfn-installer/cfn_create_mu_master.json)
+>All  AWS resources Created in `us-east-1` region.