RubyGems - cloud-mu - Versions diffs - 2.1.0beta → 3.0.0beta - Mend

cloud-mu 2.1.0beta → 3.0.0beta

Files changed (291) hide show

checksums.yaml +5 -5
data/Berksfile +4 -5
data/Berksfile.lock +179 -0
data/README.md +1 -6
data/ansible/roles/geerlingguy.firewall/templates/firewall.bash.j2 +0 -0
data/ansible/roles/mu-installer/README.md +33 -0
data/ansible/roles/mu-installer/defaults/main.yml +2 -0
data/ansible/roles/mu-installer/handlers/main.yml +2 -0
data/ansible/roles/mu-installer/meta/main.yml +60 -0
data/ansible/roles/mu-installer/tasks/main.yml +13 -0
data/ansible/roles/mu-installer/tests/inventory +2 -0
data/ansible/roles/mu-installer/tests/test.yml +5 -0
data/ansible/roles/mu-installer/vars/main.yml +2 -0
data/bin/mu-adopt +125 -0
data/bin/mu-aws-setup +4 -4
data/bin/mu-azure-setup +265 -0
data/bin/mu-azure-tests +43 -0
data/bin/mu-cleanup +20 -8
data/bin/mu-configure +224 -98
data/bin/mu-deploy +8 -3
data/bin/mu-gcp-setup +16 -8
data/bin/mu-gen-docs +92 -8
data/bin/mu-load-config.rb +52 -12
data/bin/mu-momma-cat +36 -0
data/bin/mu-node-manage +34 -27
data/bin/mu-self-update +2 -2
data/bin/mu-ssh +12 -8
data/bin/mu-upload-chef-artifacts +11 -4
data/bin/mu-user-manage +3 -0
data/cloud-mu.gemspec +8 -11
data/cookbooks/firewall/libraries/helpers_iptables.rb +2 -2
data/cookbooks/firewall/metadata.json +1 -1
data/cookbooks/firewall/recipes/default.rb +5 -9
data/cookbooks/mu-firewall/attributes/default.rb +2 -0
data/cookbooks/mu-firewall/metadata.rb +1 -1
data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +0 -0
data/cookbooks/mu-master/Berksfile +2 -2
data/cookbooks/mu-master/files/default/check_mem.pl +0 -0
data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
data/cookbooks/mu-master/metadata.rb +5 -4
data/cookbooks/mu-master/recipes/389ds.rb +1 -1
data/cookbooks/mu-master/recipes/basepackages.rb +30 -10
data/cookbooks/mu-master/recipes/default.rb +59 -7
data/cookbooks/mu-master/recipes/firewall-holes.rb +1 -1
data/cookbooks/mu-master/recipes/init.rb +65 -47
data/cookbooks/mu-master/recipes/{eks-kubectl.rb → kubectl.rb} +4 -10
data/cookbooks/mu-master/recipes/sssd.rb +2 -1
data/cookbooks/mu-master/recipes/update_nagios_only.rb +6 -6
data/cookbooks/mu-master/templates/default/web_app.conf.erb +2 -2
data/cookbooks/mu-master/templates/mods/ldap.conf.erb +4 -0
data/cookbooks/mu-php54/Berksfile +1 -2
data/cookbooks/mu-php54/metadata.rb +4 -5
data/cookbooks/mu-php54/recipes/default.rb +1 -1
data/cookbooks/mu-splunk/templates/default/splunk-init.erb +0 -0
data/cookbooks/mu-tools/Berksfile +3 -2
data/cookbooks/mu-tools/files/default/Mu_CA.pem +33 -0
data/cookbooks/mu-tools/libraries/helper.rb +20 -8
data/cookbooks/mu-tools/metadata.rb +5 -2
data/cookbooks/mu-tools/recipes/apply_security.rb +2 -3
data/cookbooks/mu-tools/recipes/eks.rb +1 -1
data/cookbooks/mu-tools/recipes/gcloud.rb +5 -30
data/cookbooks/mu-tools/recipes/nagios.rb +1 -1
data/cookbooks/mu-tools/recipes/rsyslog.rb +1 -0
data/cookbooks/mu-tools/recipes/selinux.rb +19 -0
data/cookbooks/mu-tools/recipes/split_var_partitions.rb +0 -1
data/cookbooks/mu-tools/recipes/windows-client.rb +256 -122
data/cookbooks/mu-tools/resources/disk.rb +3 -1
data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +1 -1
data/cookbooks/mu-tools/templates/default/etc_hosts.erb +1 -1
data/cookbooks/mu-tools/templates/default/{kubeconfig.erb → kubeconfig-eks.erb} +0 -0
data/cookbooks/mu-tools/templates/default/kubeconfig-gke.erb +27 -0
data/cookbooks/mu-tools/templates/windows-10/sshd_config.erb +137 -0
data/cookbooks/mu-utility/recipes/nat.rb +4 -0
data/extras/alpha.png +0 -0
data/extras/beta.png +0 -0
data/extras/clean-stock-amis +2 -2
data/extras/generate-stock-images +131 -0
data/extras/git-fix-permissions-hook +0 -0
data/extras/image-generators/AWS/centos6.yaml +17 -0
data/extras/image-generators/{aws → AWS}/centos7-govcloud.yaml +0 -0
data/extras/image-generators/{aws → AWS}/centos7.yaml +0 -0
data/extras/image-generators/{aws → AWS}/rhel7.yaml +0 -0
data/extras/image-generators/{aws → AWS}/win2k12.yaml +0 -0
data/extras/image-generators/{aws → AWS}/win2k16.yaml +0 -0
data/extras/image-generators/{aws → AWS}/windows.yaml +0 -0
data/extras/image-generators/{gcp → Google}/centos6.yaml +1 -0
data/extras/image-generators/Google/centos7.yaml +18 -0
data/extras/python_rpm/build.sh +0 -0
data/extras/release.png +0 -0
data/extras/ruby_rpm/build.sh +0 -0
data/extras/ruby_rpm/muby.spec +1 -1
data/install/README.md +43 -5
data/install/deprecated-bash-library.sh +0 -0
data/install/installer +1 -1
data/install/jenkinskeys.rb +0 -0
data/install/mu-master.yaml +55 -0
data/modules/mommacat.ru +41 -7
data/modules/mu.rb +444 -149
data/modules/mu/adoption.rb +500 -0
data/modules/mu/cleanup.rb +235 -158
data/modules/mu/cloud.rb +675 -138
data/modules/mu/clouds/aws.rb +156 -24
data/modules/mu/clouds/aws/alarm.rb +4 -14
data/modules/mu/clouds/aws/bucket.rb +60 -18
data/modules/mu/clouds/aws/cache_cluster.rb +8 -20
data/modules/mu/clouds/aws/collection.rb +12 -22
data/modules/mu/clouds/aws/container_cluster.rb +209 -118
data/modules/mu/clouds/aws/database.rb +120 -45
data/modules/mu/clouds/aws/dnszone.rb +7 -18
data/modules/mu/clouds/aws/endpoint.rb +5 -15
data/modules/mu/clouds/aws/firewall_rule.rb +144 -72
data/modules/mu/clouds/aws/folder.rb +4 -11
data/modules/mu/clouds/aws/function.rb +6 -16
data/modules/mu/clouds/aws/group.rb +4 -12
data/modules/mu/clouds/aws/habitat.rb +11 -13
data/modules/mu/clouds/aws/loadbalancer.rb +40 -28
data/modules/mu/clouds/aws/log.rb +5 -13
data/modules/mu/clouds/aws/msg_queue.rb +9 -24
data/modules/mu/clouds/aws/nosqldb.rb +4 -12
data/modules/mu/clouds/aws/notifier.rb +6 -13
data/modules/mu/clouds/aws/role.rb +69 -40
data/modules/mu/clouds/aws/search_domain.rb +17 -20
data/modules/mu/clouds/aws/server.rb +184 -94
data/modules/mu/clouds/aws/server_pool.rb +33 -38
data/modules/mu/clouds/aws/storage_pool.rb +5 -12
data/modules/mu/clouds/aws/user.rb +59 -33
data/modules/mu/clouds/aws/userdata/linux.erb +18 -30
data/modules/mu/clouds/aws/userdata/windows.erb +9 -9
data/modules/mu/clouds/aws/vpc.rb +214 -145
data/modules/mu/clouds/azure.rb +978 -44
data/modules/mu/clouds/azure/container_cluster.rb +413 -0
data/modules/mu/clouds/azure/firewall_rule.rb +500 -0
data/modules/mu/clouds/azure/habitat.rb +167 -0
data/modules/mu/clouds/azure/loadbalancer.rb +205 -0
data/modules/mu/clouds/azure/role.rb +211 -0
data/modules/mu/clouds/azure/server.rb +810 -0
data/modules/mu/clouds/azure/user.rb +257 -0
data/modules/mu/clouds/azure/userdata/README.md +4 -0
data/modules/mu/clouds/azure/userdata/linux.erb +137 -0
data/modules/mu/clouds/azure/userdata/windows.erb +275 -0
data/modules/mu/clouds/azure/vpc.rb +782 -0
data/modules/mu/clouds/cloudformation.rb +12 -9
data/modules/mu/clouds/cloudformation/firewall_rule.rb +5 -13
data/modules/mu/clouds/cloudformation/server.rb +10 -1
data/modules/mu/clouds/cloudformation/server_pool.rb +1 -0
data/modules/mu/clouds/cloudformation/vpc.rb +0 -2
data/modules/mu/clouds/google.rb +554 -117
data/modules/mu/clouds/google/bucket.rb +173 -32
data/modules/mu/clouds/google/container_cluster.rb +1112 -157
data/modules/mu/clouds/google/database.rb +24 -47
data/modules/mu/clouds/google/firewall_rule.rb +344 -89
data/modules/mu/clouds/google/folder.rb +156 -79
data/modules/mu/clouds/google/group.rb +272 -82
data/modules/mu/clouds/google/habitat.rb +177 -52
data/modules/mu/clouds/google/loadbalancer.rb +9 -34
data/modules/mu/clouds/google/role.rb +1211 -0
data/modules/mu/clouds/google/server.rb +491 -227
data/modules/mu/clouds/google/server_pool.rb +233 -48
data/modules/mu/clouds/google/user.rb +479 -125
data/modules/mu/clouds/google/userdata/linux.erb +3 -3
data/modules/mu/clouds/google/userdata/windows.erb +9 -9
data/modules/mu/clouds/google/vpc.rb +381 -223
data/modules/mu/config.rb +689 -214
data/modules/mu/config/bucket.rb +1 -1
data/modules/mu/config/cache_cluster.rb +1 -1
data/modules/mu/config/cache_cluster.yml +0 -4
data/modules/mu/config/container_cluster.rb +18 -9
data/modules/mu/config/database.rb +6 -23
data/modules/mu/config/firewall_rule.rb +9 -15
data/modules/mu/config/folder.rb +22 -21
data/modules/mu/config/habitat.rb +22 -21
data/modules/mu/config/loadbalancer.rb +2 -2
data/modules/mu/config/role.rb +9 -40
data/modules/mu/config/server.rb +26 -5
data/modules/mu/config/server_pool.rb +1 -1
data/modules/mu/config/storage_pool.rb +2 -2
data/modules/mu/config/user.rb +4 -0
data/modules/mu/config/vpc.rb +350 -110
data/modules/mu/defaults/{amazon_images.yaml → AWS.yaml} +37 -39
data/modules/mu/defaults/Azure.yaml +17 -0
data/modules/mu/defaults/Google.yaml +24 -0
data/modules/mu/defaults/README.md +1 -1
data/modules/mu/deploy.rb +168 -125
data/modules/mu/groomer.rb +2 -1
data/modules/mu/groomers/ansible.rb +104 -32
data/modules/mu/groomers/chef.rb +96 -44
data/modules/mu/kittens.rb +20602 -0
data/modules/mu/logger.rb +38 -11
data/modules/mu/master.rb +90 -8
data/modules/mu/master/chef.rb +2 -3
data/modules/mu/master/ldap.rb +0 -1
data/modules/mu/master/ssl.rb +250 -0
data/modules/mu/mommacat.rb +917 -513
data/modules/scratchpad.erb +1 -1
data/modules/tests/super_complex_bok.yml +0 -0
data/modules/tests/super_simple_bok.yml +0 -0
data/roles/mu-master.json +2 -1
data/spec/azure_creds +5 -0
data/spec/mu.yaml +56 -0
data/spec/mu/clouds/azure_spec.rb +164 -27
data/spec/spec_helper.rb +5 -0
data/test/clean_up.py +0 -0
data/test/exec_inspec.py +0 -0
data/test/exec_mu_install.py +0 -0
data/test/exec_retry.py +0 -0
data/test/smoke_test.rb +0 -0
metadata +90 -118
data/cookbooks/mu-jenkins/Berksfile +0 -14
data/cookbooks/mu-jenkins/CHANGELOG.md +0 -13
data/cookbooks/mu-jenkins/LICENSE +0 -37
data/cookbooks/mu-jenkins/README.md +0 -105
data/cookbooks/mu-jenkins/attributes/default.rb +0 -42
data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +0 -73
data/cookbooks/mu-jenkins/files/default/deploy_config.xml +0 -44
data/cookbooks/mu-jenkins/metadata.rb +0 -21
data/cookbooks/mu-jenkins/recipes/default.rb +0 -195
data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +0 -54
data/cookbooks/mu-jenkins/recipes/public_key.rb +0 -24
data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +0 -24
data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +0 -14
data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +0 -6
data/cookbooks/nagios/Berksfile +0 -11
data/cookbooks/nagios/CHANGELOG.md +0 -589
data/cookbooks/nagios/CONTRIBUTING.md +0 -11
data/cookbooks/nagios/LICENSE +0 -37
data/cookbooks/nagios/README.md +0 -328
data/cookbooks/nagios/TESTING.md +0 -2
data/cookbooks/nagios/attributes/config.rb +0 -171
data/cookbooks/nagios/attributes/default.rb +0 -228
data/cookbooks/nagios/chefignore +0 -102
data/cookbooks/nagios/definitions/command.rb +0 -33
data/cookbooks/nagios/definitions/contact.rb +0 -33
data/cookbooks/nagios/definitions/contactgroup.rb +0 -33
data/cookbooks/nagios/definitions/host.rb +0 -33
data/cookbooks/nagios/definitions/hostdependency.rb +0 -33
data/cookbooks/nagios/definitions/hostescalation.rb +0 -34
data/cookbooks/nagios/definitions/hostgroup.rb +0 -33
data/cookbooks/nagios/definitions/nagios_conf.rb +0 -38
data/cookbooks/nagios/definitions/resource.rb +0 -33
data/cookbooks/nagios/definitions/service.rb +0 -33
data/cookbooks/nagios/definitions/servicedependency.rb +0 -33
data/cookbooks/nagios/definitions/serviceescalation.rb +0 -34
data/cookbooks/nagios/definitions/servicegroup.rb +0 -33
data/cookbooks/nagios/definitions/timeperiod.rb +0 -33
data/cookbooks/nagios/libraries/base.rb +0 -314
data/cookbooks/nagios/libraries/command.rb +0 -91
data/cookbooks/nagios/libraries/contact.rb +0 -230
data/cookbooks/nagios/libraries/contactgroup.rb +0 -112
data/cookbooks/nagios/libraries/custom_option.rb +0 -36
data/cookbooks/nagios/libraries/data_bag_helper.rb +0 -23
data/cookbooks/nagios/libraries/default.rb +0 -90
data/cookbooks/nagios/libraries/host.rb +0 -412
data/cookbooks/nagios/libraries/hostdependency.rb +0 -181
data/cookbooks/nagios/libraries/hostescalation.rb +0 -173
data/cookbooks/nagios/libraries/hostgroup.rb +0 -119
data/cookbooks/nagios/libraries/nagios.rb +0 -282
data/cookbooks/nagios/libraries/resource.rb +0 -59
data/cookbooks/nagios/libraries/service.rb +0 -455
data/cookbooks/nagios/libraries/servicedependency.rb +0 -215
data/cookbooks/nagios/libraries/serviceescalation.rb +0 -195
data/cookbooks/nagios/libraries/servicegroup.rb +0 -144
data/cookbooks/nagios/libraries/timeperiod.rb +0 -160
data/cookbooks/nagios/libraries/users_helper.rb +0 -54
data/cookbooks/nagios/metadata.rb +0 -25
data/cookbooks/nagios/recipes/_load_databag_config.rb +0 -153
data/cookbooks/nagios/recipes/_load_default_config.rb +0 -241
data/cookbooks/nagios/recipes/apache.rb +0 -48
data/cookbooks/nagios/recipes/default.rb +0 -204
data/cookbooks/nagios/recipes/nginx.rb +0 -82
data/cookbooks/nagios/recipes/pagerduty.rb +0 -143
data/cookbooks/nagios/recipes/server_package.rb +0 -40
data/cookbooks/nagios/recipes/server_source.rb +0 -164
data/cookbooks/nagios/templates/default/apache2.conf.erb +0 -96
data/cookbooks/nagios/templates/default/cgi.cfg.erb +0 -266
data/cookbooks/nagios/templates/default/commands.cfg.erb +0 -13
data/cookbooks/nagios/templates/default/contacts.cfg.erb +0 -37
data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +0 -25
data/cookbooks/nagios/templates/default/hosts.cfg.erb +0 -15
data/cookbooks/nagios/templates/default/htpasswd.users.erb +0 -6
data/cookbooks/nagios/templates/default/nagios.cfg.erb +0 -22
data/cookbooks/nagios/templates/default/nginx.conf.erb +0 -62
data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +0 -185
data/cookbooks/nagios/templates/default/resource.cfg.erb +0 -27
data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +0 -15
data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +0 -14
data/cookbooks/nagios/templates/default/services.cfg.erb +0 -14
data/cookbooks/nagios/templates/default/templates.cfg.erb +0 -31
data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +0 -13
data/extras/image-generators/aws/centos6.yaml +0 -18
data/modules/mu/defaults/google_images.yaml +0 -16
data/roles/mu-master-jenkins.json +0 -24

data/cookbooks/mu-tools/resources/disk.rb CHANGED

@@ -1,6 +1,7 @@
 property :mountpoint, String, name_property: true
 property :device, String, required: true
+property :delete_on_termination, :kind_of => [TrueClass, FalseClass], default: true
 property :preserve_data, :kind_of => [TrueClass, FalseClass], :required => false, :default => false
 property :reboot_after_create, :kind_of => [TrueClass, FalseClass], :required => false, :default => false
 property :size, Integer, default: 8
@@ -22,7 +23,8 @@ action :create do
     request "add_volume"
     passparams(
       :dev => devicename,
-      :size => new_resource.size
+      :size => new_resource.size,
+      :delete_on_termination => new_resource.delete_on_termination
     )
     not_if { ::File.exist?(device) }
   end

data/cookbooks/mu-tools/templates/amazon/sshd_config.erb CHANGED

@@ -165,4 +165,4 @@ UseDNS no
 # CAP Mod, restrict ciphers
 Ciphers aes128-ctr,aes192-ctr,aes256-ctr
-AllowUsers root
+AllowUsers ec2-user root

data/cookbooks/mu-tools/templates/default/etc_hosts.erb CHANGED

@@ -6,7 +6,7 @@
 # doing only private IPs although that can be problematic
 # if the same deploy has cross VPC or cross region resources
   if n.name != @hostname %>
-<%= n.ipaddress %> <%= n.name %>
+<%= n['ipaddress'] %> <%= n.name %>
 <%
   end
   }

data/cookbooks/mu-tools/templates/default/{kubeconfig.erb → kubeconfig-eks.erb} RENAMED

File without changes

data/cookbooks/mu-tools/templates/default/kubeconfig-gke.erb ADDED

@@ -0,0 +1,27 @@
+apiVersion: v1
+clusters:
+- cluster:
+    server: <%= @endpoint %>
+    certificate-authority-data: <%= @cacert %>
+  name: <%= @cluster %>
+kind: Config
+preferences: {}
+contexts:
+- context:
+    cluster: <%= @cluster %>
+    user: client
+  name: client
+<% if @username and @password %>- context:
+    cluster: <%= @cluster %>
+    user: <%= @username %>
+  name: <%= @username %>
+current-context: <%= @username %><% else %>current-context: client<% end %>
+users:
+- name: client
+  user:
+    client-certificate-data: <%= @clientcert %>
+    client-key-data: <%= @clientkey %>
+<% if @username and @password %>- name: <%= @username %>
+  user:
+    username: <%= @username %>
+    password: <%= @password %><% end %>

data/cookbooks/mu-tools/templates/windows-10/sshd_config.erb ADDED

@@ -0,0 +1,137 @@
+# $OpenBSD: sshd_config,v 1.99 2016/07/11 03:19:44 tedu Exp $
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+# This sshd was compiled with PATH=/bin:/usr/sbin:/sbin:/usr/bin
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+# The default requires explicit activation of protocol 1
+#Protocol 2
+# HostKey for protocol version 1
+#HostKey C:\ProgramData\ssh\ssh_host_key
+# HostKeys for protocol version 2
+HostKey C:\ProgramData\ssh\ssh_host_rsa_key
+HostKey C:\ProgramData\ssh\ssh_host_dsa_key
+HostKey C:\ProgramData\ssh\ssh_host_ecdsa_key
+HostKey C:\ProgramData\ssh\ssh_host_ed25519_key
+# Lifetime and size of ephemeral version 1 server key
+#KeyRegenerationInterval 1h
+#ServerKeyBits 1024
+# Ciphers and keying
+#RekeyLimit default none
+Ciphers aes256-ctr
+KexAlgorithms diffie-hellman-group-exchange-sha256
+MACs hmac-sha2-256
+# Logging
+#SyslogFacility AUTH
+#LogLevel ERROR
+# Authentication:
+#LoginGraceTime 2m
+#PermitRootLogin prohibit-password
+StrictModes no
+#MaxAuthTries 6
+#MaxSessions 10
+#RSAAuthentication yes
+#PubkeyAuthentication yes
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile .ssh/authorized_keys
+#AuthorizedPrincipalsFile none
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+#RhostsRSAAuthentication no
+# similar for protocol version 2
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+# To disable tunneled clear text passwords, change to no here!
+PasswordAuthentication no
+#PermitEmptyPasswords no
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+#UsePAM no
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#UseLogin no
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+# no default banner path
+#Banner none
+# override default of no subsystems
+Subsystem sftp  /usr/sbin/sftp-server
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+# X11Forwarding no
+# AllowTcpForwarding no
+# PermitTTY no
+# ForceCommand cvs server
+AllowGroups Administrators sshusers

data/cookbooks/mu-utility/recipes/nat.rb CHANGED

@@ -56,6 +56,10 @@ else
       raw "-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT"
       position 97
     end
+    firewall_rule "inbound from NAT network" do
+      raw "-A INPUT -s #{$ip_block} -j ACCEPT"
+      position 98
+    end
     firewall_rule "NAT forwarding" do
       raw "-A FORWARD -s #{$ip_block} -j ACCEPT"
       position 98

data/extras/alpha.png ADDED

Binary file

data/extras/beta.png ADDED

Binary file

data/extras/clean-stock-amis CHANGED

@@ -46,8 +46,8 @@ MU::Cloud::AWS.listRegions.each { | r|
 			}
 			MU.log "Deregistering #{ami.name} (#{ami.creation_date})", MU::WARN, details: snaps
 			MU::Cloud::AWS.ec2(region: r, credentials: credentials).deregister_image(image_id: ami.image_id)
-			snaps.each { |snap_id|
-				MU::Cloud::AWS.ec2(region: r, credentials: credentials).delete_snapshot(snapshot_id: snap_id)
+ 		  snaps.each { |snap_id|
+			  MU::Cloud::AWS.ec2(region: r, credentials: credentials).delete_snapshot(snapshot_id: snap_id)
 			}
 		end
   }

data/extras/generate-stock-images ADDED

@@ -0,0 +1,131 @@
+#!/usr/local/ruby-current/bin/ruby
+# Copyright:: Copyright (c) 2019 eGlobalTech, Inc., all rights reserved
+#
+# Licensed under the BSD-3 license (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the root of the project or at
+#
+#     http://egt-labs.com/mu/LICENSE.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+require File.realpath(File.expand_path(File.dirname(__FILE__)+"/../bin/mu-load-config.rb"))
+# now we have our global config available as the read-only hash $MU_CFG
+require 'rubygems'
+require 'bundler/setup'
+require 'optimist'
+require 'mu'
+bok_dir = MU.myRoot+"/extras/image-generators"
+available_clouds = {}
+Dir.foreach(bok_dir) { |d|
+  next if d == "." or d == ".."
+  next if !Dir.exist?(MU.myRoot+"/extras/image-generators/"+d)
+  available_clouds[d] = []
+  Dir.foreach(bok_dir+"/"+d) { |yamlfile|
+    next if !yamlfile.match(/(.+?)\.yaml$/)
+    platform = Regexp.last_match[1]
+    available_clouds[d] << platform
+  }
+}
+$opts = Optimist::options do
+  banner <<-EOS
+Usage:
+#{$0} [-c <cloud>] [-p <platform>]
+  EOS
+  opt :clouds, "Clouds for which to generate images", :require => false, :type => :strings, :default => available_clouds.keys
+  opt :platforms, "Platforms for which to generate images", :require => false, :type => :strings, :default => available_clouds.values.flatten.sort.uniq
+  opt :environment, "Environment with which to tag our generated images.", :require => false, :type => :string, :default => "prod"
+  opt :age, "Minimum age, in days, at which we will replace existing images. Set to 0 to force a new build regardless of age.", :require => false, :type => :integer, :default => 30
+  if available_clouds.keys.include?("AWS")
+    opt :upload_to, "AWS S3 bucket and path to which we should upload our updated image list.", :require => false, :type => :string, :default => "s3://"+MU::Cloud::BASE_IMAGE_BUCKET+MU::Cloud::BASE_IMAGE_PATH
+  end
+  available_clouds.keys.each { |cloud|
+    opt (cloud.downcase+"_creds").to_sym, "Credentials to use when creating images in #{cloud}.", :require => false, :type => :string
+  }
+  opt :dryrun, "Don't actually run our deploy.", :require => false, :type => :boolean, :default => false
+end
+pwd = Dir.pwd
+if !available_clouds.keys.include?("AWS") # XXX or if we don't have permissions to write $opt[:upload_to]
+  MU.log "No AWS credentials available- I have nowhere to upload new imaged lists. Will print to STDOUT instead.", MU::WARN
+end
+now = DateTime.now
+exitcode = 0
+$opts[:clouds].each { |cloud|
+  current_images = MU::Cloud.getStockImage(cloud, fail_hard: true)
+  $opts[:platforms].each { |platform|
+    if File.exists?(bok_dir+"/"+cloud+"/"+platform+".yaml")
+      cloudclass = Object.const_get("MU").const_get("Cloud").const_get(cloud).const_get("Server")
+      if current_images[platform].is_a?(String)
+        age = cloudclass.imageTimeStamp(current_images[platform])
+        if (now - age) >= $opts[:age]
+          MU.log "#{cloud} image for #{platform} was last built #{age.to_s}, refreshing", MU::NOTICE
+        else
+          next
+        end
+      else
+        needed = false
+        if !current_images[platform]
+          needed = true
+        else
+          current_images[platform].each_pair { |r, img_id|
+            age = cloudclass.imageTimeStamp(img_id, region: r)
+            if (now - age) >= $opts[:age]
+              MU.log "#{cloud} image for #{platform} was last built #{age.to_s}, refreshing", MU::NOTICE
+              needed = true
+              break
+            end
+          }
+        end
+        next if !needed
+      end
+      conf_engine = MU::Config.new(
+        bok_dir+"/"+cloud+"/"+platform+".yaml",
+        default_credentials: $opts[(cloud.downcase+"_creds").to_sym]
+      )
+      stack_conf = conf_engine.config
+      if $opts[:dryrun]
+        puts stack_conf.to_yaml
+      else
+        begin
+          deployer = MU::Deploy.new(
+            $opts[:environment],
+            stack_conf: stack_conf
+          )
+          deployer.run
+          MU.log "New images for #{cloud}:#{platform}", MU::NOTICE, details: deployer.mommacat.deployment['images']
+          current_images[platform] ||= {}
+          current_images.deep_merge!(deployer.mommacat.deployment['images'])
+          # Scrub any loose metadata left over from our image deployment. It's
+          # ok, this won't touch the images we just made.
+          MU::Cleanup.run(deployer.mommacat.deploy_id, skipsnapshots: true, verbosity: MU::Logger::QUIET)
+        rescue Exception => e
+          MU.log e.message, MU::ERR
+          exitcode = 1
+        end
+      end
+    end
+  }
+  if !available_clouds.keys.include?("AWS") # XXX or if we don't have permissions
+    puts current_images.to_yaml
+  elsif !$opts[:dryrun]
+    MU::Cloud::AWS::Bucket.upload($opts[:upload_to]+"/"+cloud+".yaml", data: current_images.to_yaml, credentials: $opts[:aws_creds], acl: "public-read")
+  end
+}
+exit exitcode

data/extras/git-fix-permissions-hook CHANGED

File without changes

data/extras/image-generators/AWS/centos6.yaml ADDED

@@ -0,0 +1,17 @@
+---
+appname: mu
+servers:
+- name: centos6
+  platform: centos6
+  size: m3.medium
+  scrub_groomer: true
+  run_list:
+  - recipe[mu-tools::cloudinit]
+  - recipe[mu-tools::apply_security]
+  - recipe[mu-tools::updates]
+  - recipe[mu-tools::split_var_partitions]
+  create_image:
+    image_then_destroy: true
+    public: true
+    copy_to_regions:
+    - "#ALL"

data/extras/image-generators/{aws → AWS}/centos7-govcloud.yaml RENAMED

File without changes

data/extras/image-generators/{aws → AWS}/centos7.yaml RENAMED

File without changes

data/extras/image-generators/{aws → AWS}/rhel7.yaml RENAMED

File without changes

data/extras/image-generators/{aws → AWS}/win2k12.yaml RENAMED

File without changes

data/extras/image-generators/{aws → AWS}/win2k16.yaml RENAMED

File without changes

data/extras/image-generators/{aws → AWS}/windows.yaml RENAMED

File without changes

data/extras/image-generators/{gcp → Google}/centos6.yaml RENAMED

@@ -3,6 +3,7 @@
   servers:
   - name: centos6
     cloud: Google
+    image_id: "centos-cloud/centos-6"
     platform: centos6
     ssh_user: centos
     size: g1-small

data/extras/image-generators/Google/centos7.yaml ADDED

@@ -0,0 +1,18 @@
+---
+  appname: mu
+  servers:
+  - name: centos7
+    cloud: Google
+    image_id: "centos-cloud/centos-7"
+    platform: centos6
+    ssh_user: centos
+    size: g1-small
+    associate_public_ip: true
+    run_list:
+    - recipe[mu-tools::cloudinit]
+    - recipe[mu-tools::apply_security]
+    - recipe[mu-tools::updates]
+    - recipe[mu-tools::split_var_partitions]
+    create_image:
+      image_then_destroy: true
+      public: true

data/extras/python_rpm/build.sh CHANGED

File without changes

data/extras/release.png ADDED

Binary file

data/extras/ruby_rpm/build.sh CHANGED

File without changes

data/extras/ruby_rpm/muby.spec CHANGED

@@ -1,7 +1,7 @@
 Summary: Ruby for Mu(by)
 BuildArch: x86_64
 Name: muby
-Version: 2.5.3
+Version: 2.5.5
 Release: 1%{dist}
 Group: Development/Languages
 License: Ruby License/GPL - see COPYING

data/install/README.md CHANGED

@@ -1,8 +1,46 @@
 # Cloudamatic Mu Master Installation
-There are two paths to creating a Mu Master.
+There are two paths to creating a Mu Master. _Typical Installation_ and _CloudFormation Installation_
-- **Typical Installation**: The simplest and recommended path is to use our CloudFormation script to configure an appropriate Virtual Private Cloud and master with all features enabled, including both a command line and Jenkins GUI user interface.
-- **Custom Installation:** If you prefer, you can also create your own VPC and manually provision a Mu Master.  This gives you more control over the shape of the master VPC and individual settings
+## Typical Instalation
+In the standard instsatation create your original VPC and manually provision a Mu Master instance.
-For detailed instructions on both installation techniques see [our Wiki Installation page](https://github.com/cloudamatic/mu/wiki/Install-Home)
-For mu master usage instructions see [our Wiki usage page](https://github.com/cloudamatic/mu/wiki/Usage)
+### Prerequisites
+1. Fully configured networking for the Mu Master
+	* Must have access to the internet
+	* Must manually configure any security on the networking
+1. Properly configured instance
+	* Supported OS `CentOS 6-7`, `RHEL 6-7`, or `Amazon Linux 2`
+	* API credentials to grant proper Mu-Master permissions. (Cloud provider roles recomended when hosted in the same cloud you intend to work in.)
+### Installation
+**To Install From Master**
+```
+curl https://raw.githubusercontent.com/cloudamatic/mu/master/install/installer > installer
+chmod +x installer
+./installer
+```
+**To Install From Development or Other Branch**
+```
+curl https://raw.githubusercontent.com/cloudamatic/mu/development/install/installer > installer
+chmod +x installer
+MU_BRANCH=development ./installer
+```
+**Silent Install**
+```
+TODO: @zr2d2
+```
+>For detailed instructions on installation techniques see [our Wiki Installation page](https://github.com/cloudamatic/mu/wiki/Install-Home)
+## CloudFormation Installation
+> This method is depricated and may be removed from future releases
+The simplest path is to use our CloudFormation script to configure an appropriate Virtual Private Cloud and master with all features enabled.
+### Get Started by Clicking the Launch Button!!
+[![Launch Stack](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=CloudamaticInstaller&templateURL=https://s3.amazonaws.com/mu-cfn-installer/cfn_create_mu_master.json)
+>All  AWS resources Created in `us-east-1` region.