cloud-mu 3.0.0beta → 3.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +17 -8
- data/ansible/roles/mu-nat/README.md +33 -0
- data/ansible/roles/mu-nat/defaults/main.yml +3 -0
- data/ansible/roles/mu-nat/handlers/main.yml +2 -0
- data/ansible/roles/mu-nat/meta/main.yml +60 -0
- data/ansible/roles/mu-nat/tasks/main.yml +65 -0
- data/ansible/roles/mu-nat/tests/inventory +2 -0
- data/ansible/roles/mu-nat/tests/test.yml +5 -0
- data/ansible/roles/mu-nat/vars/main.yml +2 -0
- data/bin/mu-cleanup +2 -1
- data/bin/mu-configure +950 -948
- data/bin/mu-gen-docs +6 -0
- data/cloud-mu.gemspec +2 -2
- data/cookbooks/mu-tools/recipes/gcloud.rb +8 -1
- data/modules/mommacat.ru +1 -1
- data/modules/mu.rb +31 -39
- data/modules/mu/cloud.rb +11 -1
- data/modules/mu/clouds/aws.rb +8 -3
- data/modules/mu/clouds/aws/alarm.rb +5 -8
- data/modules/mu/clouds/aws/bucket.rb +15 -9
- data/modules/mu/clouds/aws/cache_cluster.rb +60 -26
- data/modules/mu/clouds/aws/collection.rb +4 -4
- data/modules/mu/clouds/aws/container_cluster.rb +50 -33
- data/modules/mu/clouds/aws/database.rb +25 -21
- data/modules/mu/clouds/aws/dnszone.rb +12 -14
- data/modules/mu/clouds/aws/endpoint.rb +5 -8
- data/modules/mu/clouds/aws/firewall_rule.rb +9 -4
- data/modules/mu/clouds/aws/folder.rb +4 -7
- data/modules/mu/clouds/aws/function.rb +5 -8
- data/modules/mu/clouds/aws/group.rb +5 -8
- data/modules/mu/clouds/aws/habitat.rb +2 -5
- data/modules/mu/clouds/aws/loadbalancer.rb +12 -16
- data/modules/mu/clouds/aws/log.rb +6 -9
- data/modules/mu/clouds/aws/msg_queue.rb +16 -19
- data/modules/mu/clouds/aws/nosqldb.rb +27 -18
- data/modules/mu/clouds/aws/notifier.rb +6 -9
- data/modules/mu/clouds/aws/role.rb +4 -7
- data/modules/mu/clouds/aws/search_domain.rb +50 -23
- data/modules/mu/clouds/aws/server.rb +20 -14
- data/modules/mu/clouds/aws/server_pool.rb +22 -12
- data/modules/mu/clouds/aws/storage_pool.rb +9 -14
- data/modules/mu/clouds/aws/user.rb +5 -8
- data/modules/mu/clouds/aws/userdata/linux.erb +7 -1
- data/modules/mu/clouds/aws/vpc.rb +16 -14
- data/modules/mu/clouds/azure.rb +1 -1
- data/modules/mu/clouds/azure/container_cluster.rb +1 -1
- data/modules/mu/clouds/azure/server.rb +16 -2
- data/modules/mu/clouds/azure/user.rb +1 -1
- data/modules/mu/clouds/azure/userdata/linux.erb +84 -80
- data/modules/mu/clouds/azure/vpc.rb +32 -13
- data/modules/mu/clouds/cloudformation/server.rb +1 -1
- data/modules/mu/clouds/google.rb +2 -3
- data/modules/mu/clouds/google/container_cluster.rb +9 -1
- data/modules/mu/clouds/google/firewall_rule.rb +6 -0
- data/modules/mu/clouds/google/role.rb +1 -3
- data/modules/mu/clouds/google/server.rb +25 -4
- data/modules/mu/clouds/google/user.rb +1 -1
- data/modules/mu/clouds/google/userdata/linux.erb +9 -5
- data/modules/mu/clouds/google/vpc.rb +102 -21
- data/modules/mu/config.rb +250 -49
- data/modules/mu/config/alarm.rb +1 -0
- data/modules/mu/config/container_cluster.yml +0 -1
- data/modules/mu/config/database.yml +4 -1
- data/modules/mu/config/search_domain.yml +4 -3
- data/modules/mu/config/server.rb +7 -3
- data/modules/mu/config/server.yml +4 -1
- data/modules/mu/config/server_pool.yml +2 -0
- data/modules/mu/config/vpc.rb +42 -29
- data/modules/mu/deploy.rb +12 -5
- data/modules/mu/groomers/ansible.rb +4 -1
- data/modules/mu/groomers/chef.rb +5 -1
- data/modules/mu/kittens.rb +60 -11
- data/modules/mu/logger.rb +6 -4
- data/modules/mu/mommacat.rb +39 -19
- data/modules/mu/mu.yaml.rb +276 -0
- metadata +13 -4
data/modules/mu/logger.rb
CHANGED
@@ -33,6 +33,7 @@ module MU
|
|
33
33
|
# Show DEBUG log entries and extra call stack and threading info
|
34
34
|
LOUD = 2.freeze
|
35
35
|
|
36
|
+
attr_accessor :verbosity
|
36
37
|
@verbosity = MU::Logger::NORMAL
|
37
38
|
@quiet = false
|
38
39
|
@html = false
|
@@ -52,7 +53,6 @@ module MU
|
|
52
53
|
end
|
53
54
|
|
54
55
|
attr_reader :summary
|
55
|
-
attr_accessor :verbosity
|
56
56
|
attr_accessor :color
|
57
57
|
attr_accessor :quiet
|
58
58
|
attr_accessor :html
|
@@ -71,8 +71,10 @@ module MU
|
|
71
71
|
handle: @handle,
|
72
72
|
color: @color
|
73
73
|
)
|
74
|
-
verbosity
|
74
|
+
verbosity ||= @verbosity
|
75
75
|
return if verbosity == MU::Logger::SILENT
|
76
|
+
return if verbosity < MU::Logger::LOUD and level == DEBUG
|
77
|
+
return if verbosity < MU::Logger::NORMAL and level == INFO
|
76
78
|
|
77
79
|
# By which we mean, "get the filename (with the .rb stripped off) which
|
78
80
|
# originated the call to this method. Which, for our purposes, is the
|
@@ -159,7 +161,7 @@ module MU
|
|
159
161
|
else
|
160
162
|
handle.puts "#{time} - #{caller_name} - #{msg}"
|
161
163
|
end
|
162
|
-
if verbosity >= MU::Logger::
|
164
|
+
if verbosity >= MU::Logger::QUIET
|
163
165
|
if @html
|
164
166
|
html_out "#{caller_name} - #{msg}"
|
165
167
|
elsif color
|
@@ -178,7 +180,7 @@ module MU
|
|
178
180
|
else
|
179
181
|
handle.puts "#{time} - #{caller_name} - #{msg}"
|
180
182
|
end
|
181
|
-
if verbosity >= MU::Logger::
|
183
|
+
if verbosity >= MU::Logger::SILENT
|
182
184
|
if @html
|
183
185
|
html_out "#{caller_name} - #{msg}"
|
184
186
|
elsif color
|
data/modules/mu/mommacat.rb
CHANGED
@@ -238,9 +238,9 @@ module MU
|
|
238
238
|
end
|
239
239
|
credsets = {}
|
240
240
|
|
241
|
-
MU::Cloud.resource_types.values { |
|
242
|
-
if !@original_config[
|
243
|
-
@original_config[
|
241
|
+
MU::Cloud.resource_types.values.each { |attrs|
|
242
|
+
if !@original_config[attrs[:cfg_plural]].nil? and @original_config[attrs[:cfg_plural]].size > 0
|
243
|
+
@original_config[attrs[:cfg_plural]].each { |resource|
|
244
244
|
|
245
245
|
credsets[resource['cloud']] ||= []
|
246
246
|
credsets[resource['cloud']] << resource['credentials']
|
@@ -257,7 +257,6 @@ module MU
|
|
257
257
|
end
|
258
258
|
MU.log "Creating deploy secret for #{MU.deploy_id}"
|
259
259
|
@deploy_secret = Password.random(256)
|
260
|
-
|
261
260
|
if !@original_config['scrub_mu_isms']
|
262
261
|
credsets.each_pair { |cloud, creds|
|
263
262
|
creds.uniq!
|
@@ -282,7 +281,7 @@ module MU
|
|
282
281
|
loadDeploy(set_context_to_me: set_context_to_me)
|
283
282
|
if !deploy_secret.nil?
|
284
283
|
if !authKey(deploy_secret)
|
285
|
-
raise DeployInitializeError, "
|
284
|
+
raise DeployInitializeError, "Client request did not include a valid deploy authorization secret. Verify that userdata runs correctly?"
|
286
285
|
end
|
287
286
|
end
|
288
287
|
|
@@ -328,9 +327,16 @@ module MU
|
|
328
327
|
next
|
329
328
|
end
|
330
329
|
|
331
|
-
if orig_cfg['vpc']
|
332
|
-
ref =
|
333
|
-
|
330
|
+
if orig_cfg['vpc'] and orig_cfg['vpc'].is_a?(Hash)
|
331
|
+
ref = if orig_cfg['vpc']['id'] and orig_cfg['vpc']['id'].is_a?(Hash)
|
332
|
+
orig_cfg['vpc']['id']['mommacat'] = self
|
333
|
+
MU::Config::Ref.get(orig_cfg['vpc']['id'])
|
334
|
+
else
|
335
|
+
orig_cfg['vpc']['mommacat'] = self
|
336
|
+
MU::Config::Ref.get(orig_cfg['vpc'])
|
337
|
+
end
|
338
|
+
orig_cfg['vpc'].delete('mommacat')
|
339
|
+
orig_cfg['vpc'] = ref if ref.kitten
|
334
340
|
end
|
335
341
|
|
336
342
|
begin
|
@@ -921,7 +927,7 @@ module MU
|
|
921
927
|
MU.log "Creating #{ssh_dir}", MU::DEBUG
|
922
928
|
Dir.mkdir(ssh_dir, 0700)
|
923
929
|
if Process.uid == 0 and @mu_user != "mu"
|
924
|
-
|
930
|
+
File.chown(Etc.getpwnam(@mu_user).uid, Etc.getpwnam(@mu_user).gid, ssh_dir)
|
925
931
|
end
|
926
932
|
end
|
927
933
|
if !File.exist?("#{ssh_dir}/#{@ssh_key_name}")
|
@@ -1104,10 +1110,10 @@ module MU
|
|
1104
1110
|
MU::MommaCat.listDeploys.each { |deploy_id|
|
1105
1111
|
next if File.exist?(deploy_dir(deploy_id)+"/.cleanup")
|
1106
1112
|
MU.log "Checking for dead wood in #{deploy_id}", MU::DEBUG
|
1113
|
+
need_reload = false
|
1107
1114
|
@cleanup_threads << Thread.new {
|
1108
1115
|
MU.dupGlobals(parent_thread_id)
|
1109
|
-
|
1110
|
-
deploy = MU::MommaCat.getLitter(deploy_id, set_context_to_me: true, use_cache: false)
|
1116
|
+
deploy = MU::MommaCat.getLitter(deploy_id, set_context_to_me: true)
|
1111
1117
|
purged_this_deploy = 0
|
1112
1118
|
if deploy.kittens.has_key?("servers")
|
1113
1119
|
deploy.kittens["servers"].values.each { |nodeclasses|
|
@@ -1120,6 +1126,7 @@ module MU
|
|
1120
1126
|
elsif !server.active?
|
1121
1127
|
next if File.exist?(deploy_dir(deploy_id)+"/.cleanup-"+server.cloud_id)
|
1122
1128
|
deletia << mu_name
|
1129
|
+
need_reload = true
|
1123
1130
|
MU.log "Cleaning up metadata for #{server} (#{nodeclass}), formerly #{server.cloud_id}, which appears to have been terminated", MU::NOTICE
|
1124
1131
|
begin
|
1125
1132
|
server.destroy
|
@@ -1134,6 +1141,9 @@ module MU
|
|
1134
1141
|
purged_this_deploy = purged_this_deploy + 1
|
1135
1142
|
end
|
1136
1143
|
}
|
1144
|
+
deletia.each { |mu_name|
|
1145
|
+
servers.delete(mu_name)
|
1146
|
+
}
|
1137
1147
|
if purged_this_deploy > 0
|
1138
1148
|
# XXX some kind of filter (obey sync_siblings on nodes' configs)
|
1139
1149
|
deploy.syncLitter(servers.keys)
|
@@ -1141,6 +1151,10 @@ module MU
|
|
1141
1151
|
}
|
1142
1152
|
}
|
1143
1153
|
end
|
1154
|
+
if need_reload
|
1155
|
+
deploy.save!
|
1156
|
+
MU::MommaCat.getLitter(deploy_id, use_cache: false)
|
1157
|
+
end
|
1144
1158
|
MU.purgeGlobals
|
1145
1159
|
}
|
1146
1160
|
}
|
@@ -1191,7 +1205,8 @@ module MU
|
|
1191
1205
|
flags: {},
|
1192
1206
|
habitats: [],
|
1193
1207
|
dummy_ok: false,
|
1194
|
-
debug: false
|
1208
|
+
debug: false,
|
1209
|
+
no_deploy_search: false
|
1195
1210
|
)
|
1196
1211
|
start = Time.now
|
1197
1212
|
callstr = "findStray(cloud: #{cloud}, type: #{type}, deploy_id: #{deploy_id}, calling_deploy: #{calling_deploy.deploy_id if !calling_deploy.nil?}, name: #{name}, cloud_id: #{cloud_id}, tag_key: #{tag_key}, tag_value: #{tag_value}, credentials: #{credentials}, habitats: #{habitats ? habitats.to_s : "[]"}, dummy_ok: #{dummy_ok.to_s}, flags: #{flags.to_s}) from #{caller[0]}"
|
@@ -1253,7 +1268,7 @@ module MU
|
|
1253
1268
|
|
1254
1269
|
kittens = {}
|
1255
1270
|
# Search our other deploys for matching resources
|
1256
|
-
if (deploy_id or name or mu_name or cloud_id)
|
1271
|
+
if !no_deploy_search and (deploy_id or name or mu_name or cloud_id)
|
1257
1272
|
MU.log "findStray: searching my deployments (#{cfg_plural}, name: #{name}, deploy_id: #{deploy_id}, mu_name: #{mu_name}) - #{sprintf("%.2fs", (Time.now-start))}", loglevel
|
1258
1273
|
|
1259
1274
|
# Check our in-memory cache of live deploys before resorting to
|
@@ -1569,7 +1584,7 @@ end
|
|
1569
1584
|
rescue Exception => e
|
1570
1585
|
MU.log e.inspect, MU::ERR, details: e.backtrace
|
1571
1586
|
end
|
1572
|
-
MU.log "findStray: returning #{matches.size.to_s} matches - #{sprintf("%.2fs", (Time.now-start))}", loglevel
|
1587
|
+
MU.log "findStray: returning #{matches ? matches.size.to_s : "0"} matches - #{sprintf("%.2fs", (Time.now-start))}", loglevel
|
1573
1588
|
|
1574
1589
|
matches
|
1575
1590
|
end
|
@@ -2015,7 +2030,7 @@ end
|
|
2015
2030
|
return
|
2016
2031
|
end
|
2017
2032
|
if ssh_key_name.nil? or ssh_key_name.empty?
|
2018
|
-
MU.log "Failed to extract
|
2033
|
+
MU.log "Failed to extract ssh_key_name for #{ssh_key_name.mu_name} in addHostToSSHConfig", MU::ERR
|
2019
2034
|
return
|
2020
2035
|
end
|
2021
2036
|
|
@@ -2287,7 +2302,7 @@ MESSAGE_END
|
|
2287
2302
|
MU::MommaCat.listDeploys.sort.each { |deploy_id|
|
2288
2303
|
begin
|
2289
2304
|
# We don't want to use cached litter information here because this is also called by cleanTerminatedInstances.
|
2290
|
-
deploy = MU::MommaCat.getLitter(deploy_id
|
2305
|
+
deploy = MU::MommaCat.getLitter(deploy_id)
|
2291
2306
|
if deploy.ssh_key_name.nil? or deploy.ssh_key_name.empty?
|
2292
2307
|
MU.log "Failed to extract ssh key name from #{deploy_id} in syncMonitoringConfig", MU::ERR if deploy.kittens.has_key?("servers")
|
2293
2308
|
next
|
@@ -2298,6 +2313,7 @@ MESSAGE_END
|
|
2298
2313
|
deploy.kittens["servers"].values.each { |nodeclasses|
|
2299
2314
|
nodeclasses.values.each { |nodes|
|
2300
2315
|
nodes.values.each { |server|
|
2316
|
+
next if !server.cloud_desc
|
2301
2317
|
MU.dupGlobals(parent_thread_id)
|
2302
2318
|
threads << Thread.new {
|
2303
2319
|
MU::MommaCat.setThreadContext(deploy)
|
@@ -2528,10 +2544,14 @@ MESSAGE_END
|
|
2528
2544
|
update_servers.each { |node|
|
2529
2545
|
# Not clear where this pollution comes from, but let's stick a temp
|
2530
2546
|
# fix in here.
|
2531
|
-
if node.deploydata['nodename'] != node.mu_name
|
2547
|
+
if node.deploydata['nodename'] != node.mu_name and
|
2548
|
+
!node.deploydata['nodename'].nil? and !node.deploydata['nodename'].emty?
|
2532
2549
|
MU.log "Node #{node.mu_name} had wrong or missing nodename (#{node.deploydata['nodename']}), correcting", MU::WARN
|
2533
2550
|
node.deploydata['nodename'] = node.mu_name
|
2534
|
-
@deployment[svrs][node.config['name']]
|
2551
|
+
if @deployment[svrs] and @deployment[svrs][node.config['name']] and
|
2552
|
+
@deployment[svrs][node.config['name']][node.mu_name]
|
2553
|
+
@deployment[svrs][node.config['name']][node.mu_name]['nodename'] = node.mu_name
|
2554
|
+
end
|
2535
2555
|
save!
|
2536
2556
|
end
|
2537
2557
|
}
|
@@ -2670,7 +2690,7 @@ MESSAGE_END
|
|
2670
2690
|
Dir.chdir(MU.myRoot+"/modules")
|
2671
2691
|
|
2672
2692
|
# XXX what's the safest way to find the 'bundle' executable in both gem and non-gem installs?
|
2673
|
-
cmd = %Q{bundle exec thin --threaded --daemonize --port #{MU.mommaCatPort} --pid #{daemonPidFile} --log #{daemonLogFile} --ssl --ssl-key-file #{MU.
|
2693
|
+
cmd = %Q{bundle exec thin --threaded --daemonize --port #{MU.mommaCatPort} --pid #{daemonPidFile} --log #{daemonLogFile} --ssl --ssl-key-file #{MU.muCfg['ssl']['key']} --ssl-cert-file #{MU.muCfg['ssl']['cert']} --ssl-disable-verify --tag mu-momma-cat -R mommacat.ru start}
|
2674
2694
|
MU.log cmd, MU::NOTICE
|
2675
2695
|
output = %x{#{cmd}}
|
2676
2696
|
Dir.chdir(origdir)
|
@@ -0,0 +1,276 @@
|
|
1
|
+
# Configuration schema for mu.yaml. See also {https://github.com/cloudamatic/mu/wiki/Configuration the Mu wiki}.
|
2
|
+
#
|
3
|
+
# Example:
|
4
|
+
#
|
5
|
+
# <pre>
|
6
|
+
# ---
|
7
|
+
# public_address: 1.2.3.4
|
8
|
+
# mu_admin_email: egtlabs@eglobaltech.com
|
9
|
+
# mu_admin_name: Joe Schmoe
|
10
|
+
# mommacat_port: 2260
|
11
|
+
# banner: My Example Mu Master
|
12
|
+
# mu_repository: git://github.com/cloudamatic/mu.git
|
13
|
+
# repos:
|
14
|
+
# - https://github.com/cloudamatic/mu_demo_platform
|
15
|
+
# allow_invade_foreign_vpcs: true
|
16
|
+
# ansible_dir:
|
17
|
+
# aws:
|
18
|
+
# egtdev:
|
19
|
+
# region: us-east-1
|
20
|
+
# log_bucket_name: egt-mu-log-bucket
|
21
|
+
# default: true
|
22
|
+
# name: egtdev
|
23
|
+
# personal:
|
24
|
+
# region: us-east-2
|
25
|
+
# log_bucket_name: my-mu-log-bucket
|
26
|
+
# name: personal
|
27
|
+
# google:
|
28
|
+
# egtlabs:
|
29
|
+
# project: egt-labs-admin
|
30
|
+
# credentials_file: /opt/mu/etc/google.json
|
31
|
+
# region: us-east4
|
32
|
+
# log_bucket_name: hexabucket-761234
|
33
|
+
# default: true
|
34
|
+
# </pre>
|
35
|
+
module MuYAML
|
36
|
+
# The configuration file format for Mu's main config file.
|
37
|
+
# Amazon Web Services
|
38
|
+
class aws
|
39
|
+
# @!group Required parameters
|
40
|
+
|
41
|
+
# **REQUIRED** -
|
42
|
+
# S3 bucket into which we'll synchronize deploy secrets, and if we're hosted in AWS, collected system logs
|
43
|
+
#
|
44
|
+
# @return [String]
|
45
|
+
attr_accessor :log_bucket_name
|
46
|
+
# @!endgroup
|
47
|
+
# @!group Optional parameters
|
48
|
+
|
49
|
+
# **Must match pattern `(?i-mx:^[a-z0-9]+$)`** -
|
50
|
+
# Credentials used for accessing the AWS API (looks like: AKIAINWLOOAA24PBRBZA)
|
51
|
+
#
|
52
|
+
# @return [String]
|
53
|
+
attr_accessor :access_key
|
54
|
+
|
55
|
+
# Credentials used for accessing the AWS API (looks like: +Z16iRP9QAq7EcjHINyEMs3oR7A76QpfaSgCBogp).
|
56
|
+
#
|
57
|
+
# @return [String]
|
58
|
+
attr_accessor :access_secret
|
59
|
+
|
60
|
+
# **Must match pattern `(?-mix:^\d+$)`** -
|
61
|
+
# Default target account for resources managed using these credentials. This is an AWS account number, e.g. 918972669773. If not specified, we will use the account number which owns these API keys.
|
62
|
+
#
|
63
|
+
# @return [String]
|
64
|
+
attr_accessor :account_number
|
65
|
+
|
66
|
+
# A secure Chef vault and item from which to retrieve an AWS access key and secret. The vault item should have 'access_key' and 'access_secret' elements.
|
67
|
+
#
|
68
|
+
# @return [String]
|
69
|
+
attr_accessor :credentials
|
70
|
+
|
71
|
+
# An INI-formatted AWS credentials file, of the type used by the AWS command-line tools. This is less secure than using 'credentials' to store these in a Chef vault. See: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html
|
72
|
+
#
|
73
|
+
# @return [String]
|
74
|
+
attr_accessor :credentials_file
|
75
|
+
|
76
|
+
# **Default: `false`** -
|
77
|
+
# If set to true, Mu will default to these AWS credentials when targeting AWS resources
|
78
|
+
#
|
79
|
+
# @return [Boolean]
|
80
|
+
attr_accessor :default
|
81
|
+
|
82
|
+
# Default Amazon Web Services region in which these credentials should operate
|
83
|
+
#
|
84
|
+
# @return [String]
|
85
|
+
attr_accessor :region
|
86
|
+
# @!endgroup
|
87
|
+
end
|
88
|
+
# Microsoft Azure Cloud Computing Platform & Services
|
89
|
+
class azure
|
90
|
+
# @!group Optional parameters
|
91
|
+
|
92
|
+
# App client id used to authenticate to our subscription. From https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview
|
93
|
+
#
|
94
|
+
# @return [String]
|
95
|
+
attr_accessor :client_id
|
96
|
+
|
97
|
+
# App client secret used to authenticate to our subscription. From https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview under the 'Certificates & secrets' tab, 'Client secrets.' This can only be retrieved upon initial secret creation.
|
98
|
+
#
|
99
|
+
# @return [String]
|
100
|
+
attr_accessor :client_secret
|
101
|
+
|
102
|
+
# JSON file which contains a hash of directory_id, client_id, client_secret, and subscription values. If found, these will be override values entered directly in mu-configure.
|
103
|
+
#
|
104
|
+
# @return [String]
|
105
|
+
attr_accessor :credentials_file
|
106
|
+
|
107
|
+
# **Default: `false`** -
|
108
|
+
# If set to true, Mu will use this set of Azure credentials when targeting Azure without a specific account having been requested
|
109
|
+
#
|
110
|
+
# @return [Boolean]
|
111
|
+
attr_accessor :default
|
112
|
+
|
113
|
+
# AKA Tenant ID; the default Microsoft Azure Directory project in which we operate and deploy, from https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview
|
114
|
+
#
|
115
|
+
# @return [String]
|
116
|
+
attr_accessor :directory_id
|
117
|
+
|
118
|
+
# **Default: `eastus`** -
|
119
|
+
# Default Microsoft Azure region in which we operate and deploy
|
120
|
+
#
|
121
|
+
# @return [String]
|
122
|
+
attr_accessor :region
|
123
|
+
|
124
|
+
# Default Microsoft Azure Subscription we will use to deploy, from https://portal.azure.com/#blade/Microsoft_Azure_Billing/SubscriptionsBlade
|
125
|
+
#
|
126
|
+
# @return [String]
|
127
|
+
attr_accessor :subscription
|
128
|
+
# @!endgroup
|
129
|
+
end
|
130
|
+
# Google Cloud Platform
|
131
|
+
class google
|
132
|
+
# @!group Required parameters
|
133
|
+
|
134
|
+
# **REQUIRED** -
|
135
|
+
# Cloud Storage bucket into which we'll synchronize deploy secrets, and if we're hosted in GCP, collected system logs
|
136
|
+
#
|
137
|
+
# @return [String]
|
138
|
+
attr_accessor :log_bucket_name
|
139
|
+
|
140
|
+
# **REQUIRED** -
|
141
|
+
# Default Google Cloud Platform project in which we operate and deploy. Generate a service account at: https://console.cloud.google.com/iam-admin/serviceaccounts/project, making sure the account has sufficient privileges to manage cloud resources. Download the private key as JSON, and import that key to the vault specified here. Import example: knife vault create secrets google -J my-google-service-account.json
|
142
|
+
#
|
143
|
+
# @return [String]
|
144
|
+
attr_accessor :project
|
145
|
+
# @!endgroup
|
146
|
+
# @!group Optional parameters
|
147
|
+
|
148
|
+
# A secure Chef vault and item from which to retrieve the JSON-formatted Service Account credentials for our GCP account, in the format vault:itemname (e.g. 'secrets:google'). Generate a service account at: https://console.cloud.google.com/iam-admin/serviceaccounts/project, making sure the account has sufficient privileges to manage cloud resources. Download the private key as JSON, and import that key to the vault specified here. Import example: knife vault create secrets google -J my-google-service-account.json
|
149
|
+
#
|
150
|
+
# @return [String]
|
151
|
+
attr_accessor :credentials
|
152
|
+
|
153
|
+
# JSON-formatted Service Account credentials for our GCP account, b64-encoded and dropped directly into mu.yaml. Generate a service account at: https://console.cloud.google.com/iam-admin/serviceaccounts/project, making sure the account has sufficient privileges to manage cloud resources. Download the private key as JSON and point this argument to the file. This is less secure than using 'credentials' to store in a vault.
|
154
|
+
#
|
155
|
+
# @return [String]
|
156
|
+
attr_accessor :credentials_encoded
|
157
|
+
|
158
|
+
# JSON-formatted Service Account credentials for our GCP account, stored in plain text in a file. Generate a service account at: https://console.cloud.google.com/iam-admin/serviceaccounts/project, making sure the account has sufficient privileges to manage cloud resources. Download the private key as JSON and point this argument to the file. This is less secure than using 'credentials' to store in a vault.
|
159
|
+
#
|
160
|
+
# @return [String]
|
161
|
+
attr_accessor :credentials_file
|
162
|
+
|
163
|
+
# For Google Cloud projects which are attached to a GSuite domain. Some API calls (groups, users, etc) require this identifier. From admin.google.com, choose Security, the Single Sign On, and look for the Entity ID field. The value after idpid= in the URL there should be the customer ID.
|
164
|
+
#
|
165
|
+
# @return [String]
|
166
|
+
attr_accessor :customer_id
|
167
|
+
|
168
|
+
# **Default: `false`** -
|
169
|
+
# If set to true, Mu will use this set of GCP credentials when targeting the Google Cloud without a specific account having been requested
|
170
|
+
#
|
171
|
+
# @return [Boolean]
|
172
|
+
attr_accessor :default
|
173
|
+
|
174
|
+
# For Google Cloud projects which are attached to a GSuite domain. GCP service accounts cannot view or manage GSuite resources (groups, users, etc) directly, but must instead masquerade as a GSuite user which has delegated authority to the service account. See also: https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority
|
175
|
+
#
|
176
|
+
# @return [String]
|
177
|
+
attr_accessor :masequerade_as
|
178
|
+
|
179
|
+
# **Default: `us-east4`** -
|
180
|
+
# Default Google Cloud Platform region in which we operate and deploy
|
181
|
+
#
|
182
|
+
# @return [String]
|
183
|
+
attr_accessor :region
|
184
|
+
# @!endgroup
|
185
|
+
end
|
186
|
+
# @!group Required parameters
|
187
|
+
|
188
|
+
# **REQUIRED**,
|
189
|
+
# **Must match pattern `(?i-mx:^[a-z0-9\-_]+$)`** -
|
190
|
+
# The local system's value for HOSTNAME
|
191
|
+
#
|
192
|
+
# @return [String]
|
193
|
+
attr_accessor :hostname
|
194
|
+
|
195
|
+
# **REQUIRED**,
|
196
|
+
# **Must match pattern `(?i-mx:\A([\w+\-].?)+@[a-z\d\-]+(\.[a-z]+)*\.[a-z]+\z)`** -
|
197
|
+
# Administative contact email
|
198
|
+
#
|
199
|
+
# @return [String]
|
200
|
+
attr_accessor :mu_admin_email
|
201
|
+
|
202
|
+
# **REQUIRED**,
|
203
|
+
# **Must match pattern `(?-mix:^(127\.0\.0\.1|localhost)$)`** -
|
204
|
+
# IP address or hostname
|
205
|
+
#
|
206
|
+
# @return [String]
|
207
|
+
attr_accessor :public_address
|
208
|
+
# @!endgroup
|
209
|
+
# @!group Optional parameters
|
210
|
+
|
211
|
+
# If set to true, Mu will be allowed to modify routing and peering behavior of VPCs which it did not create, but for which it has permissions.
|
212
|
+
#
|
213
|
+
# @return [Boolean]
|
214
|
+
attr_accessor :allow_invade_foreign_vpcs
|
215
|
+
|
216
|
+
# Intended for use with minimal installs which use Ansible as a groomer and which do not store Ansible artifacts in a dedicated git repository. This allows simply pointing to a local directory.
|
217
|
+
#
|
218
|
+
# @return [String]
|
219
|
+
attr_accessor :ansible_dir
|
220
|
+
|
221
|
+
# Amazon Web Services
|
222
|
+
#
|
223
|
+
# @return [aws]
|
224
|
+
# @see aws
|
225
|
+
attr_accessor :aws
|
226
|
+
|
227
|
+
# Microsoft Azure Cloud Computing Platform & Services
|
228
|
+
#
|
229
|
+
# @return [azure]
|
230
|
+
# @see azure
|
231
|
+
attr_accessor :azure
|
232
|
+
|
233
|
+
# Login banner, displayed in various locations
|
234
|
+
#
|
235
|
+
# @return [String]
|
236
|
+
attr_accessor :banner
|
237
|
+
|
238
|
+
# Google Cloud Platform
|
239
|
+
#
|
240
|
+
# @return [google]
|
241
|
+
# @see google
|
242
|
+
attr_accessor :google
|
243
|
+
|
244
|
+
# Optional extra Chef roles or recipes to invoke when running chef-client on this Master (ex: recipe[mycookbook::mumaster])
|
245
|
+
#
|
246
|
+
# @return [Array<String>]
|
247
|
+
attr_accessor :master_runlist_extras
|
248
|
+
|
249
|
+
# **Default: `2260`**,
|
250
|
+
# **Must match pattern `(?i-mx:^[0-9]+$)`** -
|
251
|
+
# Listen port for the Momma Cat grooming daemon
|
252
|
+
#
|
253
|
+
# @return [String]
|
254
|
+
attr_accessor :mommacat_port
|
255
|
+
|
256
|
+
# **Default: `Mu Administrator`** -
|
257
|
+
# Administative contact's full name
|
258
|
+
#
|
259
|
+
# @return [String]
|
260
|
+
attr_accessor :mu_admin_name
|
261
|
+
|
262
|
+
# **Default: `git://github.com/cloudamatic/mu.git`**,
|
263
|
+
# **Must match pattern `(?-mix:(((git|ssh|http(s)?)|(git@[\w\.]+))(:(\/\/)?))?([\w\.@\:\/\-~]+)(\.git)?(\/)?)`** -
|
264
|
+
# Source repository for Mu tools
|
265
|
+
#
|
266
|
+
# @return [String]
|
267
|
+
attr_accessor :mu_repository
|
268
|
+
|
269
|
+
# **Default: `["https://github.com/cloudamatic/mu_demo_platform"]`**,
|
270
|
+
# **Must match pattern `(?-mix:(((git|ssh|http(s)?)|(git@[\w\.]+))(:(\/\/)?))?([\w\.@\:\/\-~]+)(\.git)?(\/)?)`** -
|
271
|
+
# Optional platform repositories, as a Git URL or Github repo name (ex: eGT-Labs/fema_platform.git)
|
272
|
+
#
|
273
|
+
# @return [Array<String>]
|
274
|
+
attr_accessor :repos
|
275
|
+
# @!endgroup
|
276
|
+
end
|