RubyGems - cloud-mu - Versions diffs - 2.1.0beta → 3.0.0beta - Mend

cloud-mu 2.1.0beta → 3.0.0beta

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (291) hide show

checksums.yaml +5 -5
data/Berksfile +4 -5
data/Berksfile.lock +179 -0
data/README.md +1 -6
data/ansible/roles/geerlingguy.firewall/templates/firewall.bash.j2 +0 -0
data/ansible/roles/mu-installer/README.md +33 -0
data/ansible/roles/mu-installer/defaults/main.yml +2 -0
data/ansible/roles/mu-installer/handlers/main.yml +2 -0
data/ansible/roles/mu-installer/meta/main.yml +60 -0
data/ansible/roles/mu-installer/tasks/main.yml +13 -0
data/ansible/roles/mu-installer/tests/inventory +2 -0
data/ansible/roles/mu-installer/tests/test.yml +5 -0
data/ansible/roles/mu-installer/vars/main.yml +2 -0
data/bin/mu-adopt +125 -0
data/bin/mu-aws-setup +4 -4
data/bin/mu-azure-setup +265 -0
data/bin/mu-azure-tests +43 -0
data/bin/mu-cleanup +20 -8
data/bin/mu-configure +224 -98
data/bin/mu-deploy +8 -3
data/bin/mu-gcp-setup +16 -8
data/bin/mu-gen-docs +92 -8
data/bin/mu-load-config.rb +52 -12
data/bin/mu-momma-cat +36 -0
data/bin/mu-node-manage +34 -27
data/bin/mu-self-update +2 -2
data/bin/mu-ssh +12 -8
data/bin/mu-upload-chef-artifacts +11 -4
data/bin/mu-user-manage +3 -0
data/cloud-mu.gemspec +8 -11
data/cookbooks/firewall/libraries/helpers_iptables.rb +2 -2
data/cookbooks/firewall/metadata.json +1 -1
data/cookbooks/firewall/recipes/default.rb +5 -9
data/cookbooks/mu-firewall/attributes/default.rb +2 -0
data/cookbooks/mu-firewall/metadata.rb +1 -1
data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +0 -0
data/cookbooks/mu-master/Berksfile +2 -2
data/cookbooks/mu-master/files/default/check_mem.pl +0 -0
data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
data/cookbooks/mu-master/metadata.rb +5 -4
data/cookbooks/mu-master/recipes/389ds.rb +1 -1
data/cookbooks/mu-master/recipes/basepackages.rb +30 -10
data/cookbooks/mu-master/recipes/default.rb +59 -7
data/cookbooks/mu-master/recipes/firewall-holes.rb +1 -1
data/cookbooks/mu-master/recipes/init.rb +65 -47
data/cookbooks/mu-master/recipes/{eks-kubectl.rb → kubectl.rb} +4 -10
data/cookbooks/mu-master/recipes/sssd.rb +2 -1
data/cookbooks/mu-master/recipes/update_nagios_only.rb +6 -6
data/cookbooks/mu-master/templates/default/web_app.conf.erb +2 -2
data/cookbooks/mu-master/templates/mods/ldap.conf.erb +4 -0
data/cookbooks/mu-php54/Berksfile +1 -2
data/cookbooks/mu-php54/metadata.rb +4 -5
data/cookbooks/mu-php54/recipes/default.rb +1 -1
data/cookbooks/mu-splunk/templates/default/splunk-init.erb +0 -0
data/cookbooks/mu-tools/Berksfile +3 -2
data/cookbooks/mu-tools/files/default/Mu_CA.pem +33 -0
data/cookbooks/mu-tools/libraries/helper.rb +20 -8
data/cookbooks/mu-tools/metadata.rb +5 -2
data/cookbooks/mu-tools/recipes/apply_security.rb +2 -3
data/cookbooks/mu-tools/recipes/eks.rb +1 -1
data/cookbooks/mu-tools/recipes/gcloud.rb +5 -30
data/cookbooks/mu-tools/recipes/nagios.rb +1 -1
data/cookbooks/mu-tools/recipes/rsyslog.rb +1 -0
data/cookbooks/mu-tools/recipes/selinux.rb +19 -0
data/cookbooks/mu-tools/recipes/split_var_partitions.rb +0 -1
data/cookbooks/mu-tools/recipes/windows-client.rb +256 -122
data/cookbooks/mu-tools/resources/disk.rb +3 -1
data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +1 -1
data/cookbooks/mu-tools/templates/default/etc_hosts.erb +1 -1
data/cookbooks/mu-tools/templates/default/{kubeconfig.erb → kubeconfig-eks.erb} +0 -0
data/cookbooks/mu-tools/templates/default/kubeconfig-gke.erb +27 -0
data/cookbooks/mu-tools/templates/windows-10/sshd_config.erb +137 -0
data/cookbooks/mu-utility/recipes/nat.rb +4 -0
data/extras/alpha.png +0 -0
data/extras/beta.png +0 -0
data/extras/clean-stock-amis +2 -2
data/extras/generate-stock-images +131 -0
data/extras/git-fix-permissions-hook +0 -0
data/extras/image-generators/AWS/centos6.yaml +17 -0
data/extras/image-generators/{aws → AWS}/centos7-govcloud.yaml +0 -0
data/extras/image-generators/{aws → AWS}/centos7.yaml +0 -0
data/extras/image-generators/{aws → AWS}/rhel7.yaml +0 -0
data/extras/image-generators/{aws → AWS}/win2k12.yaml +0 -0
data/extras/image-generators/{aws → AWS}/win2k16.yaml +0 -0
data/extras/image-generators/{aws → AWS}/windows.yaml +0 -0
data/extras/image-generators/{gcp → Google}/centos6.yaml +1 -0
data/extras/image-generators/Google/centos7.yaml +18 -0
data/extras/python_rpm/build.sh +0 -0
data/extras/release.png +0 -0
data/extras/ruby_rpm/build.sh +0 -0
data/extras/ruby_rpm/muby.spec +1 -1
data/install/README.md +43 -5
data/install/deprecated-bash-library.sh +0 -0
data/install/installer +1 -1
data/install/jenkinskeys.rb +0 -0
data/install/mu-master.yaml +55 -0
data/modules/mommacat.ru +41 -7
data/modules/mu.rb +444 -149
data/modules/mu/adoption.rb +500 -0
data/modules/mu/cleanup.rb +235 -158
data/modules/mu/cloud.rb +675 -138
data/modules/mu/clouds/aws.rb +156 -24
data/modules/mu/clouds/aws/alarm.rb +4 -14
data/modules/mu/clouds/aws/bucket.rb +60 -18
data/modules/mu/clouds/aws/cache_cluster.rb +8 -20
data/modules/mu/clouds/aws/collection.rb +12 -22
data/modules/mu/clouds/aws/container_cluster.rb +209 -118
data/modules/mu/clouds/aws/database.rb +120 -45
data/modules/mu/clouds/aws/dnszone.rb +7 -18
data/modules/mu/clouds/aws/endpoint.rb +5 -15
data/modules/mu/clouds/aws/firewall_rule.rb +144 -72
data/modules/mu/clouds/aws/folder.rb +4 -11
data/modules/mu/clouds/aws/function.rb +6 -16
data/modules/mu/clouds/aws/group.rb +4 -12
data/modules/mu/clouds/aws/habitat.rb +11 -13
data/modules/mu/clouds/aws/loadbalancer.rb +40 -28
data/modules/mu/clouds/aws/log.rb +5 -13
data/modules/mu/clouds/aws/msg_queue.rb +9 -24
data/modules/mu/clouds/aws/nosqldb.rb +4 -12
data/modules/mu/clouds/aws/notifier.rb +6 -13
data/modules/mu/clouds/aws/role.rb +69 -40
data/modules/mu/clouds/aws/search_domain.rb +17 -20
data/modules/mu/clouds/aws/server.rb +184 -94
data/modules/mu/clouds/aws/server_pool.rb +33 -38
data/modules/mu/clouds/aws/storage_pool.rb +5 -12
data/modules/mu/clouds/aws/user.rb +59 -33
data/modules/mu/clouds/aws/userdata/linux.erb +18 -30
data/modules/mu/clouds/aws/userdata/windows.erb +9 -9
data/modules/mu/clouds/aws/vpc.rb +214 -145
data/modules/mu/clouds/azure.rb +978 -44
data/modules/mu/clouds/azure/container_cluster.rb +413 -0
data/modules/mu/clouds/azure/firewall_rule.rb +500 -0
data/modules/mu/clouds/azure/habitat.rb +167 -0
data/modules/mu/clouds/azure/loadbalancer.rb +205 -0
data/modules/mu/clouds/azure/role.rb +211 -0
data/modules/mu/clouds/azure/server.rb +810 -0
data/modules/mu/clouds/azure/user.rb +257 -0
data/modules/mu/clouds/azure/userdata/README.md +4 -0
data/modules/mu/clouds/azure/userdata/linux.erb +137 -0
data/modules/mu/clouds/azure/userdata/windows.erb +275 -0
data/modules/mu/clouds/azure/vpc.rb +782 -0
data/modules/mu/clouds/cloudformation.rb +12 -9
data/modules/mu/clouds/cloudformation/firewall_rule.rb +5 -13
data/modules/mu/clouds/cloudformation/server.rb +10 -1
data/modules/mu/clouds/cloudformation/server_pool.rb +1 -0
data/modules/mu/clouds/cloudformation/vpc.rb +0 -2
data/modules/mu/clouds/google.rb +554 -117
data/modules/mu/clouds/google/bucket.rb +173 -32
data/modules/mu/clouds/google/container_cluster.rb +1112 -157
data/modules/mu/clouds/google/database.rb +24 -47
data/modules/mu/clouds/google/firewall_rule.rb +344 -89
data/modules/mu/clouds/google/folder.rb +156 -79
data/modules/mu/clouds/google/group.rb +272 -82
data/modules/mu/clouds/google/habitat.rb +177 -52
data/modules/mu/clouds/google/loadbalancer.rb +9 -34
data/modules/mu/clouds/google/role.rb +1211 -0
data/modules/mu/clouds/google/server.rb +491 -227
data/modules/mu/clouds/google/server_pool.rb +233 -48
data/modules/mu/clouds/google/user.rb +479 -125
data/modules/mu/clouds/google/userdata/linux.erb +3 -3
data/modules/mu/clouds/google/userdata/windows.erb +9 -9
data/modules/mu/clouds/google/vpc.rb +381 -223
data/modules/mu/config.rb +689 -214
data/modules/mu/config/bucket.rb +1 -1
data/modules/mu/config/cache_cluster.rb +1 -1
data/modules/mu/config/cache_cluster.yml +0 -4
data/modules/mu/config/container_cluster.rb +18 -9
data/modules/mu/config/database.rb +6 -23
data/modules/mu/config/firewall_rule.rb +9 -15
data/modules/mu/config/folder.rb +22 -21
data/modules/mu/config/habitat.rb +22 -21
data/modules/mu/config/loadbalancer.rb +2 -2
data/modules/mu/config/role.rb +9 -40
data/modules/mu/config/server.rb +26 -5
data/modules/mu/config/server_pool.rb +1 -1
data/modules/mu/config/storage_pool.rb +2 -2
data/modules/mu/config/user.rb +4 -0
data/modules/mu/config/vpc.rb +350 -110
data/modules/mu/defaults/{amazon_images.yaml → AWS.yaml} +37 -39
data/modules/mu/defaults/Azure.yaml +17 -0
data/modules/mu/defaults/Google.yaml +24 -0
data/modules/mu/defaults/README.md +1 -1
data/modules/mu/deploy.rb +168 -125
data/modules/mu/groomer.rb +2 -1
data/modules/mu/groomers/ansible.rb +104 -32
data/modules/mu/groomers/chef.rb +96 -44
data/modules/mu/kittens.rb +20602 -0
data/modules/mu/logger.rb +38 -11
data/modules/mu/master.rb +90 -8
data/modules/mu/master/chef.rb +2 -3
data/modules/mu/master/ldap.rb +0 -1
data/modules/mu/master/ssl.rb +250 -0
data/modules/mu/mommacat.rb +917 -513
data/modules/scratchpad.erb +1 -1
data/modules/tests/super_complex_bok.yml +0 -0
data/modules/tests/super_simple_bok.yml +0 -0
data/roles/mu-master.json +2 -1
data/spec/azure_creds +5 -0
data/spec/mu.yaml +56 -0
data/spec/mu/clouds/azure_spec.rb +164 -27
data/spec/spec_helper.rb +5 -0
data/test/clean_up.py +0 -0
data/test/exec_inspec.py +0 -0
data/test/exec_mu_install.py +0 -0
data/test/exec_retry.py +0 -0
data/test/smoke_test.rb +0 -0
metadata +90 -118
data/cookbooks/mu-jenkins/Berksfile +0 -14
data/cookbooks/mu-jenkins/CHANGELOG.md +0 -13
data/cookbooks/mu-jenkins/LICENSE +0 -37
data/cookbooks/mu-jenkins/README.md +0 -105
data/cookbooks/mu-jenkins/attributes/default.rb +0 -42
data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +0 -73
data/cookbooks/mu-jenkins/files/default/deploy_config.xml +0 -44
data/cookbooks/mu-jenkins/metadata.rb +0 -21
data/cookbooks/mu-jenkins/recipes/default.rb +0 -195
data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +0 -54
data/cookbooks/mu-jenkins/recipes/public_key.rb +0 -24
data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +0 -24
data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +0 -14
data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +0 -6
data/cookbooks/nagios/Berksfile +0 -11
data/cookbooks/nagios/CHANGELOG.md +0 -589
data/cookbooks/nagios/CONTRIBUTING.md +0 -11
data/cookbooks/nagios/LICENSE +0 -37
data/cookbooks/nagios/README.md +0 -328
data/cookbooks/nagios/TESTING.md +0 -2
data/cookbooks/nagios/attributes/config.rb +0 -171
data/cookbooks/nagios/attributes/default.rb +0 -228
data/cookbooks/nagios/chefignore +0 -102
data/cookbooks/nagios/definitions/command.rb +0 -33
data/cookbooks/nagios/definitions/contact.rb +0 -33
data/cookbooks/nagios/definitions/contactgroup.rb +0 -33
data/cookbooks/nagios/definitions/host.rb +0 -33
data/cookbooks/nagios/definitions/hostdependency.rb +0 -33
data/cookbooks/nagios/definitions/hostescalation.rb +0 -34
data/cookbooks/nagios/definitions/hostgroup.rb +0 -33
data/cookbooks/nagios/definitions/nagios_conf.rb +0 -38
data/cookbooks/nagios/definitions/resource.rb +0 -33
data/cookbooks/nagios/definitions/service.rb +0 -33
data/cookbooks/nagios/definitions/servicedependency.rb +0 -33
data/cookbooks/nagios/definitions/serviceescalation.rb +0 -34
data/cookbooks/nagios/definitions/servicegroup.rb +0 -33
data/cookbooks/nagios/definitions/timeperiod.rb +0 -33
data/cookbooks/nagios/libraries/base.rb +0 -314
data/cookbooks/nagios/libraries/command.rb +0 -91
data/cookbooks/nagios/libraries/contact.rb +0 -230
data/cookbooks/nagios/libraries/contactgroup.rb +0 -112
data/cookbooks/nagios/libraries/custom_option.rb +0 -36
data/cookbooks/nagios/libraries/data_bag_helper.rb +0 -23
data/cookbooks/nagios/libraries/default.rb +0 -90
data/cookbooks/nagios/libraries/host.rb +0 -412
data/cookbooks/nagios/libraries/hostdependency.rb +0 -181
data/cookbooks/nagios/libraries/hostescalation.rb +0 -173
data/cookbooks/nagios/libraries/hostgroup.rb +0 -119
data/cookbooks/nagios/libraries/nagios.rb +0 -282
data/cookbooks/nagios/libraries/resource.rb +0 -59
data/cookbooks/nagios/libraries/service.rb +0 -455
data/cookbooks/nagios/libraries/servicedependency.rb +0 -215
data/cookbooks/nagios/libraries/serviceescalation.rb +0 -195
data/cookbooks/nagios/libraries/servicegroup.rb +0 -144
data/cookbooks/nagios/libraries/timeperiod.rb +0 -160
data/cookbooks/nagios/libraries/users_helper.rb +0 -54
data/cookbooks/nagios/metadata.rb +0 -25
data/cookbooks/nagios/recipes/_load_databag_config.rb +0 -153
data/cookbooks/nagios/recipes/_load_default_config.rb +0 -241
data/cookbooks/nagios/recipes/apache.rb +0 -48
data/cookbooks/nagios/recipes/default.rb +0 -204
data/cookbooks/nagios/recipes/nginx.rb +0 -82
data/cookbooks/nagios/recipes/pagerduty.rb +0 -143
data/cookbooks/nagios/recipes/server_package.rb +0 -40
data/cookbooks/nagios/recipes/server_source.rb +0 -164
data/cookbooks/nagios/templates/default/apache2.conf.erb +0 -96
data/cookbooks/nagios/templates/default/cgi.cfg.erb +0 -266
data/cookbooks/nagios/templates/default/commands.cfg.erb +0 -13
data/cookbooks/nagios/templates/default/contacts.cfg.erb +0 -37
data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +0 -25
data/cookbooks/nagios/templates/default/hosts.cfg.erb +0 -15
data/cookbooks/nagios/templates/default/htpasswd.users.erb +0 -6
data/cookbooks/nagios/templates/default/nagios.cfg.erb +0 -22
data/cookbooks/nagios/templates/default/nginx.conf.erb +0 -62
data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +0 -185
data/cookbooks/nagios/templates/default/resource.cfg.erb +0 -27
data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +0 -15
data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +0 -14
data/cookbooks/nagios/templates/default/services.cfg.erb +0 -14
data/cookbooks/nagios/templates/default/templates.cfg.erb +0 -31
data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +0 -13
data/extras/image-generators/aws/centos6.yaml +0 -18
data/modules/mu/defaults/google_images.yaml +0 -16
data/roles/mu-master-jenkins.json +0 -24

data/install/deprecated-bash-library.sh CHANGED

File without changes

data/install/installer CHANGED

@@ -2,7 +2,7 @@
 BOLD=`tput bold`
 NORM=`tput sgr0`
-CHEF_CLIENT_VERSION="14.11.21"
+CHEF_CLIENT_VERSION="14.13.11"
 if [ "$MU_BRANCH" == "" ];then
   MU_BRANCH="master"
   mydir="`dirname $0`"

data/install/jenkinskeys.rb CHANGED

File without changes

data/install/mu-master.yaml ADDED

@@ -0,0 +1,55 @@
+---
+appname: mu
+parameters:
+- name: cloud
+  default: <%= MU.myCloud || "AWS" %>
+  valid_values:
+<% MU::Cloud.availableClouds.each { |c| %>
+  - <%= c %>
+<% } %>
+- name: public
+  default: true
+- name: name
+  default: mu-master
+scrub_mu_isms: true
+servers:
+- name: <%= name %>
+  groomer: Ansible
+  run_list:
+  - mu-installer
+  platform: centos7
+  cloud: <%= cloud %>
+<% if cloud == "AWS" %>
+  size: t2.medium
+<% elsif cloud == "Azure" %>
+  size: Standard_DS1_v2
+<% elsif cloud == "Google" %>
+  size: n1-standard-1
+<% end %>
+  vpc:
+    name: <%= name %>-vpc
+<% if public == "true" %>
+    subnet_pref: public
+  static_ip:
+    assign_ip: true
+  associate_public_ip: true
+<% else %>
+    subnet_pref: private
+<% end %>
+<% if cloud == "AWS" %>
+  canned_iam_policies:
+  - AdministratorAccess
+<% elsif cloud == "Azure" %>
+  roles:
+  - Owner
+<% elsif cloud == "Google" %>
+  roles:
+  - role:
+      id: roles/owner
+<% end %>
+vpcs:
+- name: <%= name %>-vpc
+  cloud: <%= cloud %>
+<% if public %>
+  create_bastion: false
+<% end %>

data/modules/mommacat.ru CHANGED

@@ -32,7 +32,12 @@ $LOAD_PATH << "#{$MUDIR}/modules"
 require File.realpath(File.expand_path(File.dirname(__FILE__)+"/mu-load-config.rb"))
 require 'mu'
-MU::Groomer::Chef.loadChefLib # pre-cache this so we don't take a hit on a user-interactive need
+begin
+  MU::Groomer::Chef.loadChefLib # pre-cache this so we don't take a hit on a user-interactive need
+  $ENABLE_SCRATCHPAD = true
+rescue LoadError
+  MU.log "Chef libraries not available, disabling Scratchpad", MU::WARN
+end
 #MU.setLogging($opts[:verbose], $opts[:web])
 if MU.myCloud == "AWS"
   MU::Cloud::AWS.openFirewallForClients # XXX add the other clouds, or abstract
@@ -57,7 +62,7 @@ Thread.new {
   MU.dupGlobals(parent_thread_id)
   begin
     MU::MommaCat.cleanTerminatedInstances
-    MU::Master.cleanExpiredScratchpads
+    MU::Master.cleanExpiredScratchpads if $ENABLE_SCRATCHPAD
     sleep 60
   rescue Exception => e
     MU.log "Error in cleanTerminatedInstances thread: #{e.inspect}", MU::ERR, details: e.backtrace
@@ -199,6 +204,17 @@ app = proc do |env|
   ]
   begin
     if !env.nil? and !env['REQUEST_PATH'].nil? and env['REQUEST_PATH'].match(/^\/scratchpad/)
+      if !$ENABLE_SCRATCHPAD
+        msg = "Scratchpad disabled in non-Chef Mu installations"
+        return [
+          504,
+          {
+            'Content-Type' => 'text/html',
+            'Content-Length' => msg.length.to_s
+          },
+          [msg]
+        ]
+      end
       itemname = env['REQUEST_PATH'].sub(/^\/scratchpad\//, "")
       begin
         if itemname.sub!(/\/secret$/, "")
@@ -257,7 +273,7 @@ app = proc do |env|
             [page]
           ]
         end
-      rescue MU::Groomer::Chef::MuNoSuchSecret
+      rescue MU::Groomer::MuNoSuchSecret
         page = nil
         if $MU_CFG.has_key?('scratchpad') and
            $MU_CFG['scratchpad'].has_key?("template_path") and
@@ -287,6 +303,7 @@ app = proc do |env|
         ]
       end
     elsif !env.nil? and !env['REQUEST_PATH'].nil? and env['REQUEST_PATH'].match(/^\/rest\//)
       action, filter, path = env['REQUEST_PATH'].sub(/^\/rest\/?/, "").split(/\//, 3)
       # Don't give away the store. This can't be public until we can
       # authenticate and access-control properly.
@@ -295,7 +312,23 @@ app = proc do |env|
         next
       end
-      if action == "deploy"
+      if action == "hosts_add"
+        if Process.uid != 0
+          returnval = throw500 "Service not available"
+        elsif !filter or !path
+          returnval = throw404 env['REQUEST_PATH']
+        else
+          MU::MommaCat.addInstanceToEtcHosts(path, filter)
+          returnval = [
+            200,
+            {
+              'Content-Type' => 'text/plain',
+              'Content-Length' => 2
+            },
+            ["ok"]
+          ]
+        end
+      elsif action == "deploy"
         returnval = throw404 env['REQUEST_PATH'] if !filter
         MU.log "Loading deploy data for #{filter} #{path}"
         kittenpile = MU::MommaCat.getLitter(filter)
@@ -313,9 +346,9 @@ app = proc do |env|
           200,
           {
             'Content-Type' => 'text/plain',
-            'Content-Length' => MU.adminBucketName.length.to_s
+            'Content-Length' => MU.adminBucketName(filter, credentials: path).length.to_s
           },
-          [MU.adminBucketName]
+          [MU.adminBucketName(filter, credentials: path)]
         ]
       else
         returnval = throw404 env['REQUEST_PATH']
@@ -389,7 +422,8 @@ app = proc do |env|
         if instance.respond_to?(:addVolume)
 # XXX make sure we handle mangled input safely
           params = JSON.parse(Base64.decode64(req["add_volume"]))
-          instance.addVolume(params["dev"], params["size"])
+MU.log "ADDVOLUME REQUEST", MU::WARN, details: params
+          instance.addVolume(params["dev"], params["size"], delete_on_termination: params["delete_on_termination"])
         else
           returnval = throw500 "I don't know how to add a volume for #{instance}"
           ok = false

data/modules/mu.rb CHANGED

@@ -36,20 +36,252 @@ class Object
   end
 end
+# Mu extensions to Ruby's {Hash} type for internal Mu use
+class Hash
+  # Strip extraneous fields out of a {MU::Config} hash to make it suitable for
+  # shorthand printing, such as with <tt>mu-adopt --diff</tt>
+  def self.bok_minimize(o)
+    if o.is_a?(Hash)
+      newhash = o.reject { |k, v|
+        !v.is_a?(Array) and !v.is_a?(Hash) and !["name", "id", "cloud_id"].include?(k)
+      }
+#      newhash.delete("cloud_id") if newhash["name"] or newhash["id"]
+      newhash.each_pair { |k, v|
+        newhash[k] = bok_minimize(v)
+      }
+      newhash.reject! { |_k, v| v.nil? or v.empty? }
+      newhash = newhash.values.first if newhash.size == 1
+      return newhash
+    elsif o.is_a?(Array)
+      newarray = []
+      o.each { |v|
+        newvalue = bok_minimize(v)
+        newarray << newvalue if !newvalue.nil? and !newvalue.empty?
+      }
+      newarray = newarray.first if newarray.size == 1
+      return newarray
+    end
+    o
+  end
+  # A comparison function for sorting arrays of hashes
+  def <=>(other)
+    return 1 if other.nil? or self.size > other.size
+    return -1 if other.size > self.size
+    # Sort any array children we have
+    self.each_pair { |k, v|
+      self[k] = v.sort if v.is_a?(Array)
+    }
+    other.each_pair { |k, v|
+      other[k] = v.sort if v.is_a?(Array)
+    }
+    return 0 if self == other # that was easy!
+    # compare elements and decide who's "bigger" based on their totals?
+    0
+  end
+  # Recursively compare two hashes
+  def diff(with, on = self, level: 0, parents: [])
+    return if with.nil? and on.nil?
+    if with.nil? or on.nil? or with.class != on.class
+      return # XXX ...however we're flagging differences
+    end
+    return if on == with
+    tree = ""
+    indentsize = 0
+    parents.each { |p|
+      tree += (" " * indentsize) + p + " => \n"
+      indentsize += 2
+    }
+    indent = (" " * indentsize)
+    changes = []
+    if on.is_a?(Hash)
+      on_unique = (on.keys - with.keys)
+      with_unique = (with.keys - on.keys)
+      shared = (with.keys & on.keys)
+      shared.each { |k|
+        diff(with[k], on[k], level: level+1, parents: parents + [k])
+      }
+      on_unique.each { |k|
+        changes << "- ".red+PP.pp({k => on[k] }, '')
+      }
+      with_unique.each { |k|
+        changes << "+ ".green+PP.pp({k => with[k]}, '')
+      }
+    elsif on.is_a?(Array)
+      return if with == on
+      # special case- Basket of Kittens lists of declared resources of a type;
+      # we use this to decide if we can compare two array elements as if they
+      # should be equivalent
+      # We also implement comparison operators for {Hash} and our various
+      # custom objects which we might find in here so that we can get away with
+      # sorting arrays full of weird, non-primitive types.
+      done = []
+#      before_a = on.dup
+#      after_a = on.dup.sort
+#      before_b = with.dup
+#      after_b = with.dup.sort
+      on.sort.each { |elt|
+        if elt.is_a?(Hash) and elt['name'] or elt['entity']# or elt['cloud_id']
+          with.sort.each { |other_elt|
+            if (elt['name'] and other_elt['name'] == elt['name']) or
+               (elt['name'].nil? and !elt["id"].nil? and elt["id"] == other_elt["id"]) or
+               (elt['name'].nil? and elt["id"].nil? and
+                !elt["entity"].nil? and !other_elt["entity"].nil? and
+                 (
+                   (elt["entity"]["id"] and elt["entity"]["id"] == other_elt["entity"]["id"]) or
+                   (elt["entity"]["name"] and elt["entity"]["name"] == other_elt["entity"]["name"])
+                 )
+               )
+              break if elt == other_elt
+              done << elt
+              done << other_elt
+              namestr = if elt['type']
+                "#{elt['type']}[#{elt['name']}]"
+              elsif elt['name']
+                elt['name']
+              elsif elt['entity'] and elt["entity"]["id"]
+                elt['entity']['id']
+              end
+              diff(other_elt, elt, level: level+1, parents: parents + [namestr])
+              break
+            end
+          }
+        end
+      }
+      on_unique = (on - with) - done
+      with_unique = (with - on) - done
+#    if on_unique.size > 0 or with_unique.size > 0
+#      if before_a != after_a
+#        MU.log "A BEFORE", MU::NOTICE, details: before_a
+#        MU.log "A AFTER", MU::NOTICE, details: after_a
+#      end
+#      if before_b != after_b
+#        MU.log "B BEFORE", MU::NOTICE, details: before_b
+#        MU.log "B AFTER", MU::NOTICE, details: after_b
+#      end
+#    end
+      on_unique.each { |e|
+        changes << if e.is_a?(Hash)
+          "- ".red+PP.pp(Hash.bok_minimize(e), '').gsub(/\n/, "\n  "+(indent))
+        else
+          "- ".red+e.to_s
+        end
+      }
+      with_unique.each { |e|
+        changes << if e.is_a?(Hash)
+          "+ ".green+PP.pp(Hash.bok_minimize(e), '').gsub(/\n/, "\n  "+(indent))
+        else
+          "+ ".green+e.to_s
+        end
+      }
+    else
+      if on != with
+        changes << "-".red+" #{on.to_s}"
+        changes << "+".green+" #{with.to_s}"
+      end
+    end
+    if changes.size > 0
+      puts tree
+      changes.each { |c|
+        puts indent+c
+      }
+    end
+  end
+  # Implement a merge! that just updates each hash leaf as needed, not
+  # trashing the branch on the way there.
+  def deep_merge!(with, on = self)
+    if on and with and with.is_a?(Hash)
+      with.each_pair { |k, v|
+        if !on[k] or !on[k].is_a?(Hash)
+          on[k] = v
+        else
+          deep_merge!(with[k], on[k])
+        end
+      }
+    elsif with
+      on = with
+    end
+    on
+  end
+end
 ENV['HOME'] = Etc.getpwuid(Process.uid).dir
 require 'mu/logger'
 module MU
+  # Subclass core thread so we can gracefully handle it when we hit system
+  # thread limits. Back off and wait makes sense for us, since most of our
+  # threads are terminal (in the dependency sense) and this is unlikely to get
+  # us deadlocks.
+  class Thread < ::Thread
+    @@mu_global_threads = []
+    @@mu_global_thread_semaphore = Mutex.new
+    def initialize(*args, &block)
+      @@mu_global_thread_semaphore.synchronize {
+        @@mu_global_threads.reject! { |t| t.nil? or !t.status }
+      }
+      newguy = nil
+      start = Time.now
+      begin
+        newguy = super(*args, &block)
+        if newguy.nil?
+          MU.log "I somehow got a nil trying to create a thread", MU::WARN, details: caller
+          sleep 1
+        end
+      rescue ::ThreadError => e
+        if e.message.match(/Resource temporarily unavailable/)
+          toomany = @@mu_global_threads.size
+          MU.log "Hit the wall at #{toomany.to_s} threads, waiting until there are fewer", MU::WARN
+          if @@mu_global_threads.size >= toomany
+            sleep 1
+            begin
+              @@mu_global_thread_semaphore.synchronize {
+                @@mu_global_threads.each { |t|
+                  next if t == ::Thread.current
+                  t.join(0.1)
+                }
+                @@mu_global_threads.reject! { |t| t.nil? or !t.status }
+              }
+              if (Time.now - start) > 150
+                MU.log "Failed to get a free thread slot after 150 seconds- are we in a deadlock situation?", MU::ERR, details: caller
+                raise e
+              end
+            end while @@mu_global_threads.size >= toomany
+          end
+          retry
+        else
+          raise e
+        end
+      end while newguy.nil?
+      @@mu_global_thread_semaphore.synchronize {
+        @@mu_global_threads << newguy
+      }
+    end
+  end
   # Wrapper class for fatal Exceptions. Gives our internals something to
   # inherit that will log an error message appropriately before bubbling up.
   class MuError < StandardError
     def initialize(message = nil)
-      MU.log message, MU::ERR if !message.nil?
+      MU.log message, MU::ERR, details: caller[2] if !message.nil?
       if MU.verbosity == MU::Logger::SILENT
-        super
-      else
         super ""
+      else
+        super message
       end
     end
   end
@@ -60,9 +292,9 @@ module MU
     def initialize(message = nil)
       MU.log message, MU::NOTICE if !message.nil?
       if MU.verbosity == MU::Logger::SILENT
-        super
-      else
         super ""
+      else
+        super message
       end
     end
   end
@@ -80,11 +312,37 @@ module MU
     @@myRoot
   end
+  # utility routine for sorting semantic versioning strings
+  def self.version_sort(a, b)
+    a_parts = a.split(/[^a-z0-9]/)
+    b_parts = b.split(/[^a-z0-9]/)
+    for i in 0..a_parts.size
+      matchval = if a_parts[i] and b_parts[i] and
+                    a_parts[i].match(/^\d+/) and b_parts[i].match(/^\d+/)
+        a_parts[i].to_i <=> b_parts[i].to_i
+      elsif a_parts[i] and !b_parts[i]
+        1
+      elsif !a_parts[i] and b_parts[i]
+        -1
+      else
+        a_parts[i] <=> b_parts[i]
+      end
+      return matchval if matchval != 0
+    end
+    0
+  end
   # Front our global $MU_CFG hash with a read-only copy
   def self.muCfg
     Marshal.load(Marshal.dump($MU_CFG)).freeze
   end
+  # Returns true if we're running without a full systemwide Mu Master install,
+  # typically as a gem.
+  def self.localOnly
+    ((Gem.paths and Gem.paths.home and File.realpath(File.expand_path(File.dirname(__FILE__))).match(/^#{Gem.paths.home}/)) or !Dir.exist?("/opt/mu"))
+  end
   # The main (root) Mu user's data directory.
   @@mainDataDir = File.expand_path(@@myRoot+"/../var")
   # The main (root) Mu user's data directory.
@@ -133,6 +391,7 @@ module MU
   # Copy the set of global variables in use by another thread, typically our
   # parent thread.
   def self.dupGlobals(parent_thread_id)
+    @@globals[parent_thread_id] ||= {}
     @@globals[parent_thread_id].each_pair { |name, value|
       setVar(name, value)
     }
@@ -215,13 +474,15 @@ module MU
   @myDataDir = @@mainDataDir if @myDataDir.nil?
   # Mu's deployment metadata directory.
   def self.dataDir(for_user = MU.mu_user)
-    if for_user.nil? or for_user.empty? or for_user == "mu" or for_user == "root"
+    if !localOnly and
+       ((Process.uid == 0 and (for_user.nil? or for_user.empty?)) or
+        for_user == "mu" or for_user == "root")
       return @myDataDir
     else
       for_user ||= MU.mu_user
       basepath = Etc.getpwnam(for_user).dir+"/.mu"
-      Dir.mkdir(basepath, 0755) if !Dir.exists?(basepath)
-      Dir.mkdir(basepath+"/var", 0755) if !Dir.exists?(basepath+"/var")
+      Dir.mkdir(basepath, 0755) if !Dir.exist?(basepath)
+      Dir.mkdir(basepath+"/var", 0755) if !Dir.exist?(basepath+"/var")
       return basepath+"/var"
     end
   end
@@ -233,14 +494,24 @@ module MU
     end
     @@globals[Thread.current.object_id]['verbosity']
   end
+  # The color logging flag merits a default value.
+  def self.color
+    if @@globals[Thread.current.object_id].nil? or @@globals[Thread.current.object_id]['color'].nil?
+      MU.setVar("color", true)
+    end
+    @@globals[Thread.current.object_id]['color']
+  end
   # Set parameters parameters for calls to {MU#log}
-  def self.setLogging(verbosity, webify_logs = false, handle = STDOUT)
+  def self.setLogging(verbosity, webify_logs = false, handle = STDOUT, color = true)
     MU.setVar("verbosity", verbosity)
-    @@logger ||= MU::Logger.new(verbosity, webify_logs, handle)
+    MU.setVar("color", color)
+    @@logger ||= MU::Logger.new(verbosity, webify_logs, handle, color)
     @@logger.html = webify_logs
     @@logger.verbosity = verbosity
     @@logger.handle = handle
+    @@logger.color = color
   end
   setLogging(MU::Logger::NORMAL, false)
@@ -252,7 +523,7 @@ module MU
   end
   # Shortcut to invoke {MU::Logger#log}
-  def self.log(msg, level = MU::INFO, details: nil, html: html = false, verbosity: MU.verbosity)
+  def self.log(msg, level = MU::INFO, details: nil, html: false, verbosity: MU.verbosity, color: true)
     return if (level == MU::DEBUG and verbosity <= MU::Logger::LOUD)
     return if verbosity == MU::Logger::SILENT
@@ -275,9 +546,9 @@ module MU
         extra = Hash.new if extra.nil?
         extra[:details] = details
       end
-      @@logger.log(msg, level, details: extra, verbosity: MU::Logger::LOUD, html: html)
+      @@logger.log(msg, level, details: extra, verbosity: MU::Logger::LOUD, html: html, color: color)
     else
-      @@logger.log(msg, level, html: html, verbosity: verbosity)
+      @@logger.log(msg, level, html: html, verbosity: verbosity, color: color)
     end
   end
@@ -308,49 +579,66 @@ module MU
   require 'mu/groomer'
   # Little hack to initialize library-only environments' config files
-  if !$MU_CFG
-    require "#{@@myRoot}/bin/mu-load-config.rb"
-    if !$MU_CFG['auto_detection_done'] and (!$MU_CFG['multiuser'] or !cfgExists?)
-      MU.log "Auto-detecting cloud providers"
-      new_cfg = $MU_CFG.dup
-      examples = {}
-      MU::Cloud.supportedClouds.each { |cloud|
-        cloudclass = Object.const_get("MU").const_get("Cloud").const_get(cloud)
-        begin
-          if cloudclass.hosted? and !$MU_CFG[cloud.downcase]
-            cfg_blob = cloudclass.hosted_config
-            if cfg_blob
-              new_cfg[cloud.downcase] = cfg_blob
-              MU.log "Adding #{cloud} stanza to #{cfgPath}", MU::NOTICE
-            end
-          elsif !$MU_CFG[cloud.downcase] and !cloudclass.config_example.nil?
-            examples[cloud.downcase] = cloudclass.config_example
+  def self.detectCloudProviders
+    MU.log "Auto-detecting cloud providers"
+    new_cfg = $MU_CFG.dup
+    examples = {}
+    MU::Cloud.supportedClouds.each { |cloud|
+      cloudclass = Object.const_get("MU").const_get("Cloud").const_get(cloud)
+      begin
+        if cloudclass.hosted? and !$MU_CFG[cloud.downcase]
+          cfg_blob = cloudclass.hosted_config
+          if cfg_blob
+            new_cfg[cloud.downcase] = cfg_blob
+            MU.log "Adding auto-detected #{cloud} stanza", MU::NOTICE
           end
-        rescue NoMethodError => e
-          # missing .hosted? is normal for dummy layers like CloudFormation
-          MU.log e.message, MU::WARN
+        elsif !$MU_CFG[cloud.downcase] and !cloudclass.config_example.nil?
+          examples[cloud.downcase] = cloudclass.config_example
         end
-      }
-      new_cfg['auto_detection_done'] = true
-      if new_cfg != $MU_CFG or !cfgExists?
-        MU.log "Generating #{cfgPath}"
-        saveMuConfig(new_cfg, examples) # XXX and reload it
+      rescue NoMethodError => e
+        # missing .hosted? is normal for dummy layers like CloudFormation
+        MU.log e.message, MU::WARN
       end
+    }
+    new_cfg['auto_detection_done'] = true
+    if new_cfg != $MU_CFG or !cfgExists?
+      MU.log "Generating #{cfgPath}"
+      saveMuConfig(new_cfg, examples) # XXX and reload it
     end
+    new_cfg
+  end
+  if !$MU_CFG
+    require "#{@@myRoot}/bin/mu-load-config.rb"
+    if !$MU_CFG['auto_detection_done'] and (!$MU_CFG['multiuser'] or !cfgExists?)
+      detectCloudProviders
+    end
+  end
+  @@mommacat_port = 2260
+  if !$MU_CFG.nil? and !$MU_CFG['mommacat_port'].nil? and
+     !$MU_CFG['mommacat_port'] != "" and $MU_CFG['mommacat_port'].to_i > 0 and
+     $MU_CFG['mommacat_port'].to_i < 65536
+    @@mommacat_port = $MU_CFG['mommacat_port'].to_i
+  end
+  # The port on which the Momma Cat daemon should listen for requests
+  # @return [Integer]
+  def self.mommaCatPort
+    @@mommacat_port
   end
   @@my_private_ip = nil
   @@my_public_ip = nil
   @@mu_public_addr = nil
   @@mu_public_ip = nil
-  if $MU_CFG['aws'] # XXX this should be abstracted to elsewhere
+  if MU::Cloud::AWS.hosted?
     @@my_private_ip = MU::Cloud::AWS.getAWSMetaData("local-ipv4")
     @@my_public_ip = MU::Cloud::AWS.getAWSMetaData("public-ipv4")
     @@mu_public_addr = @@my_public_ip
     @@mu_public_ip = @@my_public_ip
   end
-  if !$MU_CFG.nil? and !$MU_CFG['public_address'].nil? and !$MU_CFG['public_address'].empty? and @@my_public_ip != $MU_CFG['public_address']
+  if !$MU_CFG.nil? and !$MU_CFG['public_address'].nil? and
+     !$MU_CFG['public_address'].empty? and @@my_public_ip != $MU_CFG['public_address']
     @@mu_public_addr = $MU_CFG['public_address']
     if !@@mu_public_addr.match(/^\d+\.\d+\.\d+\.\d+$/)
       resolver = Resolv::DNS.new
@@ -400,7 +688,9 @@ module MU
   def self.userEmail(user = MU.mu_user)
     @userlist ||= MU::Master.listUsers
     user = "mu" if user == "root"
-    if Dir.exists?("#{MU.mainDataDir}/users/#{user}")
+    if Dir.exist?("#{MU.mainDataDir}/users/#{user}") and
+       File.readable?("#{MU.mainDataDir}/users/#{user}/email") and
+       File.size?("#{MU.mainDataDir}/users/#{user}/email")
       return File.read("#{MU.mainDataDir}/users/#{user}/email").chomp
     elsif @userlist.has_key?(user)
       return @userlist[user]['email']
@@ -413,7 +703,9 @@ module MU
   # Fetch the real-world name of a given Mu user
   def self.userName(user = MU.mu_user)
     @userlist ||= MU::Master.listUsers
-    if Dir.exists?("#{MU.mainDataDir}/users/#{user}")
+    if Dir.exist?("#{MU.mainDataDir}/users/#{user}") and
+       File.readable?("#{MU.mainDataDir}/users/#{user}/realname") and
+       File.size?("#{MU.mainDataDir}/users/#{user}/realname")
       return File.read("#{MU.mainDataDir}/users/#{user}/realname").chomp
     elsif @userlist.has_key?(user)
       return @userlist[user]['email']
@@ -430,6 +722,14 @@ module MU
     ["Chef", "Ansible"]
   end
+  # The version of Chef we will install on nodes.
+  @@chefVersion = "14.0.190"
+  # The version of Chef we will install on nodes.
+  # @return [String]
+  def self.chefVersion
+    @@chefVersion
+  end
   MU.supportedGroomers.each { |groomer|
     require "mu/groomers/#{groomer.downcase}"
   }
@@ -451,6 +751,8 @@ module MU
       @@myRegion_var = zone.gsub(/^.*?\/|\-\d+$/, "")
     elsif MU::Cloud::AWS.hosted?
       @@myRegion_var ||= MU::Cloud::AWS.myRegion
+    elsif MU::Cloud::Azure.hosted?
+      @@myRegion_var ||= MU::Cloud::Azure.myRegion
     else
       @@myRegion_var = nil
     end
@@ -458,6 +760,7 @@ module MU
   end
   require 'mu/config'
+  require 'mu/adoption'
   # Figure out what cloud provider we're in, if any.
   # @return [String]: Google, AWS, etc. Returns nil if we don't seem to be in a cloud.
@@ -468,6 +771,10 @@ module MU
     elsif MU::Cloud::AWS.hosted?
       @@myInstanceId = MU::Cloud::AWS.getAWSMetaData("instance-id")
       return "AWS"
+    elsif MU::Cloud::Azure.hosted?
+      metadata = MU::Cloud::Azure.get_metadata()["compute"]
+      @@myInstanceId = MU::Cloud::Azure::Id.new("/subscriptions/"+metadata["subscriptionId"]+"/resourceGroups/"+metadata["resourceGroupName"]+"/providers/Microsoft.Compute/virtualMachines/"+metadata["name"])
+      return "Azure"
     end
     nil
   end
@@ -513,63 +820,105 @@ module MU
     @@myAZ_var
   end
-  @@myCloudDescriptor = nil
-  if MU::Cloud::Google.hosted?
-    @@myCloudDescriptor = MU::Cloud::Google.compute.get_instance(
-      MU::Cloud::Google.myProject,
-      MU.myAZ,
-      MU.myInstanceId
-    )
-  elsif MU::Cloud::AWS.hosted?
+  # Recursively turn a Ruby OpenStruct into a Hash
+  # @param struct [OpenStruct]
+  # @param stringify_keys [Boolean]
+  # @return [Hash]
+  def self.structToHash(struct, stringify_keys: false)
+    google_struct = false
     begin
-      @@myCloudDescriptor = MU::Cloud::AWS.ec2(region: MU.myRegion).describe_instances(instance_ids: [MU.myInstanceId]).reservations.first.instances.first
-    rescue Aws::EC2::Errors::InvalidInstanceIDNotFound => e
-    rescue Aws::Errors::MissingCredentialsError => e
-      MU.log "I'm hosted in AWS, but I can't make API calls. Does this instance have an appropriate IAM profile?", MU::WARN
+      google_struct = struct.class.ancestors.include?(::Google::Apis::Core::Hashable)
+    rescue NameError
     end
-  end
+    aws_struct = false
+    begin
+      aws_struct = struct.class.ancestors.include?(::Seahorse::Client::Response)
+    rescue NameError
+    end
-  @@myVPC_var = nil
-  # The VPC/Network in which this Mu master resides
-  # XXX account for Google and non-cloud situations
-  def self.myVPC
-    return nil if MU.myCloudDescriptor.nil?
+    azure_struct = false
     begin
-      if MU::Cloud::AWS.hosted?
-        @@myVPC_var ||= MU.myCloudDescriptor.vpc_id
-      elsif MU::Cloud::Google.hosted?
-        @@myVPC_var = MU.myCloudDescriptor.network_interfaces.first.network.gsub(/.*?\/([^\/]+)$/, '\1')
+      azure_struct = struct.class.ancestors.include?(::MsRestAzure) or struct.class.name.match(/Azure::.*?::Mgmt::.*?::Models::/)
+    rescue NameError
+    end
+    if struct.is_a?(Struct) or struct.class.ancestors.include?(Struct) or
+       google_struct or aws_struct or azure_struct
+      hash = if azure_struct
+        MU::Cloud::Azure.respToHash(struct)
       else
-        nil
+        struct.to_h
+      end
+      if stringify_keys
+        newhash = {}
+        hash.each_pair { |k, v|
+          newhash[k.to_s] = v
+        }
+        hash = newhash
       end
-    rescue Aws::EC2::Errors::InternalError => e
-      MU.log "Got #{e.inspect} on MU::Cloud::AWS.ec2(region: #{MU.myRegion}).describe_instances(instance_ids: [#{@@myInstanceId}])", MU::WARN
-      sleep 10
+      hash.each_pair { |key, value|
+        hash[key] = self.structToHash(value, stringify_keys: stringify_keys)
+      }
+      return hash
+    elsif struct.is_a?(MU::Config::Ref)
+      struct = struct.to_h
+    elsif struct.is_a?(MU::Cloud::Azure::Id)
+      struct = struct.to_s
+    elsif struct.is_a?(Hash)
+      if stringify_keys
+        newhash = {}
+        struct.each_pair { |k, v|
+          newhash[k.to_s] = v
+        }
+        struct = newhash
+      end
+      struct.each_pair { |key, value|
+        struct[key] = self.structToHash(value, stringify_keys: stringify_keys)
+      }
+      return struct
+    elsif struct.is_a?(Array)
+      struct.map! { |elt|
+        self.structToHash(elt, stringify_keys: stringify_keys)
+      }
+    elsif struct.is_a?(String)
+      # Cleanse weird encoding problems
+      return struct.dup.to_s.force_encoding("ASCII-8BIT").encode('UTF-8', invalid: :replace, undef: :replace, replace: '?')
+    else
+      return struct
     end
-    @@myVPC_var
   end
-  @@mySubnets_var = nil
-  # The AWS Subnets associated with the VPC this MU Master is in
-  # XXX account for Google and non-cloud situations
-  def self.mySubnets
-    @@mySubnets_var ||= MU::Cloud::AWS.ec2(region: MU.myRegion).describe_subnets(
-      filters: [
-        {
-          name: "vpc-id",
-          values: [MU.myVPC]
-        }
-      ]
-    ).subnets
+  @@myCloudDescriptor = nil
+  if MU.myCloud
+    found = MU::MommaCat.findStray(MU.myCloud, "server", cloud_id: @@myInstanceId, dummy_ok: true, region: MU.myRegion)
+    if !found.nil? and found.size == 1
+      @@myCloudDescriptor = found.first.cloud_desc
+    end
   end
-  # The version of Chef we will install on nodes.
-  @@chefVersion = "14.0.190"
-  # The version of Chef we will install on nodes.
-  # @return [String]
-  def self.chefVersion;
-    @@chefVersion
+  @@myVPCObj_var = nil
+  # The VPC/Network in which this Mu master resides
+  def self.myVPCObj
+    return nil if MU.myCloud.nil?
+    return @@myVPCObj_var if @@myVPCObj_var
+    cloudclass = const_get("MU").const_get("Cloud").const_get(MU.myCloud)
+    @@myVPCObj_var ||= cloudclass.myVPCObj
+    @@myVPCObj_var
+  end
+  @@myVPC_var = nil
+  # The VPC/Network in which this Mu master resides
+  def self.myVPC
+    return nil if MU.myCloud.nil?
+    return @@myVPC_var if @@myVPC_var
+    my_vpc_desc = MU.myVPCObj
+    @@myVPC_var ||= my_vpc_desc.cloud_id if my_vpc_desc
+    @@myVPC_var
   end
   # Mu's SSL certificate directory
@@ -590,20 +939,20 @@ module MU
   # @return [Boolean]
   def self.hashCmp(hash1, hash2, missing_is_default: false)
     return false if hash1.nil?
-    hash2.each_pair { |k, v|
+    hash2.keys.each { |k|
       if hash1[k].nil?
         return false
       end
     }
     if !missing_is_default
-      hash1.each_pair { |k, v|
+      hash1.keys.each { |k|
         if hash2[k].nil?
           return false
         end
       }
     end
-    hash1.each_pair { |k, v|
+    hash1.keys.each { |k|
       if hash1[k].is_a?(Array)
         return false if !missing_is_default and hash2[k].nil?
         if !hash2[k].nil?
@@ -654,75 +1003,21 @@ module MU
   end
-  # Recursively turn a Ruby OpenStruct into a Hash
-  # @param struct [OpenStruct]
-  # @param stringify_keys [Boolean]
-  # @return [Hash]
-  def self.structToHash(struct, stringify_keys: false)
-    google_struct = false
-    begin
-      google_struct = struct.class.ancestors.include?(::Google::Apis::Core::Hashable)
-    rescue NameError
-    end
-    aws_struct = false
-    begin
-      aws_struct = struct.class.ancestors.include?(::Seahorse::Client::Response)
-    rescue NameError
-    end
-    if struct.is_a?(Struct) or struct.class.ancestors.include?(Struct) or
-       google_struct or aws_struct
-      hash = struct.to_h
-      if stringify_keys
-        newhash = {}
-        hash.each_pair { |k, v|
-          newhash[k.to_s] = v
-        }
-        hash = newhash
-      end
-      hash.each_pair { |key, value|
-        hash[key] = self.structToHash(value, stringify_keys: stringify_keys)
-      }
-      return hash
-    elsif struct.is_a?(Hash)
-      if stringify_keys
-        newhash = {}
-        struct.each_pair { |k, v|
-          newhash[k.to_s] = v
-        }
-        struct = newhash
-      end
-      struct.each_pair { |key, value|
-        struct[key] = self.structToHash(value, stringify_keys: stringify_keys)
-      }
-      return struct
-    elsif struct.is_a?(Array)
-      struct.map! { |elt|
-        self.structToHash(elt, stringify_keys: stringify_keys)
-      }
-    else
-      return struct
-    end
-  end
   # Generate a random password which will satisfy the complexity requirements of stock Amazon Windows AMIs.
   # return [String]: A password string.
-  def self.generateWindowsPassword
+  def self.generateWindowsPassword(safe_pattern: '~!@#%^&*_-+=`|(){}[]:;<>,.?', retries: 25)
     # We have dopey complexity requirements, be stringent here.
     # I'll be nice and not condense this into one elegant-but-unreadable regular expression
     attempts = 0
-    safe_metachars = Regexp.escape('~!@#%^&*_-+=`|(){}[]:;<>,.?')
+    safe_metachars = Regexp.escape(safe_pattern)
     begin
-      if attempts > 25
+      if attempts > retries
         MU.log "Failed to generate an adequate Windows password after #{attempts}", MU::ERR
         raise MuError, "Failed to generate an adequate Windows password after #{attempts}"
       end
       winpass = Password.random(14..16)
       attempts += 1
-    end while winpass.nil? or !winpass.match(/[A-Z]/) or !winpass.match(/[a-z]/) or !winpass.match(/\d/) or !winpass.match(/[#{safe_metachars}]/) or winpass.match(/[^\w\d#{safe_metachars}]/)
+    end while winpass.nil? or !winpass.match(/^[a-z]/i) or !winpass.match(/[A-Z]/) or !winpass.match(/[a-z]/) or !winpass.match(/\d/) or !winpass.match(/[#{safe_metachars}]/) or winpass.match(/[^\w\d#{safe_metachars}]/)
     MU.log "Generated Windows password after #{attempts} attempts", MU::DEBUG
     return winpass