RubyGems - cloud-mu - Versions diffs - 2.1.0beta → 3.0.0beta - Mend

cloud-mu 2.1.0beta → 3.0.0beta

Files changed (291) hide show

checksums.yaml +5 -5
data/Berksfile +4 -5
data/Berksfile.lock +179 -0
data/README.md +1 -6
data/ansible/roles/geerlingguy.firewall/templates/firewall.bash.j2 +0 -0
data/ansible/roles/mu-installer/README.md +33 -0
data/ansible/roles/mu-installer/defaults/main.yml +2 -0
data/ansible/roles/mu-installer/handlers/main.yml +2 -0
data/ansible/roles/mu-installer/meta/main.yml +60 -0
data/ansible/roles/mu-installer/tasks/main.yml +13 -0
data/ansible/roles/mu-installer/tests/inventory +2 -0
data/ansible/roles/mu-installer/tests/test.yml +5 -0
data/ansible/roles/mu-installer/vars/main.yml +2 -0
data/bin/mu-adopt +125 -0
data/bin/mu-aws-setup +4 -4
data/bin/mu-azure-setup +265 -0
data/bin/mu-azure-tests +43 -0
data/bin/mu-cleanup +20 -8
data/bin/mu-configure +224 -98
data/bin/mu-deploy +8 -3
data/bin/mu-gcp-setup +16 -8
data/bin/mu-gen-docs +92 -8
data/bin/mu-load-config.rb +52 -12
data/bin/mu-momma-cat +36 -0
data/bin/mu-node-manage +34 -27
data/bin/mu-self-update +2 -2
data/bin/mu-ssh +12 -8
data/bin/mu-upload-chef-artifacts +11 -4
data/bin/mu-user-manage +3 -0
data/cloud-mu.gemspec +8 -11
data/cookbooks/firewall/libraries/helpers_iptables.rb +2 -2
data/cookbooks/firewall/metadata.json +1 -1
data/cookbooks/firewall/recipes/default.rb +5 -9
data/cookbooks/mu-firewall/attributes/default.rb +2 -0
data/cookbooks/mu-firewall/metadata.rb +1 -1
data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +0 -0
data/cookbooks/mu-master/Berksfile +2 -2
data/cookbooks/mu-master/files/default/check_mem.pl +0 -0
data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
data/cookbooks/mu-master/metadata.rb +5 -4
data/cookbooks/mu-master/recipes/389ds.rb +1 -1
data/cookbooks/mu-master/recipes/basepackages.rb +30 -10
data/cookbooks/mu-master/recipes/default.rb +59 -7
data/cookbooks/mu-master/recipes/firewall-holes.rb +1 -1
data/cookbooks/mu-master/recipes/init.rb +65 -47
data/cookbooks/mu-master/recipes/{eks-kubectl.rb → kubectl.rb} +4 -10
data/cookbooks/mu-master/recipes/sssd.rb +2 -1
data/cookbooks/mu-master/recipes/update_nagios_only.rb +6 -6
data/cookbooks/mu-master/templates/default/web_app.conf.erb +2 -2
data/cookbooks/mu-master/templates/mods/ldap.conf.erb +4 -0
data/cookbooks/mu-php54/Berksfile +1 -2
data/cookbooks/mu-php54/metadata.rb +4 -5
data/cookbooks/mu-php54/recipes/default.rb +1 -1
data/cookbooks/mu-splunk/templates/default/splunk-init.erb +0 -0
data/cookbooks/mu-tools/Berksfile +3 -2
data/cookbooks/mu-tools/files/default/Mu_CA.pem +33 -0
data/cookbooks/mu-tools/libraries/helper.rb +20 -8
data/cookbooks/mu-tools/metadata.rb +5 -2
data/cookbooks/mu-tools/recipes/apply_security.rb +2 -3
data/cookbooks/mu-tools/recipes/eks.rb +1 -1
data/cookbooks/mu-tools/recipes/gcloud.rb +5 -30
data/cookbooks/mu-tools/recipes/nagios.rb +1 -1
data/cookbooks/mu-tools/recipes/rsyslog.rb +1 -0
data/cookbooks/mu-tools/recipes/selinux.rb +19 -0
data/cookbooks/mu-tools/recipes/split_var_partitions.rb +0 -1
data/cookbooks/mu-tools/recipes/windows-client.rb +256 -122
data/cookbooks/mu-tools/resources/disk.rb +3 -1
data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +1 -1
data/cookbooks/mu-tools/templates/default/etc_hosts.erb +1 -1
data/cookbooks/mu-tools/templates/default/{kubeconfig.erb → kubeconfig-eks.erb} +0 -0
data/cookbooks/mu-tools/templates/default/kubeconfig-gke.erb +27 -0
data/cookbooks/mu-tools/templates/windows-10/sshd_config.erb +137 -0
data/cookbooks/mu-utility/recipes/nat.rb +4 -0
data/extras/alpha.png +0 -0
data/extras/beta.png +0 -0
data/extras/clean-stock-amis +2 -2
data/extras/generate-stock-images +131 -0
data/extras/git-fix-permissions-hook +0 -0
data/extras/image-generators/AWS/centos6.yaml +17 -0
data/extras/image-generators/{aws → AWS}/centos7-govcloud.yaml +0 -0
data/extras/image-generators/{aws → AWS}/centos7.yaml +0 -0
data/extras/image-generators/{aws → AWS}/rhel7.yaml +0 -0
data/extras/image-generators/{aws → AWS}/win2k12.yaml +0 -0
data/extras/image-generators/{aws → AWS}/win2k16.yaml +0 -0
data/extras/image-generators/{aws → AWS}/windows.yaml +0 -0
data/extras/image-generators/{gcp → Google}/centos6.yaml +1 -0
data/extras/image-generators/Google/centos7.yaml +18 -0
data/extras/python_rpm/build.sh +0 -0
data/extras/release.png +0 -0
data/extras/ruby_rpm/build.sh +0 -0
data/extras/ruby_rpm/muby.spec +1 -1
data/install/README.md +43 -5
data/install/deprecated-bash-library.sh +0 -0
data/install/installer +1 -1
data/install/jenkinskeys.rb +0 -0
data/install/mu-master.yaml +55 -0
data/modules/mommacat.ru +41 -7
data/modules/mu.rb +444 -149
data/modules/mu/adoption.rb +500 -0
data/modules/mu/cleanup.rb +235 -158
data/modules/mu/cloud.rb +675 -138
data/modules/mu/clouds/aws.rb +156 -24
data/modules/mu/clouds/aws/alarm.rb +4 -14
data/modules/mu/clouds/aws/bucket.rb +60 -18
data/modules/mu/clouds/aws/cache_cluster.rb +8 -20
data/modules/mu/clouds/aws/collection.rb +12 -22
data/modules/mu/clouds/aws/container_cluster.rb +209 -118
data/modules/mu/clouds/aws/database.rb +120 -45
data/modules/mu/clouds/aws/dnszone.rb +7 -18
data/modules/mu/clouds/aws/endpoint.rb +5 -15
data/modules/mu/clouds/aws/firewall_rule.rb +144 -72
data/modules/mu/clouds/aws/folder.rb +4 -11
data/modules/mu/clouds/aws/function.rb +6 -16
data/modules/mu/clouds/aws/group.rb +4 -12
data/modules/mu/clouds/aws/habitat.rb +11 -13
data/modules/mu/clouds/aws/loadbalancer.rb +40 -28
data/modules/mu/clouds/aws/log.rb +5 -13
data/modules/mu/clouds/aws/msg_queue.rb +9 -24
data/modules/mu/clouds/aws/nosqldb.rb +4 -12
data/modules/mu/clouds/aws/notifier.rb +6 -13
data/modules/mu/clouds/aws/role.rb +69 -40
data/modules/mu/clouds/aws/search_domain.rb +17 -20
data/modules/mu/clouds/aws/server.rb +184 -94
data/modules/mu/clouds/aws/server_pool.rb +33 -38
data/modules/mu/clouds/aws/storage_pool.rb +5 -12
data/modules/mu/clouds/aws/user.rb +59 -33
data/modules/mu/clouds/aws/userdata/linux.erb +18 -30
data/modules/mu/clouds/aws/userdata/windows.erb +9 -9
data/modules/mu/clouds/aws/vpc.rb +214 -145
data/modules/mu/clouds/azure.rb +978 -44
data/modules/mu/clouds/azure/container_cluster.rb +413 -0
data/modules/mu/clouds/azure/firewall_rule.rb +500 -0
data/modules/mu/clouds/azure/habitat.rb +167 -0
data/modules/mu/clouds/azure/loadbalancer.rb +205 -0
data/modules/mu/clouds/azure/role.rb +211 -0
data/modules/mu/clouds/azure/server.rb +810 -0
data/modules/mu/clouds/azure/user.rb +257 -0
data/modules/mu/clouds/azure/userdata/README.md +4 -0
data/modules/mu/clouds/azure/userdata/linux.erb +137 -0
data/modules/mu/clouds/azure/userdata/windows.erb +275 -0
data/modules/mu/clouds/azure/vpc.rb +782 -0
data/modules/mu/clouds/cloudformation.rb +12 -9
data/modules/mu/clouds/cloudformation/firewall_rule.rb +5 -13
data/modules/mu/clouds/cloudformation/server.rb +10 -1
data/modules/mu/clouds/cloudformation/server_pool.rb +1 -0
data/modules/mu/clouds/cloudformation/vpc.rb +0 -2
data/modules/mu/clouds/google.rb +554 -117
data/modules/mu/clouds/google/bucket.rb +173 -32
data/modules/mu/clouds/google/container_cluster.rb +1112 -157
data/modules/mu/clouds/google/database.rb +24 -47
data/modules/mu/clouds/google/firewall_rule.rb +344 -89
data/modules/mu/clouds/google/folder.rb +156 -79
data/modules/mu/clouds/google/group.rb +272 -82
data/modules/mu/clouds/google/habitat.rb +177 -52
data/modules/mu/clouds/google/loadbalancer.rb +9 -34
data/modules/mu/clouds/google/role.rb +1211 -0
data/modules/mu/clouds/google/server.rb +491 -227
data/modules/mu/clouds/google/server_pool.rb +233 -48
data/modules/mu/clouds/google/user.rb +479 -125
data/modules/mu/clouds/google/userdata/linux.erb +3 -3
data/modules/mu/clouds/google/userdata/windows.erb +9 -9
data/modules/mu/clouds/google/vpc.rb +381 -223
data/modules/mu/config.rb +689 -214
data/modules/mu/config/bucket.rb +1 -1
data/modules/mu/config/cache_cluster.rb +1 -1
data/modules/mu/config/cache_cluster.yml +0 -4
data/modules/mu/config/container_cluster.rb +18 -9
data/modules/mu/config/database.rb +6 -23
data/modules/mu/config/firewall_rule.rb +9 -15
data/modules/mu/config/folder.rb +22 -21
data/modules/mu/config/habitat.rb +22 -21
data/modules/mu/config/loadbalancer.rb +2 -2
data/modules/mu/config/role.rb +9 -40
data/modules/mu/config/server.rb +26 -5
data/modules/mu/config/server_pool.rb +1 -1
data/modules/mu/config/storage_pool.rb +2 -2
data/modules/mu/config/user.rb +4 -0
data/modules/mu/config/vpc.rb +350 -110
data/modules/mu/defaults/{amazon_images.yaml → AWS.yaml} +37 -39
data/modules/mu/defaults/Azure.yaml +17 -0
data/modules/mu/defaults/Google.yaml +24 -0
data/modules/mu/defaults/README.md +1 -1
data/modules/mu/deploy.rb +168 -125
data/modules/mu/groomer.rb +2 -1
data/modules/mu/groomers/ansible.rb +104 -32
data/modules/mu/groomers/chef.rb +96 -44
data/modules/mu/kittens.rb +20602 -0
data/modules/mu/logger.rb +38 -11
data/modules/mu/master.rb +90 -8
data/modules/mu/master/chef.rb +2 -3
data/modules/mu/master/ldap.rb +0 -1
data/modules/mu/master/ssl.rb +250 -0
data/modules/mu/mommacat.rb +917 -513
data/modules/scratchpad.erb +1 -1
data/modules/tests/super_complex_bok.yml +0 -0
data/modules/tests/super_simple_bok.yml +0 -0
data/roles/mu-master.json +2 -1
data/spec/azure_creds +5 -0
data/spec/mu.yaml +56 -0
data/spec/mu/clouds/azure_spec.rb +164 -27
data/spec/spec_helper.rb +5 -0
data/test/clean_up.py +0 -0
data/test/exec_inspec.py +0 -0
data/test/exec_mu_install.py +0 -0
data/test/exec_retry.py +0 -0
data/test/smoke_test.rb +0 -0
metadata +90 -118
data/cookbooks/mu-jenkins/Berksfile +0 -14
data/cookbooks/mu-jenkins/CHANGELOG.md +0 -13
data/cookbooks/mu-jenkins/LICENSE +0 -37
data/cookbooks/mu-jenkins/README.md +0 -105
data/cookbooks/mu-jenkins/attributes/default.rb +0 -42
data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +0 -73
data/cookbooks/mu-jenkins/files/default/deploy_config.xml +0 -44
data/cookbooks/mu-jenkins/metadata.rb +0 -21
data/cookbooks/mu-jenkins/recipes/default.rb +0 -195
data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +0 -54
data/cookbooks/mu-jenkins/recipes/public_key.rb +0 -24
data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +0 -24
data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +0 -14
data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +0 -6
data/cookbooks/nagios/Berksfile +0 -11
data/cookbooks/nagios/CHANGELOG.md +0 -589
data/cookbooks/nagios/CONTRIBUTING.md +0 -11
data/cookbooks/nagios/LICENSE +0 -37
data/cookbooks/nagios/README.md +0 -328
data/cookbooks/nagios/TESTING.md +0 -2
data/cookbooks/nagios/attributes/config.rb +0 -171
data/cookbooks/nagios/attributes/default.rb +0 -228
data/cookbooks/nagios/chefignore +0 -102
data/cookbooks/nagios/definitions/command.rb +0 -33
data/cookbooks/nagios/definitions/contact.rb +0 -33
data/cookbooks/nagios/definitions/contactgroup.rb +0 -33
data/cookbooks/nagios/definitions/host.rb +0 -33
data/cookbooks/nagios/definitions/hostdependency.rb +0 -33
data/cookbooks/nagios/definitions/hostescalation.rb +0 -34
data/cookbooks/nagios/definitions/hostgroup.rb +0 -33
data/cookbooks/nagios/definitions/nagios_conf.rb +0 -38
data/cookbooks/nagios/definitions/resource.rb +0 -33
data/cookbooks/nagios/definitions/service.rb +0 -33
data/cookbooks/nagios/definitions/servicedependency.rb +0 -33
data/cookbooks/nagios/definitions/serviceescalation.rb +0 -34
data/cookbooks/nagios/definitions/servicegroup.rb +0 -33
data/cookbooks/nagios/definitions/timeperiod.rb +0 -33
data/cookbooks/nagios/libraries/base.rb +0 -314
data/cookbooks/nagios/libraries/command.rb +0 -91
data/cookbooks/nagios/libraries/contact.rb +0 -230
data/cookbooks/nagios/libraries/contactgroup.rb +0 -112
data/cookbooks/nagios/libraries/custom_option.rb +0 -36
data/cookbooks/nagios/libraries/data_bag_helper.rb +0 -23
data/cookbooks/nagios/libraries/default.rb +0 -90
data/cookbooks/nagios/libraries/host.rb +0 -412
data/cookbooks/nagios/libraries/hostdependency.rb +0 -181
data/cookbooks/nagios/libraries/hostescalation.rb +0 -173
data/cookbooks/nagios/libraries/hostgroup.rb +0 -119
data/cookbooks/nagios/libraries/nagios.rb +0 -282
data/cookbooks/nagios/libraries/resource.rb +0 -59
data/cookbooks/nagios/libraries/service.rb +0 -455
data/cookbooks/nagios/libraries/servicedependency.rb +0 -215
data/cookbooks/nagios/libraries/serviceescalation.rb +0 -195
data/cookbooks/nagios/libraries/servicegroup.rb +0 -144
data/cookbooks/nagios/libraries/timeperiod.rb +0 -160
data/cookbooks/nagios/libraries/users_helper.rb +0 -54
data/cookbooks/nagios/metadata.rb +0 -25
data/cookbooks/nagios/recipes/_load_databag_config.rb +0 -153
data/cookbooks/nagios/recipes/_load_default_config.rb +0 -241
data/cookbooks/nagios/recipes/apache.rb +0 -48
data/cookbooks/nagios/recipes/default.rb +0 -204
data/cookbooks/nagios/recipes/nginx.rb +0 -82
data/cookbooks/nagios/recipes/pagerduty.rb +0 -143
data/cookbooks/nagios/recipes/server_package.rb +0 -40
data/cookbooks/nagios/recipes/server_source.rb +0 -164
data/cookbooks/nagios/templates/default/apache2.conf.erb +0 -96
data/cookbooks/nagios/templates/default/cgi.cfg.erb +0 -266
data/cookbooks/nagios/templates/default/commands.cfg.erb +0 -13
data/cookbooks/nagios/templates/default/contacts.cfg.erb +0 -37
data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +0 -25
data/cookbooks/nagios/templates/default/hosts.cfg.erb +0 -15
data/cookbooks/nagios/templates/default/htpasswd.users.erb +0 -6
data/cookbooks/nagios/templates/default/nagios.cfg.erb +0 -22
data/cookbooks/nagios/templates/default/nginx.conf.erb +0 -62
data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +0 -185
data/cookbooks/nagios/templates/default/resource.cfg.erb +0 -27
data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +0 -15
data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +0 -14
data/cookbooks/nagios/templates/default/services.cfg.erb +0 -14
data/cookbooks/nagios/templates/default/templates.cfg.erb +0 -31
data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +0 -13
data/extras/image-generators/aws/centos6.yaml +0 -18
data/modules/mu/defaults/google_images.yaml +0 -16
data/roles/mu-master-jenkins.json +0 -24

data/install/deprecated-bash-library.sh CHANGED

File without changes

@@ -2,7 +2,7 @@
 BOLD=`tput bold`
 NORM=`tput sgr0`
-CHEF_CLIENT_VERSION="14.11.21"
+CHEF_CLIENT_VERSION="14.13.11"
 if [ "$MU_BRANCH" == "" ];then
   MU_BRANCH="master"
   mydir="`dirname $0`"

data/install/jenkinskeys.rb CHANGED

File without changes

data/install/mu-master.yaml ADDED

@@ -0,0 +1,55 @@
+---
+appname: mu
+parameters:
+- name: cloud
+  default: <%= MU.myCloud || "AWS" %>
+  valid_values:
+<% MU::Cloud.availableClouds.each { |c| %>
+  - <%= c %>
+<% } %>
+- name: public
+  default: true
+- name: name
+  default: mu-master
+scrub_mu_isms: true
+servers:
+- name: <%= name %>
+  groomer: Ansible
+  run_list:
+  - mu-installer
+  platform: centos7
+  cloud: <%= cloud %>
+<% if cloud == "AWS" %>
+  size: t2.medium
+<% elsif cloud == "Azure" %>
+  size: Standard_DS1_v2
+<% elsif cloud == "Google" %>
+  size: n1-standard-1
+<% end %>
+  vpc:
+    name: <%= name %>-vpc
+<% if public == "true" %>
+    subnet_pref: public
+  static_ip:
+    assign_ip: true
+  associate_public_ip: true
+<% else %>
+    subnet_pref: private
+<% end %>
+<% if cloud == "AWS" %>
+  canned_iam_policies:
+  - AdministratorAccess
+<% elsif cloud == "Azure" %>
+  roles:
+  - Owner
+<% elsif cloud == "Google" %>
+  roles:
+  - role:
+      id: roles/owner
+<% end %>
+vpcs:
+- name: <%= name %>-vpc
+  cloud: <%= cloud %>
+<% if public %>
+  create_bastion: false
+<% end %>

data/modules/mommacat.ru CHANGED

@@ -32,7 +32,12 @@ $LOAD_PATH << "#{$MUDIR}/modules"
 require File.realpath(File.expand_path(File.dirname(__FILE__)+"/mu-load-config.rb"))
 require 'mu'
-MU::Groomer::Chef.loadChefLib # pre-cache this so we don't take a hit on a user-interactive need
+begin
+  MU::Groomer::Chef.loadChefLib # pre-cache this so we don't take a hit on a user-interactive need
+  $ENABLE_SCRATCHPAD = true
+rescue LoadError
+  MU.log "Chef libraries not available, disabling Scratchpad", MU::WARN
+end
 #MU.setLogging($opts[:verbose], $opts[:web])
 if MU.myCloud == "AWS"
   MU::Cloud::AWS.openFirewallForClients # XXX add the other clouds, or abstract
@@ -57,7 +62,7 @@ Thread.new {
   MU.dupGlobals(parent_thread_id)
   begin
     MU::MommaCat.cleanTerminatedInstances
-    MU::Master.cleanExpiredScratchpads
+    MU::Master.cleanExpiredScratchpads if $ENABLE_SCRATCHPAD
     sleep 60
   rescue Exception => e
     MU.log "Error in cleanTerminatedInstances thread: #{e.inspect}", MU::ERR, details: e.backtrace
@@ -199,6 +204,17 @@ app = proc do |env|
   ]
   begin
     if !env.nil? and !env['REQUEST_PATH'].nil? and env['REQUEST_PATH'].match(/^\/scratchpad/)
+      if !$ENABLE_SCRATCHPAD
+        msg = "Scratchpad disabled in non-Chef Mu installations"
+        return [
+          504,
+          {
+            'Content-Type' => 'text/html',
+            'Content-Length' => msg.length.to_s
+          },
+          [msg]
+        ]
+      end
       itemname = env['REQUEST_PATH'].sub(/^\/scratchpad\//, "")
       begin
         if itemname.sub!(/\/secret$/, "")
@@ -257,7 +273,7 @@ app = proc do |env|
             [page]
           ]
         end
-      rescue MU::Groomer::Chef::MuNoSuchSecret
+      rescue MU::Groomer::MuNoSuchSecret
         page = nil
         if $MU_CFG.has_key?('scratchpad') and
            $MU_CFG['scratchpad'].has_key?("template_path") and
@@ -287,6 +303,7 @@ app = proc do |env|
         ]
       end
     elsif !env.nil? and !env['REQUEST_PATH'].nil? and env['REQUEST_PATH'].match(/^\/rest\//)
       action, filter, path = env['REQUEST_PATH'].sub(/^\/rest\/?/, "").split(/\//, 3)
       # Don't give away the store. This can't be public until we can
       # authenticate and access-control properly.
@@ -295,7 +312,23 @@ app = proc do |env|
         next
       end
-      if action == "deploy"
+      if action == "hosts_add"
+        if Process.uid != 0
+          returnval = throw500 "Service not available"
+        elsif !filter or !path
+          returnval = throw404 env['REQUEST_PATH']
+        else
+          MU::MommaCat.addInstanceToEtcHosts(path, filter)
+          returnval = [
+            200,
+            {
+              'Content-Type' => 'text/plain',
+              'Content-Length' => 2
+            },
+            ["ok"]
+          ]
+        end
+      elsif action == "deploy"
         returnval = throw404 env['REQUEST_PATH'] if !filter
         MU.log "Loading deploy data for #{filter} #{path}"
         kittenpile = MU::MommaCat.getLitter(filter)
@@ -313,9 +346,9 @@ app = proc do |env|
           200,
           {
             'Content-Type' => 'text/plain',
-            'Content-Length' => MU.adminBucketName.length.to_s
+            'Content-Length' => MU.adminBucketName(filter, credentials: path).length.to_s
           },
-          [MU.adminBucketName]
+          [MU.adminBucketName(filter, credentials: path)]
         ]
       else
         returnval = throw404 env['REQUEST_PATH']
@@ -389,7 +422,8 @@ app = proc do |env|
         if instance.respond_to?(:addVolume)
 # XXX make sure we handle mangled input safely
           params = JSON.parse(Base64.decode64(req["add_volume"]))
-          instance.addVolume(params["dev"], params["size"])
+MU.log "ADDVOLUME REQUEST", MU::WARN, details: params
+          instance.addVolume(params["dev"], params["size"], delete_on_termination: params["delete_on_termination"])
         else
           returnval = throw500 "I don't know how to add a volume for #{instance}"
           ok = false

data/modules/mu.rb CHANGED

@@ -36,20 +36,252 @@ class Object
   end
 end
+# Mu extensions to Ruby's {Hash} type for internal Mu use
+class Hash
+  # Strip extraneous fields out of a {MU::Config} hash to make it suitable for
+  # shorthand printing, such as with <tt>mu-adopt --diff</tt>
+  def self.bok_minimize(o)
+    if o.is_a?(Hash)
+      newhash = o.reject { |k, v|
+        !v.is_a?(Array) and !v.is_a?(Hash) and !["name", "id", "cloud_id"].include?(k)
+      }
+#      newhash.delete("cloud_id") if newhash["name"] or newhash["id"]
+      newhash.each_pair { |k, v|
+        newhash[k] = bok_minimize(v)
+      }
+      newhash.reject! { |_k, v| v.nil? or v.empty? }
+      newhash = newhash.values.first if newhash.size == 1
+      return newhash
+    elsif o.is_a?(Array)
+      newarray = []
+      o.each { |v|
+        newvalue = bok_minimize(v)
+        newarray << newvalue if !newvalue.nil? and !newvalue.empty?
+      }
+      newarray = newarray.first if newarray.size == 1
+      return newarray
+    end
+    o
+  end
+  # A comparison function for sorting arrays of hashes
+  def <=>(other)
+    return 1 if other.nil? or self.size > other.size
+    return -1 if other.size > self.size
+    # Sort any array children we have
+    self.each_pair { |k, v|
+      self[k] = v.sort if v.is_a?(Array)
+    }
+    other.each_pair { |k, v|
+      other[k] = v.sort if v.is_a?(Array)
+    }
+    return 0 if self == other # that was easy!
+    # compare elements and decide who's "bigger" based on their totals?
+    0
+  end
+  # Recursively compare two hashes
+  def diff(with, on = self, level: 0, parents: [])
+    return if with.nil? and on.nil?
+    if with.nil? or on.nil? or with.class != on.class
+      return # XXX ...however we're flagging differences
+    end
+    return if on == with
+    tree = ""
+    indentsize = 0
+    parents.each { |p|
+      tree += (" " * indentsize) + p + " => \n"
+      indentsize += 2
+    }
+    indent = (" " * indentsize)
+    changes = []
+    if on.is_a?(Hash)
+      on_unique = (on.keys - with.keys)
+      with_unique = (with.keys - on.keys)
+      shared = (with.keys & on.keys)
+      shared.each { |k|
+        diff(with[k], on[k], level: level+1, parents: parents + [k])
+      }
+      on_unique.each { |k|
+        changes << "- ".red+PP.pp({k => on[k] }, '')
+      }
+      with_unique.each { |k|
+        changes << "+ ".green+PP.pp({k => with[k]}, '')
+      }
+    elsif on.is_a?(Array)
+      return if with == on
+      # special case- Basket of Kittens lists of declared resources of a type;
+      # we use this to decide if we can compare two array elements as if they
+      # should be equivalent
+      # We also implement comparison operators for {Hash} and our various
+      # custom objects which we might find in here so that we can get away with
+      # sorting arrays full of weird, non-primitive types.
+      done = []
+#      before_a = on.dup
+#      after_a = on.dup.sort
+#      before_b = with.dup
+#      after_b = with.dup.sort
+      on.sort.each { |elt|
+        if elt.is_a?(Hash) and elt['name'] or elt['entity']# or elt['cloud_id']
+          with.sort.each { |other_elt|
+            if (elt['name'] and other_elt['name'] == elt['name']) or
+               (elt['name'].nil? and !elt["id"].nil? and elt["id"] == other_elt["id"]) or
+               (elt['name'].nil? and elt["id"].nil? and
+                !elt["entity"].nil? and !other_elt["entity"].nil? and
+                 (
+                   (elt["entity"]["id"] and elt["entity"]["id"] == other_elt["entity"]["id"]) or
+                   (elt["entity"]["name"] and elt["entity"]["name"] == other_elt["entity"]["name"])
+                 )
+               )
+              break if elt == other_elt
+              done << elt
+              done << other_elt
+              namestr = if elt['type']
+                "#{elt['type']}[#{elt['name']}]"
+              elsif elt['name']
+                elt['name']
+              elsif elt['entity'] and elt["entity"]["id"]
+                elt['entity']['id']
+              end
+              diff(other_elt, elt, level: level+1, parents: parents + [namestr])
+              break
+            end
+          }
+        end
+      }
+      on_unique = (on - with) - done
+      with_unique = (with - on) - done
+#    if on_unique.size > 0 or with_unique.size > 0
+#      if before_a != after_a
+#        MU.log "A BEFORE", MU::NOTICE, details: before_a
+#        MU.log "A AFTER", MU::NOTICE, details: after_a
+#      end
+#      if before_b != after_b
+#        MU.log "B BEFORE", MU::NOTICE, details: before_b
+#        MU.log "B AFTER", MU::NOTICE, details: after_b
+#      end
+#    end
+      on_unique.each { |e|
+        changes << if e.is_a?(Hash)
+          "- ".red+PP.pp(Hash.bok_minimize(e), '').gsub(/\n/, "\n  "+(indent))
+        else
+          "- ".red+e.to_s
+        end
+      }
+      with_unique.each { |e|
+        changes << if e.is_a?(Hash)
+          "+ ".green+PP.pp(Hash.bok_minimize(e), '').gsub(/\n/, "\n  "+(indent))
+        else
+          "+ ".green+e.to_s
+        end
+      }
+    else
+      if on != with
+        changes << "-".red+" #{on.to_s}"
+        changes << "+".green+" #{with.to_s}"
+      end
+    end
+    if changes.size > 0
+      puts tree
+      changes.each { |c|
+        puts indent+c
+      }
+    end
+  end
+  # Implement a merge! that just updates each hash leaf as needed, not
+  # trashing the branch on the way there.
+  def deep_merge!(with, on = self)
+    if on and with and with.is_a?(Hash)
+      with.each_pair { |k, v|
+        if !on[k] or !on[k].is_a?(Hash)
+          on[k] = v
+        else
+          deep_merge!(with[k], on[k])
+        end
+      }
+    elsif with
+      on = with
+    end
+    on
+  end
+end
 ENV['HOME'] = Etc.getpwuid(Process.uid).dir
 require 'mu/logger'
 module MU
+  # Subclass core thread so we can gracefully handle it when we hit system
+  # thread limits. Back off and wait makes sense for us, since most of our
+  # threads are terminal (in the dependency sense) and this is unlikely to get
+  # us deadlocks.
+  class Thread < ::Thread
+    @@mu_global_threads = []
+    @@mu_global_thread_semaphore = Mutex.new
+    def initialize(*args, &block)
+      @@mu_global_thread_semaphore.synchronize {
+        @@mu_global_threads.reject! { |t| t.nil? or !t.status }
+      }
+      newguy = nil
+      start = Time.now
+      begin
+        newguy = super(*args, &block)
+        if newguy.nil?
+          MU.log "I somehow got a nil trying to create a thread", MU::WARN, details: caller
+          sleep 1
+        end
+      rescue ::ThreadError => e
+        if e.message.match(/Resource temporarily unavailable/)
+          toomany = @@mu_global_threads.size
+          MU.log "Hit the wall at #{toomany.to_s} threads, waiting until there are fewer", MU::WARN
+          if @@mu_global_threads.size >= toomany
+            sleep 1
+            begin
+              @@mu_global_thread_semaphore.synchronize {
+                @@mu_global_threads.each { |t|
+                  next if t == ::Thread.current
+                  t.join(0.1)
+                }
+                @@mu_global_threads.reject! { |t| t.nil? or !t.status }
+              }
+              if (Time.now - start) > 150
+                MU.log "Failed to get a free thread slot after 150 seconds- are we in a deadlock situation?", MU::ERR, details: caller
+                raise e
+              end
+            end while @@mu_global_threads.size >= toomany
+          end
+          retry
+        else
+          raise e
+        end
+      end while newguy.nil?
+      @@mu_global_thread_semaphore.synchronize {
+        @@mu_global_threads << newguy
+      }
+    end
+  end
   # Wrapper class for fatal Exceptions. Gives our internals something to
   # inherit that will log an error message appropriately before bubbling up.
   class MuError < StandardError
     def initialize(message = nil)
-      MU.log message, MU::ERR if !message.nil?
+      MU.log message, MU::ERR, details: caller[2] if !message.nil?
       if MU.verbosity == MU::Logger::SILENT
-        super
-      else
         super ""
+      else
+        super message
       end
     end
   end
@@ -60,9 +292,9 @@ module MU
     def initialize(message = nil)
       MU.log message, MU::NOTICE if !message.nil?
       if MU.verbosity == MU::Logger::SILENT
-        super
-      else
         super ""
+      else
+        super message
       end
     end
   end
@@ -80,11 +312,37 @@ module MU
     @@myRoot
   end
+  # utility routine for sorting semantic versioning strings
+  def self.version_sort(a, b)
+    a_parts = a.split(/[^a-z0-9]/)
+    b_parts = b.split(/[^a-z0-9]/)
+    for i in 0..a_parts.size
+      matchval = if a_parts[i] and b_parts[i] and
+                    a_parts[i].match(/^\d+/) and b_parts[i].match(/^\d+/)
+        a_parts[i].to_i <=> b_parts[i].to_i
+      elsif a_parts[i] and !b_parts[i]
+        1
+      elsif !a_parts[i] and b_parts[i]
+        -1
+      else
+        a_parts[i] <=> b_parts[i]
+      end
+      return matchval if matchval != 0
+    end
+    0
+  end
   # Front our global $MU_CFG hash with a read-only copy
   def self.muCfg
     Marshal.load(Marshal.dump($MU_CFG)).freeze
   end
+  # Returns true if we're running without a full systemwide Mu Master install,
+  # typically as a gem.
+  def self.localOnly
+    ((Gem.paths and Gem.paths.home and File.realpath(File.expand_path(File.dirname(__FILE__))).match(/^#{Gem.paths.home}/)) or !Dir.exist?("/opt/mu"))
+  end
   # The main (root) Mu user's data directory.
   @@mainDataDir = File.expand_path(@@myRoot+"/../var")
   # The main (root) Mu user's data directory.
@@ -133,6 +391,7 @@ module MU
   # Copy the set of global variables in use by another thread, typically our
   # parent thread.
   def self.dupGlobals(parent_thread_id)
+    @@globals[parent_thread_id] ||= {}
     @@globals[parent_thread_id].each_pair { |name, value|
       setVar(name, value)
     }
@@ -215,13 +474,15 @@ module MU
   @myDataDir = @@mainDataDir if @myDataDir.nil?
   # Mu's deployment metadata directory.
   def self.dataDir(for_user = MU.mu_user)
-    if for_user.nil? or for_user.empty? or for_user == "mu" or for_user == "root"
+    if !localOnly and
+       ((Process.uid == 0 and (for_user.nil? or for_user.empty?)) or
+        for_user == "mu" or for_user == "root")
       return @myDataDir
     else
       for_user ||= MU.mu_user
       basepath = Etc.getpwnam(for_user).dir+"/.mu"
-      Dir.mkdir(basepath, 0755) if !Dir.exists?(basepath)
-      Dir.mkdir(basepath+"/var", 0755) if !Dir.exists?(basepath+"/var")
+      Dir.mkdir(basepath, 0755) if !Dir.exist?(basepath)
+      Dir.mkdir(basepath+"/var", 0755) if !Dir.exist?(basepath+"/var")
       return basepath+"/var"
     end
   end
@@ -233,14 +494,24 @@ module MU
     end
     @@globals[Thread.current.object_id]['verbosity']
   end
+  # The color logging flag merits a default value.
+  def self.color
+    if @@globals[Thread.current.object_id].nil? or @@globals[Thread.current.object_id]['color'].nil?
+      MU.setVar("color", true)
+    end
+    @@globals[Thread.current.object_id]['color']
+  end
   # Set parameters parameters for calls to {MU#log}
-  def self.setLogging(verbosity, webify_logs = false, handle = STDOUT)
+  def self.setLogging(verbosity, webify_logs = false, handle = STDOUT, color = true)
     MU.setVar("verbosity", verbosity)
-    @@logger ||= MU::Logger.new(verbosity, webify_logs, handle)
+    MU.setVar("color", color)
+    @@logger ||= MU::Logger.new(verbosity, webify_logs, handle, color)
     @@logger.html = webify_logs
     @@logger.verbosity = verbosity
     @@logger.handle = handle
+    @@logger.color = color
   end
   setLogging(MU::Logger::NORMAL, false)
@@ -252,7 +523,7 @@ module MU
   end
   # Shortcut to invoke {MU::Logger#log}
-  def self.log(msg, level = MU::INFO, details: nil, html: html = false, verbosity: MU.verbosity)
+  def self.log(msg, level = MU::INFO, details: nil, html: false, verbosity: MU.verbosity, color: true)
     return if (level == MU::DEBUG and verbosity <= MU::Logger::LOUD)
     return if verbosity == MU::Logger::SILENT
@@ -275,9 +546,9 @@ module MU
         extra = Hash.new if extra.nil?
         extra[:details] = details
       end
-      @@logger.log(msg, level, details: extra, verbosity: MU::Logger::LOUD, html: html)
+      @@logger.log(msg, level, details: extra, verbosity: MU::Logger::LOUD, html: html, color: color)
     else
-      @@logger.log(msg, level, html: html, verbosity: verbosity)
+      @@logger.log(msg, level, html: html, verbosity: verbosity, color: color)
     end
   end
@@ -308,49 +579,66 @@ module MU
   require 'mu/groomer'
   # Little hack to initialize library-only environments' config files
-  if !$MU_CFG
-    require "#{@@myRoot}/bin/mu-load-config.rb"
-    if !$MU_CFG['auto_detection_done'] and (!$MU_CFG['multiuser'] or !cfgExists?)
-      MU.log "Auto-detecting cloud providers"
-      new_cfg = $MU_CFG.dup
-      examples = {}
-      MU::Cloud.supportedClouds.each { |cloud|
-        cloudclass = Object.const_get("MU").const_get("Cloud").const_get(cloud)
-        begin
-          if cloudclass.hosted? and !$MU_CFG[cloud.downcase]
-            cfg_blob = cloudclass.hosted_config
-            if cfg_blob
-              new_cfg[cloud.downcase] = cfg_blob
-              MU.log "Adding #{cloud} stanza to #{cfgPath}", MU::NOTICE
-            end
-          elsif !$MU_CFG[cloud.downcase] and !cloudclass.config_example.nil?
-            examples[cloud.downcase] = cloudclass.config_example
+  def self.detectCloudProviders
+    MU.log "Auto-detecting cloud providers"
+    new_cfg = $MU_CFG.dup
+    examples = {}
+    MU::Cloud.supportedClouds.each { |cloud|
+      cloudclass = Object.const_get("MU").const_get("Cloud").const_get(cloud)
+      begin
+        if cloudclass.hosted? and !$MU_CFG[cloud.downcase]
+          cfg_blob = cloudclass.hosted_config
+          if cfg_blob
+            new_cfg[cloud.downcase] = cfg_blob
+            MU.log "Adding auto-detected #{cloud} stanza", MU::NOTICE
           end
-        rescue NoMethodError => e
-          # missing .hosted? is normal for dummy layers like CloudFormation
-          MU.log e.message, MU::WARN
+        elsif !$MU_CFG[cloud.downcase] and !cloudclass.config_example.nil?
+          examples[cloud.downcase] = cloudclass.config_example
         end
-      }
-      new_cfg['auto_detection_done'] = true
-      if new_cfg != $MU_CFG or !cfgExists?
-        MU.log "Generating #{cfgPath}"
-        saveMuConfig(new_cfg, examples) # XXX and reload it
+      rescue NoMethodError => e
+        # missing .hosted? is normal for dummy layers like CloudFormation
+        MU.log e.message, MU::WARN
       end
+    }
+    new_cfg['auto_detection_done'] = true
+    if new_cfg != $MU_CFG or !cfgExists?
+      MU.log "Generating #{cfgPath}"
+      saveMuConfig(new_cfg, examples) # XXX and reload it
     end
+    new_cfg
+  end
+  if !$MU_CFG
+    require "#{@@myRoot}/bin/mu-load-config.rb"
+    if !$MU_CFG['auto_detection_done'] and (!$MU_CFG['multiuser'] or !cfgExists?)
+      detectCloudProviders
+    end
+  end
+  @@mommacat_port = 2260
+  if !$MU_CFG.nil? and !$MU_CFG['mommacat_port'].nil? and
+     !$MU_CFG['mommacat_port'] != "" and $MU_CFG['mommacat_port'].to_i > 0 and
+     $MU_CFG['mommacat_port'].to_i < 65536
+    @@mommacat_port = $MU_CFG['mommacat_port'].to_i
+  end
+  # The port on which the Momma Cat daemon should listen for requests
+  # @return [Integer]
+  def self.mommaCatPort
+    @@mommacat_port
   end
   @@my_private_ip = nil
   @@my_public_ip = nil
   @@mu_public_addr = nil
   @@mu_public_ip = nil
-  if $MU_CFG['aws'] # XXX this should be abstracted to elsewhere
+  if MU::Cloud::AWS.hosted?
     @@my_private_ip = MU::Cloud::AWS.getAWSMetaData("local-ipv4")
     @@my_public_ip = MU::Cloud::AWS.getAWSMetaData("public-ipv4")
     @@mu_public_addr = @@my_public_ip
     @@mu_public_ip = @@my_public_ip
   end
-  if !$MU_CFG.nil? and !$MU_CFG['public_address'].nil? and !$MU_CFG['public_address'].empty? and @@my_public_ip != $MU_CFG['public_address']
+  if !$MU_CFG.nil? and !$MU_CFG['public_address'].nil? and
+     !$MU_CFG['public_address'].empty? and @@my_public_ip != $MU_CFG['public_address']
     @@mu_public_addr = $MU_CFG['public_address']
     if !@@mu_public_addr.match(/^\d+\.\d+\.\d+\.\d+$/)
       resolver = Resolv::DNS.new
@@ -400,7 +688,9 @@ module MU
   def self.userEmail(user = MU.mu_user)
     @userlist ||= MU::Master.listUsers
     user = "mu" if user == "root"
-    if Dir.exists?("#{MU.mainDataDir}/users/#{user}")
+    if Dir.exist?("#{MU.mainDataDir}/users/#{user}") and
+       File.readable?("#{MU.mainDataDir}/users/#{user}/email") and
+       File.size?("#{MU.mainDataDir}/users/#{user}/email")
       return File.read("#{MU.mainDataDir}/users/#{user}/email").chomp
     elsif @userlist.has_key?(user)
       return @userlist[user]['email']
@@ -413,7 +703,9 @@ module MU
   # Fetch the real-world name of a given Mu user
   def self.userName(user = MU.mu_user)
     @userlist ||= MU::Master.listUsers
-    if Dir.exists?("#{MU.mainDataDir}/users/#{user}")
+    if Dir.exist?("#{MU.mainDataDir}/users/#{user}") and
+       File.readable?("#{MU.mainDataDir}/users/#{user}/realname") and
+       File.size?("#{MU.mainDataDir}/users/#{user}/realname")
       return File.read("#{MU.mainDataDir}/users/#{user}/realname").chomp
     elsif @userlist.has_key?(user)
       return @userlist[user]['email']
@@ -430,6 +722,14 @@ module MU
     ["Chef", "Ansible"]
   end
+  # The version of Chef we will install on nodes.
+  @@chefVersion = "14.0.190"
+  # The version of Chef we will install on nodes.
+  # @return [String]
+  def self.chefVersion
+    @@chefVersion
+  end
   MU.supportedGroomers.each { |groomer|
     require "mu/groomers/#{groomer.downcase}"
   }
@@ -451,6 +751,8 @@ module MU
       @@myRegion_var = zone.gsub(/^.*?\/|\-\d+$/, "")
     elsif MU::Cloud::AWS.hosted?
       @@myRegion_var ||= MU::Cloud::AWS.myRegion
+    elsif MU::Cloud::Azure.hosted?
+      @@myRegion_var ||= MU::Cloud::Azure.myRegion
     else
       @@myRegion_var = nil
     end
@@ -458,6 +760,7 @@ module MU
   end
   require 'mu/config'
+  require 'mu/adoption'
   # Figure out what cloud provider we're in, if any.
   # @return [String]: Google, AWS, etc. Returns nil if we don't seem to be in a cloud.
@@ -468,6 +771,10 @@ module MU
     elsif MU::Cloud::AWS.hosted?
       @@myInstanceId = MU::Cloud::AWS.getAWSMetaData("instance-id")
       return "AWS"
+    elsif MU::Cloud::Azure.hosted?
+      metadata = MU::Cloud::Azure.get_metadata()["compute"]
+      @@myInstanceId = MU::Cloud::Azure::Id.new("/subscriptions/"+metadata["subscriptionId"]+"/resourceGroups/"+metadata["resourceGroupName"]+"/providers/Microsoft.Compute/virtualMachines/"+metadata["name"])
+      return "Azure"
     end
     nil
   end
@@ -513,63 +820,105 @@ module MU
     @@myAZ_var
   end
-  @@myCloudDescriptor = nil
-  if MU::Cloud::Google.hosted?
-    @@myCloudDescriptor = MU::Cloud::Google.compute.get_instance(
-      MU::Cloud::Google.myProject,
-      MU.myAZ,
-      MU.myInstanceId
-    )
-  elsif MU::Cloud::AWS.hosted?
+  # Recursively turn a Ruby OpenStruct into a Hash
+  # @param struct [OpenStruct]
+  # @param stringify_keys [Boolean]
+  # @return [Hash]
+  def self.structToHash(struct, stringify_keys: false)
+    google_struct = false
     begin
-      @@myCloudDescriptor = MU::Cloud::AWS.ec2(region: MU.myRegion).describe_instances(instance_ids: [MU.myInstanceId]).reservations.first.instances.first
-    rescue Aws::EC2::Errors::InvalidInstanceIDNotFound => e
-    rescue Aws::Errors::MissingCredentialsError => e
-      MU.log "I'm hosted in AWS, but I can't make API calls. Does this instance have an appropriate IAM profile?", MU::WARN
+      google_struct = struct.class.ancestors.include?(::Google::Apis::Core::Hashable)
+    rescue NameError
     end
-  end
+    aws_struct = false
+    begin
+      aws_struct = struct.class.ancestors.include?(::Seahorse::Client::Response)
+    rescue NameError
+    end
-  @@myVPC_var = nil
-  # The VPC/Network in which this Mu master resides
-  # XXX account for Google and non-cloud situations
-  def self.myVPC
-    return nil if MU.myCloudDescriptor.nil?
+    azure_struct = false
     begin
-      if MU::Cloud::AWS.hosted?
-        @@myVPC_var ||= MU.myCloudDescriptor.vpc_id
-      elsif MU::Cloud::Google.hosted?
-        @@myVPC_var = MU.myCloudDescriptor.network_interfaces.first.network.gsub(/.*?\/([^\/]+)$/, '\1')
+      azure_struct = struct.class.ancestors.include?(::MsRestAzure) or struct.class.name.match(/Azure::.*?::Mgmt::.*?::Models::/)
+    rescue NameError
+    end
+    if struct.is_a?(Struct) or struct.class.ancestors.include?(Struct) or
+       google_struct or aws_struct or azure_struct
+      hash = if azure_struct
+        MU::Cloud::Azure.respToHash(struct)
       else
-        nil
+        struct.to_h
+      end
+      if stringify_keys
+        newhash = {}
+        hash.each_pair { |k, v|
+          newhash[k.to_s] = v
+        }
+        hash = newhash
       end
-    rescue Aws::EC2::Errors::InternalError => e
-      MU.log "Got #{e.inspect} on MU::Cloud::AWS.ec2(region: #{MU.myRegion}).describe_instances(instance_ids: [#{@@myInstanceId}])", MU::WARN
-      sleep 10
+      hash.each_pair { |key, value|
+        hash[key] = self.structToHash(value, stringify_keys: stringify_keys)
+      }
+      return hash
+    elsif struct.is_a?(MU::Config::Ref)
+      struct = struct.to_h
+    elsif struct.is_a?(MU::Cloud::Azure::Id)
+      struct = struct.to_s
+    elsif struct.is_a?(Hash)
+      if stringify_keys
+        newhash = {}
+        struct.each_pair { |k, v|
+          newhash[k.to_s] = v
+        }
+        struct = newhash
+      end
+      struct.each_pair { |key, value|
+        struct[key] = self.structToHash(value, stringify_keys: stringify_keys)
+      }
+      return struct
+    elsif struct.is_a?(Array)
+      struct.map! { |elt|
+        self.structToHash(elt, stringify_keys: stringify_keys)
+      }
+    elsif struct.is_a?(String)
+      # Cleanse weird encoding problems
+      return struct.dup.to_s.force_encoding("ASCII-8BIT").encode('UTF-8', invalid: :replace, undef: :replace, replace: '?')
+    else
+      return struct
     end
-    @@myVPC_var
   end
-  @@mySubnets_var = nil
-  # The AWS Subnets associated with the VPC this MU Master is in
-  # XXX account for Google and non-cloud situations
-  def self.mySubnets
-    @@mySubnets_var ||= MU::Cloud::AWS.ec2(region: MU.myRegion).describe_subnets(
-      filters: [
-        {
-          name: "vpc-id",
-          values: [MU.myVPC]
-        }
-      ]
-    ).subnets
+  @@myCloudDescriptor = nil
+  if MU.myCloud
+    found = MU::MommaCat.findStray(MU.myCloud, "server", cloud_id: @@myInstanceId, dummy_ok: true, region: MU.myRegion)
+    if !found.nil? and found.size == 1
+      @@myCloudDescriptor = found.first.cloud_desc
+    end
   end
-  # The version of Chef we will install on nodes.
-  @@chefVersion = "14.0.190"
-  # The version of Chef we will install on nodes.
-  # @return [String]
-  def self.chefVersion;
-    @@chefVersion
+  @@myVPCObj_var = nil
+  # The VPC/Network in which this Mu master resides
+  def self.myVPCObj
+    return nil if MU.myCloud.nil?
+    return @@myVPCObj_var if @@myVPCObj_var
+    cloudclass = const_get("MU").const_get("Cloud").const_get(MU.myCloud)
+    @@myVPCObj_var ||= cloudclass.myVPCObj
+    @@myVPCObj_var
+  end
+  @@myVPC_var = nil
+  # The VPC/Network in which this Mu master resides
+  def self.myVPC
+    return nil if MU.myCloud.nil?
+    return @@myVPC_var if @@myVPC_var
+    my_vpc_desc = MU.myVPCObj
+    @@myVPC_var ||= my_vpc_desc.cloud_id if my_vpc_desc
+    @@myVPC_var
   end
   # Mu's SSL certificate directory
@@ -590,20 +939,20 @@ module MU
   # @return [Boolean]
   def self.hashCmp(hash1, hash2, missing_is_default: false)
     return false if hash1.nil?
-    hash2.each_pair { |k, v|
+    hash2.keys.each { |k|
       if hash1[k].nil?
         return false
       end
     }
     if !missing_is_default
-      hash1.each_pair { |k, v|
+      hash1.keys.each { |k|
         if hash2[k].nil?
           return false
         end
       }
     end
-    hash1.each_pair { |k, v|
+    hash1.keys.each { |k|
       if hash1[k].is_a?(Array)
         return false if !missing_is_default and hash2[k].nil?
         if !hash2[k].nil?
@@ -654,75 +1003,21 @@ module MU
   end
-  # Recursively turn a Ruby OpenStruct into a Hash
-  # @param struct [OpenStruct]
-  # @param stringify_keys [Boolean]
-  # @return [Hash]
-  def self.structToHash(struct, stringify_keys: false)
-    google_struct = false
-    begin
-      google_struct = struct.class.ancestors.include?(::Google::Apis::Core::Hashable)
-    rescue NameError
-    end
-    aws_struct = false
-    begin
-      aws_struct = struct.class.ancestors.include?(::Seahorse::Client::Response)
-    rescue NameError
-    end
-    if struct.is_a?(Struct) or struct.class.ancestors.include?(Struct) or
-       google_struct or aws_struct
-      hash = struct.to_h
-      if stringify_keys
-        newhash = {}
-        hash.each_pair { |k, v|
-          newhash[k.to_s] = v
-        }
-        hash = newhash
-      end
-      hash.each_pair { |key, value|
-        hash[key] = self.structToHash(value, stringify_keys: stringify_keys)
-      }
-      return hash
-    elsif struct.is_a?(Hash)
-      if stringify_keys
-        newhash = {}
-        struct.each_pair { |k, v|
-          newhash[k.to_s] = v
-        }
-        struct = newhash
-      end
-      struct.each_pair { |key, value|
-        struct[key] = self.structToHash(value, stringify_keys: stringify_keys)
-      }
-      return struct
-    elsif struct.is_a?(Array)
-      struct.map! { |elt|
-        self.structToHash(elt, stringify_keys: stringify_keys)
-      }
-    else
-      return struct
-    end
-  end
   # Generate a random password which will satisfy the complexity requirements of stock Amazon Windows AMIs.
   # return [String]: A password string.
-  def self.generateWindowsPassword
+  def self.generateWindowsPassword(safe_pattern: '~!@#%^&*_-+=`|(){}[]:;<>,.?', retries: 25)
     # We have dopey complexity requirements, be stringent here.
     # I'll be nice and not condense this into one elegant-but-unreadable regular expression
     attempts = 0
-    safe_metachars = Regexp.escape('~!@#%^&*_-+=`|(){}[]:;<>,.?')
+    safe_metachars = Regexp.escape(safe_pattern)
     begin
-      if attempts > 25
+      if attempts > retries
         MU.log "Failed to generate an adequate Windows password after #{attempts}", MU::ERR
         raise MuError, "Failed to generate an adequate Windows password after #{attempts}"
       end
       winpass = Password.random(14..16)
       attempts += 1
-    end while winpass.nil? or !winpass.match(/[A-Z]/) or !winpass.match(/[a-z]/) or !winpass.match(/\d/) or !winpass.match(/[#{safe_metachars}]/) or winpass.match(/[^\w\d#{safe_metachars}]/)
+    end while winpass.nil? or !winpass.match(/^[a-z]/i) or !winpass.match(/[A-Z]/) or !winpass.match(/[a-z]/) or !winpass.match(/\d/) or !winpass.match(/[#{safe_metachars}]/) or winpass.match(/[^\w\d#{safe_metachars}]/)
     MU.log "Generated Windows password after #{attempts} attempts", MU::DEBUG
     return winpass