cloud-mu 3.0.0beta → 3.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (77) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +17 -8
  3. data/ansible/roles/mu-nat/README.md +33 -0
  4. data/ansible/roles/mu-nat/defaults/main.yml +3 -0
  5. data/ansible/roles/mu-nat/handlers/main.yml +2 -0
  6. data/ansible/roles/mu-nat/meta/main.yml +60 -0
  7. data/ansible/roles/mu-nat/tasks/main.yml +65 -0
  8. data/ansible/roles/mu-nat/tests/inventory +2 -0
  9. data/ansible/roles/mu-nat/tests/test.yml +5 -0
  10. data/ansible/roles/mu-nat/vars/main.yml +2 -0
  11. data/bin/mu-cleanup +2 -1
  12. data/bin/mu-configure +950 -948
  13. data/bin/mu-gen-docs +6 -0
  14. data/cloud-mu.gemspec +2 -2
  15. data/cookbooks/mu-tools/recipes/gcloud.rb +8 -1
  16. data/modules/mommacat.ru +1 -1
  17. data/modules/mu.rb +31 -39
  18. data/modules/mu/cloud.rb +11 -1
  19. data/modules/mu/clouds/aws.rb +8 -3
  20. data/modules/mu/clouds/aws/alarm.rb +5 -8
  21. data/modules/mu/clouds/aws/bucket.rb +15 -9
  22. data/modules/mu/clouds/aws/cache_cluster.rb +60 -26
  23. data/modules/mu/clouds/aws/collection.rb +4 -4
  24. data/modules/mu/clouds/aws/container_cluster.rb +50 -33
  25. data/modules/mu/clouds/aws/database.rb +25 -21
  26. data/modules/mu/clouds/aws/dnszone.rb +12 -14
  27. data/modules/mu/clouds/aws/endpoint.rb +5 -8
  28. data/modules/mu/clouds/aws/firewall_rule.rb +9 -4
  29. data/modules/mu/clouds/aws/folder.rb +4 -7
  30. data/modules/mu/clouds/aws/function.rb +5 -8
  31. data/modules/mu/clouds/aws/group.rb +5 -8
  32. data/modules/mu/clouds/aws/habitat.rb +2 -5
  33. data/modules/mu/clouds/aws/loadbalancer.rb +12 -16
  34. data/modules/mu/clouds/aws/log.rb +6 -9
  35. data/modules/mu/clouds/aws/msg_queue.rb +16 -19
  36. data/modules/mu/clouds/aws/nosqldb.rb +27 -18
  37. data/modules/mu/clouds/aws/notifier.rb +6 -9
  38. data/modules/mu/clouds/aws/role.rb +4 -7
  39. data/modules/mu/clouds/aws/search_domain.rb +50 -23
  40. data/modules/mu/clouds/aws/server.rb +20 -14
  41. data/modules/mu/clouds/aws/server_pool.rb +22 -12
  42. data/modules/mu/clouds/aws/storage_pool.rb +9 -14
  43. data/modules/mu/clouds/aws/user.rb +5 -8
  44. data/modules/mu/clouds/aws/userdata/linux.erb +7 -1
  45. data/modules/mu/clouds/aws/vpc.rb +16 -14
  46. data/modules/mu/clouds/azure.rb +1 -1
  47. data/modules/mu/clouds/azure/container_cluster.rb +1 -1
  48. data/modules/mu/clouds/azure/server.rb +16 -2
  49. data/modules/mu/clouds/azure/user.rb +1 -1
  50. data/modules/mu/clouds/azure/userdata/linux.erb +84 -80
  51. data/modules/mu/clouds/azure/vpc.rb +32 -13
  52. data/modules/mu/clouds/cloudformation/server.rb +1 -1
  53. data/modules/mu/clouds/google.rb +2 -3
  54. data/modules/mu/clouds/google/container_cluster.rb +9 -1
  55. data/modules/mu/clouds/google/firewall_rule.rb +6 -0
  56. data/modules/mu/clouds/google/role.rb +1 -3
  57. data/modules/mu/clouds/google/server.rb +25 -4
  58. data/modules/mu/clouds/google/user.rb +1 -1
  59. data/modules/mu/clouds/google/userdata/linux.erb +9 -5
  60. data/modules/mu/clouds/google/vpc.rb +102 -21
  61. data/modules/mu/config.rb +250 -49
  62. data/modules/mu/config/alarm.rb +1 -0
  63. data/modules/mu/config/container_cluster.yml +0 -1
  64. data/modules/mu/config/database.yml +4 -1
  65. data/modules/mu/config/search_domain.yml +4 -3
  66. data/modules/mu/config/server.rb +7 -3
  67. data/modules/mu/config/server.yml +4 -1
  68. data/modules/mu/config/server_pool.yml +2 -0
  69. data/modules/mu/config/vpc.rb +42 -29
  70. data/modules/mu/deploy.rb +12 -5
  71. data/modules/mu/groomers/ansible.rb +4 -1
  72. data/modules/mu/groomers/chef.rb +5 -1
  73. data/modules/mu/kittens.rb +60 -11
  74. data/modules/mu/logger.rb +6 -4
  75. data/modules/mu/mommacat.rb +39 -19
  76. data/modules/mu/mu.yaml.rb +276 -0
  77. metadata +13 -4
@@ -33,6 +33,7 @@ module MU
33
33
  # Show DEBUG log entries and extra call stack and threading info
34
34
  LOUD = 2.freeze
35
35
 
36
+ attr_accessor :verbosity
36
37
  @verbosity = MU::Logger::NORMAL
37
38
  @quiet = false
38
39
  @html = false
@@ -52,7 +53,6 @@ module MU
52
53
  end
53
54
 
54
55
  attr_reader :summary
55
- attr_accessor :verbosity
56
56
  attr_accessor :color
57
57
  attr_accessor :quiet
58
58
  attr_accessor :html
@@ -71,8 +71,10 @@ module MU
71
71
  handle: @handle,
72
72
  color: @color
73
73
  )
74
- verbosity = MU::Logger::NORMAL if verbosity.nil?
74
+ verbosity ||= @verbosity
75
75
  return if verbosity == MU::Logger::SILENT
76
+ return if verbosity < MU::Logger::LOUD and level == DEBUG
77
+ return if verbosity < MU::Logger::NORMAL and level == INFO
76
78
 
77
79
  # By which we mean, "get the filename (with the .rb stripped off) which
78
80
  # originated the call to this method. Which, for our purposes, is the
@@ -159,7 +161,7 @@ module MU
159
161
  else
160
162
  handle.puts "#{time} - #{caller_name} - #{msg}"
161
163
  end
162
- if verbosity >= MU::Logger::LOUD
164
+ if verbosity >= MU::Logger::QUIET
163
165
  if @html
164
166
  html_out "#{caller_name} - #{msg}"
165
167
  elsif color
@@ -178,7 +180,7 @@ module MU
178
180
  else
179
181
  handle.puts "#{time} - #{caller_name} - #{msg}"
180
182
  end
181
- if verbosity >= MU::Logger::LOUD
183
+ if verbosity >= MU::Logger::SILENT
182
184
  if @html
183
185
  html_out "#{caller_name} - #{msg}"
184
186
  elsif color
@@ -238,9 +238,9 @@ module MU
238
238
  end
239
239
  credsets = {}
240
240
 
241
- MU::Cloud.resource_types.values { |data|
242
- if !@original_config[data[:cfg_plural]].nil? and @original_config[data[:cfg_plural]].size > 0
243
- @original_config[data[:cfg_plural]].each { |resource|
241
+ MU::Cloud.resource_types.values.each { |attrs|
242
+ if !@original_config[attrs[:cfg_plural]].nil? and @original_config[attrs[:cfg_plural]].size > 0
243
+ @original_config[attrs[:cfg_plural]].each { |resource|
244
244
 
245
245
  credsets[resource['cloud']] ||= []
246
246
  credsets[resource['cloud']] << resource['credentials']
@@ -257,7 +257,6 @@ module MU
257
257
  end
258
258
  MU.log "Creating deploy secret for #{MU.deploy_id}"
259
259
  @deploy_secret = Password.random(256)
260
-
261
260
  if !@original_config['scrub_mu_isms']
262
261
  credsets.each_pair { |cloud, creds|
263
262
  creds.uniq!
@@ -282,7 +281,7 @@ module MU
282
281
  loadDeploy(set_context_to_me: set_context_to_me)
283
282
  if !deploy_secret.nil?
284
283
  if !authKey(deploy_secret)
285
- raise DeployInitializeError, "Invalid or incorrect deploy key."
284
+ raise DeployInitializeError, "Client request did not include a valid deploy authorization secret. Verify that userdata runs correctly?"
286
285
  end
287
286
  end
288
287
 
@@ -328,9 +327,16 @@ module MU
328
327
  next
329
328
  end
330
329
 
331
- if orig_cfg['vpc']
332
- ref = MU::Config::Ref.get(orig_cfg['vpc'])
333
- orig_cfg['vpc']['id'] = ref if ref.kitten
330
+ if orig_cfg['vpc'] and orig_cfg['vpc'].is_a?(Hash)
331
+ ref = if orig_cfg['vpc']['id'] and orig_cfg['vpc']['id'].is_a?(Hash)
332
+ orig_cfg['vpc']['id']['mommacat'] = self
333
+ MU::Config::Ref.get(orig_cfg['vpc']['id'])
334
+ else
335
+ orig_cfg['vpc']['mommacat'] = self
336
+ MU::Config::Ref.get(orig_cfg['vpc'])
337
+ end
338
+ orig_cfg['vpc'].delete('mommacat')
339
+ orig_cfg['vpc'] = ref if ref.kitten
334
340
  end
335
341
 
336
342
  begin
@@ -921,7 +927,7 @@ module MU
921
927
  MU.log "Creating #{ssh_dir}", MU::DEBUG
922
928
  Dir.mkdir(ssh_dir, 0700)
923
929
  if Process.uid == 0 and @mu_user != "mu"
924
- ssh_dir.chown(Etc.getpwnam(@mu_user).uid, Etc.getpwnam(@mu_user).gid)
930
+ File.chown(Etc.getpwnam(@mu_user).uid, Etc.getpwnam(@mu_user).gid, ssh_dir)
925
931
  end
926
932
  end
927
933
  if !File.exist?("#{ssh_dir}/#{@ssh_key_name}")
@@ -1104,10 +1110,10 @@ module MU
1104
1110
  MU::MommaCat.listDeploys.each { |deploy_id|
1105
1111
  next if File.exist?(deploy_dir(deploy_id)+"/.cleanup")
1106
1112
  MU.log "Checking for dead wood in #{deploy_id}", MU::DEBUG
1113
+ need_reload = false
1107
1114
  @cleanup_threads << Thread.new {
1108
1115
  MU.dupGlobals(parent_thread_id)
1109
- # We can't use cached litter information because we will then try to delete the same node over and over again until we restart the service
1110
- deploy = MU::MommaCat.getLitter(deploy_id, set_context_to_me: true, use_cache: false)
1116
+ deploy = MU::MommaCat.getLitter(deploy_id, set_context_to_me: true)
1111
1117
  purged_this_deploy = 0
1112
1118
  if deploy.kittens.has_key?("servers")
1113
1119
  deploy.kittens["servers"].values.each { |nodeclasses|
@@ -1120,6 +1126,7 @@ module MU
1120
1126
  elsif !server.active?
1121
1127
  next if File.exist?(deploy_dir(deploy_id)+"/.cleanup-"+server.cloud_id)
1122
1128
  deletia << mu_name
1129
+ need_reload = true
1123
1130
  MU.log "Cleaning up metadata for #{server} (#{nodeclass}), formerly #{server.cloud_id}, which appears to have been terminated", MU::NOTICE
1124
1131
  begin
1125
1132
  server.destroy
@@ -1134,6 +1141,9 @@ module MU
1134
1141
  purged_this_deploy = purged_this_deploy + 1
1135
1142
  end
1136
1143
  }
1144
+ deletia.each { |mu_name|
1145
+ servers.delete(mu_name)
1146
+ }
1137
1147
  if purged_this_deploy > 0
1138
1148
  # XXX some kind of filter (obey sync_siblings on nodes' configs)
1139
1149
  deploy.syncLitter(servers.keys)
@@ -1141,6 +1151,10 @@ module MU
1141
1151
  }
1142
1152
  }
1143
1153
  end
1154
+ if need_reload
1155
+ deploy.save!
1156
+ MU::MommaCat.getLitter(deploy_id, use_cache: false)
1157
+ end
1144
1158
  MU.purgeGlobals
1145
1159
  }
1146
1160
  }
@@ -1191,7 +1205,8 @@ module MU
1191
1205
  flags: {},
1192
1206
  habitats: [],
1193
1207
  dummy_ok: false,
1194
- debug: false
1208
+ debug: false,
1209
+ no_deploy_search: false
1195
1210
  )
1196
1211
  start = Time.now
1197
1212
  callstr = "findStray(cloud: #{cloud}, type: #{type}, deploy_id: #{deploy_id}, calling_deploy: #{calling_deploy.deploy_id if !calling_deploy.nil?}, name: #{name}, cloud_id: #{cloud_id}, tag_key: #{tag_key}, tag_value: #{tag_value}, credentials: #{credentials}, habitats: #{habitats ? habitats.to_s : "[]"}, dummy_ok: #{dummy_ok.to_s}, flags: #{flags.to_s}) from #{caller[0]}"
@@ -1253,7 +1268,7 @@ module MU
1253
1268
 
1254
1269
  kittens = {}
1255
1270
  # Search our other deploys for matching resources
1256
- if (deploy_id or name or mu_name or cloud_id)
1271
+ if !no_deploy_search and (deploy_id or name or mu_name or cloud_id)
1257
1272
  MU.log "findStray: searching my deployments (#{cfg_plural}, name: #{name}, deploy_id: #{deploy_id}, mu_name: #{mu_name}) - #{sprintf("%.2fs", (Time.now-start))}", loglevel
1258
1273
 
1259
1274
  # Check our in-memory cache of live deploys before resorting to
@@ -1569,7 +1584,7 @@ end
1569
1584
  rescue Exception => e
1570
1585
  MU.log e.inspect, MU::ERR, details: e.backtrace
1571
1586
  end
1572
- MU.log "findStray: returning #{matches.size.to_s} matches - #{sprintf("%.2fs", (Time.now-start))}", loglevel
1587
+ MU.log "findStray: returning #{matches ? matches.size.to_s : "0"} matches - #{sprintf("%.2fs", (Time.now-start))}", loglevel
1573
1588
 
1574
1589
  matches
1575
1590
  end
@@ -2015,7 +2030,7 @@ end
2015
2030
  return
2016
2031
  end
2017
2032
  if ssh_key_name.nil? or ssh_key_name.empty?
2018
- MU.log "Failed to extract canonical_ip for #{ssh_key_name.mu_name} in addHostToSSHConfig", MU::ERR
2033
+ MU.log "Failed to extract ssh_key_name for #{ssh_key_name.mu_name} in addHostToSSHConfig", MU::ERR
2019
2034
  return
2020
2035
  end
2021
2036
 
@@ -2287,7 +2302,7 @@ MESSAGE_END
2287
2302
  MU::MommaCat.listDeploys.sort.each { |deploy_id|
2288
2303
  begin
2289
2304
  # We don't want to use cached litter information here because this is also called by cleanTerminatedInstances.
2290
- deploy = MU::MommaCat.getLitter(deploy_id, use_cache: false)
2305
+ deploy = MU::MommaCat.getLitter(deploy_id)
2291
2306
  if deploy.ssh_key_name.nil? or deploy.ssh_key_name.empty?
2292
2307
  MU.log "Failed to extract ssh key name from #{deploy_id} in syncMonitoringConfig", MU::ERR if deploy.kittens.has_key?("servers")
2293
2308
  next
@@ -2298,6 +2313,7 @@ MESSAGE_END
2298
2313
  deploy.kittens["servers"].values.each { |nodeclasses|
2299
2314
  nodeclasses.values.each { |nodes|
2300
2315
  nodes.values.each { |server|
2316
+ next if !server.cloud_desc
2301
2317
  MU.dupGlobals(parent_thread_id)
2302
2318
  threads << Thread.new {
2303
2319
  MU::MommaCat.setThreadContext(deploy)
@@ -2528,10 +2544,14 @@ MESSAGE_END
2528
2544
  update_servers.each { |node|
2529
2545
  # Not clear where this pollution comes from, but let's stick a temp
2530
2546
  # fix in here.
2531
- if node.deploydata['nodename'] != node.mu_name
2547
+ if node.deploydata['nodename'] != node.mu_name and
2548
+ !node.deploydata['nodename'].nil? and !node.deploydata['nodename'].emty?
2532
2549
  MU.log "Node #{node.mu_name} had wrong or missing nodename (#{node.deploydata['nodename']}), correcting", MU::WARN
2533
2550
  node.deploydata['nodename'] = node.mu_name
2534
- @deployment[svrs][node.config['name']][node.mu_name]['nodename'] = node.mu_name
2551
+ if @deployment[svrs] and @deployment[svrs][node.config['name']] and
2552
+ @deployment[svrs][node.config['name']][node.mu_name]
2553
+ @deployment[svrs][node.config['name']][node.mu_name]['nodename'] = node.mu_name
2554
+ end
2535
2555
  save!
2536
2556
  end
2537
2557
  }
@@ -2670,7 +2690,7 @@ MESSAGE_END
2670
2690
  Dir.chdir(MU.myRoot+"/modules")
2671
2691
 
2672
2692
  # XXX what's the safest way to find the 'bundle' executable in both gem and non-gem installs?
2673
- cmd = %Q{bundle exec thin --threaded --daemonize --port #{MU.mommaCatPort} --pid #{daemonPidFile} --log #{daemonLogFile} --ssl --ssl-key-file #{MU.mySSLDir}/mommacat.key --ssl-cert-file #{MU.mySSLDir}/mommacat.pem --ssl-disable-verify --tag mu-momma-cat -R mommacat.ru start}
2693
+ cmd = %Q{bundle exec thin --threaded --daemonize --port #{MU.mommaCatPort} --pid #{daemonPidFile} --log #{daemonLogFile} --ssl --ssl-key-file #{MU.muCfg['ssl']['key']} --ssl-cert-file #{MU.muCfg['ssl']['cert']} --ssl-disable-verify --tag mu-momma-cat -R mommacat.ru start}
2674
2694
  MU.log cmd, MU::NOTICE
2675
2695
  output = %x{#{cmd}}
2676
2696
  Dir.chdir(origdir)
@@ -0,0 +1,276 @@
1
+ # Configuration schema for mu.yaml. See also {https://github.com/cloudamatic/mu/wiki/Configuration the Mu wiki}.
2
+ #
3
+ # Example:
4
+ #
5
+ # <pre>
6
+ # ---
7
+ # public_address: 1.2.3.4
8
+ # mu_admin_email: egtlabs@eglobaltech.com
9
+ # mu_admin_name: Joe Schmoe
10
+ # mommacat_port: 2260
11
+ # banner: My Example Mu Master
12
+ # mu_repository: git://github.com/cloudamatic/mu.git
13
+ # repos:
14
+ # - https://github.com/cloudamatic/mu_demo_platform
15
+ # allow_invade_foreign_vpcs: true
16
+ # ansible_dir:
17
+ # aws:
18
+ # egtdev:
19
+ # region: us-east-1
20
+ # log_bucket_name: egt-mu-log-bucket
21
+ # default: true
22
+ # name: egtdev
23
+ # personal:
24
+ # region: us-east-2
25
+ # log_bucket_name: my-mu-log-bucket
26
+ # name: personal
27
+ # google:
28
+ # egtlabs:
29
+ # project: egt-labs-admin
30
+ # credentials_file: /opt/mu/etc/google.json
31
+ # region: us-east4
32
+ # log_bucket_name: hexabucket-761234
33
+ # default: true
34
+ # </pre>
35
+ module MuYAML
36
+ # The configuration file format for Mu's main config file.
37
+ # Amazon Web Services
38
+ class aws
39
+ # @!group Required parameters
40
+
41
+ # **REQUIRED** -
42
+ # S3 bucket into which we'll synchronize deploy secrets, and if we're hosted in AWS, collected system logs
43
+ #
44
+ # @return [String]
45
+ attr_accessor :log_bucket_name
46
+ # @!endgroup
47
+ # @!group Optional parameters
48
+
49
+ # **Must match pattern `(?i-mx:^[a-z0-9]+$)`** -
50
+ # Credentials used for accessing the AWS API (looks like: AKIAINWLOOAA24PBRBZA)
51
+ #
52
+ # @return [String]
53
+ attr_accessor :access_key
54
+
55
+ # Credentials used for accessing the AWS API (looks like: +Z16iRP9QAq7EcjHINyEMs3oR7A76QpfaSgCBogp).
56
+ #
57
+ # @return [String]
58
+ attr_accessor :access_secret
59
+
60
+ # **Must match pattern `(?-mix:^\d+$)`** -
61
+ # Default target account for resources managed using these credentials. This is an AWS account number, e.g. 918972669773. If not specified, we will use the account number which owns these API keys.
62
+ #
63
+ # @return [String]
64
+ attr_accessor :account_number
65
+
66
+ # A secure Chef vault and item from which to retrieve an AWS access key and secret. The vault item should have 'access_key' and 'access_secret' elements.
67
+ #
68
+ # @return [String]
69
+ attr_accessor :credentials
70
+
71
+ # An INI-formatted AWS credentials file, of the type used by the AWS command-line tools. This is less secure than using 'credentials' to store these in a Chef vault. See: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html
72
+ #
73
+ # @return [String]
74
+ attr_accessor :credentials_file
75
+
76
+ # **Default: `false`** -
77
+ # If set to true, Mu will default to these AWS credentials when targeting AWS resources
78
+ #
79
+ # @return [Boolean]
80
+ attr_accessor :default
81
+
82
+ # Default Amazon Web Services region in which these credentials should operate
83
+ #
84
+ # @return [String]
85
+ attr_accessor :region
86
+ # @!endgroup
87
+ end
88
+ # Microsoft Azure Cloud Computing Platform & Services
89
+ class azure
90
+ # @!group Optional parameters
91
+
92
+ # App client id used to authenticate to our subscription. From https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview
93
+ #
94
+ # @return [String]
95
+ attr_accessor :client_id
96
+
97
+ # App client secret used to authenticate to our subscription. From https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview under the 'Certificates & secrets' tab, 'Client secrets.' This can only be retrieved upon initial secret creation.
98
+ #
99
+ # @return [String]
100
+ attr_accessor :client_secret
101
+
102
+ # JSON file which contains a hash of directory_id, client_id, client_secret, and subscription values. If found, these will be override values entered directly in mu-configure.
103
+ #
104
+ # @return [String]
105
+ attr_accessor :credentials_file
106
+
107
+ # **Default: `false`** -
108
+ # If set to true, Mu will use this set of Azure credentials when targeting Azure without a specific account having been requested
109
+ #
110
+ # @return [Boolean]
111
+ attr_accessor :default
112
+
113
+ # AKA Tenant ID; the default Microsoft Azure Directory project in which we operate and deploy, from https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview
114
+ #
115
+ # @return [String]
116
+ attr_accessor :directory_id
117
+
118
+ # **Default: `eastus`** -
119
+ # Default Microsoft Azure region in which we operate and deploy
120
+ #
121
+ # @return [String]
122
+ attr_accessor :region
123
+
124
+ # Default Microsoft Azure Subscription we will use to deploy, from https://portal.azure.com/#blade/Microsoft_Azure_Billing/SubscriptionsBlade
125
+ #
126
+ # @return [String]
127
+ attr_accessor :subscription
128
+ # @!endgroup
129
+ end
130
+ # Google Cloud Platform
131
+ class google
132
+ # @!group Required parameters
133
+
134
+ # **REQUIRED** -
135
+ # Cloud Storage bucket into which we'll synchronize deploy secrets, and if we're hosted in GCP, collected system logs
136
+ #
137
+ # @return [String]
138
+ attr_accessor :log_bucket_name
139
+
140
+ # **REQUIRED** -
141
+ # Default Google Cloud Platform project in which we operate and deploy. Generate a service account at: https://console.cloud.google.com/iam-admin/serviceaccounts/project, making sure the account has sufficient privileges to manage cloud resources. Download the private key as JSON, and import that key to the vault specified here. Import example: knife vault create secrets google -J my-google-service-account.json
142
+ #
143
+ # @return [String]
144
+ attr_accessor :project
145
+ # @!endgroup
146
+ # @!group Optional parameters
147
+
148
+ # A secure Chef vault and item from which to retrieve the JSON-formatted Service Account credentials for our GCP account, in the format vault:itemname (e.g. 'secrets:google'). Generate a service account at: https://console.cloud.google.com/iam-admin/serviceaccounts/project, making sure the account has sufficient privileges to manage cloud resources. Download the private key as JSON, and import that key to the vault specified here. Import example: knife vault create secrets google -J my-google-service-account.json
149
+ #
150
+ # @return [String]
151
+ attr_accessor :credentials
152
+
153
+ # JSON-formatted Service Account credentials for our GCP account, b64-encoded and dropped directly into mu.yaml. Generate a service account at: https://console.cloud.google.com/iam-admin/serviceaccounts/project, making sure the account has sufficient privileges to manage cloud resources. Download the private key as JSON and point this argument to the file. This is less secure than using 'credentials' to store in a vault.
154
+ #
155
+ # @return [String]
156
+ attr_accessor :credentials_encoded
157
+
158
+ # JSON-formatted Service Account credentials for our GCP account, stored in plain text in a file. Generate a service account at: https://console.cloud.google.com/iam-admin/serviceaccounts/project, making sure the account has sufficient privileges to manage cloud resources. Download the private key as JSON and point this argument to the file. This is less secure than using 'credentials' to store in a vault.
159
+ #
160
+ # @return [String]
161
+ attr_accessor :credentials_file
162
+
163
+ # For Google Cloud projects which are attached to a GSuite domain. Some API calls (groups, users, etc) require this identifier. From admin.google.com, choose Security, the Single Sign On, and look for the Entity ID field. The value after idpid= in the URL there should be the customer ID.
164
+ #
165
+ # @return [String]
166
+ attr_accessor :customer_id
167
+
168
+ # **Default: `false`** -
169
+ # If set to true, Mu will use this set of GCP credentials when targeting the Google Cloud without a specific account having been requested
170
+ #
171
+ # @return [Boolean]
172
+ attr_accessor :default
173
+
174
+ # For Google Cloud projects which are attached to a GSuite domain. GCP service accounts cannot view or manage GSuite resources (groups, users, etc) directly, but must instead masquerade as a GSuite user which has delegated authority to the service account. See also: https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority
175
+ #
176
+ # @return [String]
177
+ attr_accessor :masequerade_as
178
+
179
+ # **Default: `us-east4`** -
180
+ # Default Google Cloud Platform region in which we operate and deploy
181
+ #
182
+ # @return [String]
183
+ attr_accessor :region
184
+ # @!endgroup
185
+ end
186
+ # @!group Required parameters
187
+
188
+ # **REQUIRED**,
189
+ # **Must match pattern `(?i-mx:^[a-z0-9\-_]+$)`** -
190
+ # The local system's value for HOSTNAME
191
+ #
192
+ # @return [String]
193
+ attr_accessor :hostname
194
+
195
+ # **REQUIRED**,
196
+ # **Must match pattern `(?i-mx:\A([\w+\-].?)+@[a-z\d\-]+(\.[a-z]+)*\.[a-z]+\z)`** -
197
+ # Administative contact email
198
+ #
199
+ # @return [String]
200
+ attr_accessor :mu_admin_email
201
+
202
+ # **REQUIRED**,
203
+ # **Must match pattern `(?-mix:^(127\.0\.0\.1|localhost)$)`** -
204
+ # IP address or hostname
205
+ #
206
+ # @return [String]
207
+ attr_accessor :public_address
208
+ # @!endgroup
209
+ # @!group Optional parameters
210
+
211
+ # If set to true, Mu will be allowed to modify routing and peering behavior of VPCs which it did not create, but for which it has permissions.
212
+ #
213
+ # @return [Boolean]
214
+ attr_accessor :allow_invade_foreign_vpcs
215
+
216
+ # Intended for use with minimal installs which use Ansible as a groomer and which do not store Ansible artifacts in a dedicated git repository. This allows simply pointing to a local directory.
217
+ #
218
+ # @return [String]
219
+ attr_accessor :ansible_dir
220
+
221
+ # Amazon Web Services
222
+ #
223
+ # @return [aws]
224
+ # @see aws
225
+ attr_accessor :aws
226
+
227
+ # Microsoft Azure Cloud Computing Platform & Services
228
+ #
229
+ # @return [azure]
230
+ # @see azure
231
+ attr_accessor :azure
232
+
233
+ # Login banner, displayed in various locations
234
+ #
235
+ # @return [String]
236
+ attr_accessor :banner
237
+
238
+ # Google Cloud Platform
239
+ #
240
+ # @return [google]
241
+ # @see google
242
+ attr_accessor :google
243
+
244
+ # Optional extra Chef roles or recipes to invoke when running chef-client on this Master (ex: recipe[mycookbook::mumaster])
245
+ #
246
+ # @return [Array<String>]
247
+ attr_accessor :master_runlist_extras
248
+
249
+ # **Default: `2260`**,
250
+ # **Must match pattern `(?i-mx:^[0-9]+$)`** -
251
+ # Listen port for the Momma Cat grooming daemon
252
+ #
253
+ # @return [String]
254
+ attr_accessor :mommacat_port
255
+
256
+ # **Default: `Mu Administrator`** -
257
+ # Administative contact's full name
258
+ #
259
+ # @return [String]
260
+ attr_accessor :mu_admin_name
261
+
262
+ # **Default: `git://github.com/cloudamatic/mu.git`**,
263
+ # **Must match pattern `(?-mix:(((git|ssh|http(s)?)|(git@[\w\.]+))(:(\/\/)?))?([\w\.@\:\/\-~]+)(\.git)?(\/)?)`** -
264
+ # Source repository for Mu tools
265
+ #
266
+ # @return [String]
267
+ attr_accessor :mu_repository
268
+
269
+ # **Default: `["https://github.com/cloudamatic/mu_demo_platform"]`**,
270
+ # **Must match pattern `(?-mix:(((git|ssh|http(s)?)|(git@[\w\.]+))(:(\/\/)?))?([\w\.@\:\/\-~]+)(\.git)?(\/)?)`** -
271
+ # Optional platform repositories, as a Git URL or Github repo name (ex: eGT-Labs/fema_platform.git)
272
+ #
273
+ # @return [Array<String>]
274
+ attr_accessor :repos
275
+ # @!endgroup
276
+ end