RubyGems - cloud-mu - Versions diffs - 3.1.2 → 3.2.0 - Mend

cloud-mu 3.1.2 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (201) hide show

checksums.yaml +4 -4
data/Dockerfile +15 -3
data/ansible/roles/mu-windows/README.md +33 -0
data/ansible/roles/mu-windows/defaults/main.yml +2 -0
data/ansible/roles/mu-windows/files/LaunchConfig.json +9 -0
data/ansible/roles/mu-windows/files/config.xml +76 -0
data/ansible/roles/mu-windows/handlers/main.yml +2 -0
data/ansible/roles/mu-windows/meta/main.yml +53 -0
data/ansible/roles/mu-windows/tasks/main.yml +36 -0
data/ansible/roles/mu-windows/tests/inventory +2 -0
data/ansible/roles/mu-windows/tests/test.yml +5 -0
data/ansible/roles/mu-windows/vars/main.yml +2 -0
data/bin/mu-adopt +10 -13
data/bin/mu-azure-tests +57 -0
data/bin/mu-cleanup +2 -4
data/bin/mu-configure +52 -0
data/bin/mu-deploy +3 -3
data/bin/mu-findstray-tests +25 -0
data/bin/mu-gen-docs +2 -4
data/bin/mu-load-config.rb +2 -3
data/bin/mu-node-manage +15 -16
data/bin/mu-run-tests +135 -37
data/cloud-mu.gemspec +22 -20
data/cookbooks/mu-activedirectory/resources/domain.rb +4 -4
data/cookbooks/mu-activedirectory/resources/domain_controller.rb +4 -4
data/cookbooks/mu-tools/libraries/helper.rb +3 -2
data/cookbooks/mu-tools/libraries/monkey.rb +35 -0
data/cookbooks/mu-tools/recipes/apply_security.rb +14 -14
data/cookbooks/mu-tools/recipes/aws_api.rb +9 -0
data/cookbooks/mu-tools/recipes/eks.rb +2 -2
data/cookbooks/mu-tools/recipes/google_api.rb +2 -2
data/cookbooks/mu-tools/recipes/selinux.rb +2 -1
data/cookbooks/mu-tools/recipes/windows-client.rb +163 -164
data/cookbooks/mu-tools/resources/disk.rb +1 -1
data/cookbooks/mu-tools/resources/windows_users.rb +44 -43
data/extras/clean-stock-amis +25 -19
data/extras/generate-stock-images +1 -0
data/extras/image-generators/AWS/win2k12.yaml +18 -13
data/extras/image-generators/AWS/win2k16.yaml +18 -13
data/extras/image-generators/AWS/win2k19.yaml +21 -0
data/extras/image-generators/Google/centos6.yaml +1 -0
data/extras/image-generators/Google/centos7.yaml +1 -1
data/modules/mommacat.ru +6 -16
data/modules/mu.rb +165 -111
data/modules/mu/adoption.rb +401 -68
data/modules/mu/cleanup.rb +199 -306
data/modules/mu/cloud.rb +100 -1632
data/modules/mu/cloud/database.rb +49 -0
data/modules/mu/cloud/dnszone.rb +46 -0
data/modules/mu/cloud/machine_images.rb +212 -0
data/modules/mu/cloud/providers.rb +81 -0
data/modules/mu/cloud/resource_base.rb +920 -0
data/modules/mu/cloud/server.rb +40 -0
data/modules/mu/cloud/server_pool.rb +1 -0
data/modules/mu/cloud/ssh_sessions.rb +228 -0
data/modules/mu/cloud/winrm_sessions.rb +237 -0
data/modules/mu/cloud/wrappers.rb +165 -0
data/modules/mu/config.rb +171 -1767
data/modules/mu/config/alarm.rb +2 -6
data/modules/mu/config/bucket.rb +4 -4
data/modules/mu/config/cache_cluster.rb +1 -1
data/modules/mu/config/collection.rb +4 -4
data/modules/mu/config/container_cluster.rb +9 -4
data/modules/mu/config/database.rb +83 -104
data/modules/mu/config/database.yml +1 -2
data/modules/mu/config/dnszone.rb +6 -6
data/modules/mu/config/doc_helpers.rb +516 -0
data/modules/mu/config/endpoint.rb +4 -4
data/modules/mu/config/firewall_rule.rb +103 -4
data/modules/mu/config/folder.rb +4 -4
data/modules/mu/config/function.rb +3 -3
data/modules/mu/config/group.rb +4 -4
data/modules/mu/config/habitat.rb +4 -4
data/modules/mu/config/loadbalancer.rb +60 -14
data/modules/mu/config/log.rb +4 -4
data/modules/mu/config/msg_queue.rb +4 -4
data/modules/mu/config/nosqldb.rb +4 -4
data/modules/mu/config/notifier.rb +3 -3
data/modules/mu/config/ref.rb +365 -0
data/modules/mu/config/role.rb +4 -4
data/modules/mu/config/schema_helpers.rb +509 -0
data/modules/mu/config/search_domain.rb +4 -4
data/modules/mu/config/server.rb +97 -70
data/modules/mu/config/server.yml +1 -0
data/modules/mu/config/server_pool.rb +5 -9
data/modules/mu/config/storage_pool.rb +1 -1
data/modules/mu/config/tail.rb +200 -0
data/modules/mu/config/user.rb +4 -4
data/modules/mu/config/vpc.rb +70 -27
data/modules/mu/config/vpc.yml +0 -1
data/modules/mu/defaults/AWS.yaml +83 -60
data/modules/mu/defaults/Azure.yaml +1 -0
data/modules/mu/defaults/Google.yaml +3 -2
data/modules/mu/deploy.rb +30 -26
data/modules/mu/groomer.rb +17 -2
data/modules/mu/groomers/ansible.rb +188 -41
data/modules/mu/groomers/chef.rb +116 -55
data/modules/mu/logger.rb +127 -148
data/modules/mu/master.rb +389 -2
data/modules/mu/master/chef.rb +3 -4
data/modules/mu/master/ldap.rb +3 -3
data/modules/mu/master/ssl.rb +12 -3
data/modules/mu/mommacat.rb +217 -2612
data/modules/mu/mommacat/daemon.rb +397 -0
data/modules/mu/mommacat/naming.rb +473 -0
data/modules/mu/mommacat/search.rb +495 -0
data/modules/mu/mommacat/storage.rb +722 -0
data/modules/mu/{clouds → providers}/README.md +1 -1
data/modules/mu/{clouds → providers}/aws.rb +271 -112
data/modules/mu/{clouds → providers}/aws/alarm.rb +5 -3
data/modules/mu/{clouds → providers}/aws/bucket.rb +26 -22
data/modules/mu/{clouds → providers}/aws/cache_cluster.rb +33 -67
data/modules/mu/{clouds → providers}/aws/collection.rb +24 -23
data/modules/mu/{clouds → providers}/aws/container_cluster.rb +681 -721
data/modules/mu/providers/aws/database.rb +1744 -0
data/modules/mu/{clouds → providers}/aws/dnszone.rb +64 -63
data/modules/mu/{clouds → providers}/aws/endpoint.rb +22 -27
data/modules/mu/{clouds → providers}/aws/firewall_rule.rb +214 -244
data/modules/mu/{clouds → providers}/aws/folder.rb +7 -7
data/modules/mu/{clouds → providers}/aws/function.rb +17 -22
data/modules/mu/{clouds → providers}/aws/group.rb +23 -23
data/modules/mu/{clouds → providers}/aws/habitat.rb +17 -14
data/modules/mu/{clouds → providers}/aws/loadbalancer.rb +57 -48
data/modules/mu/{clouds → providers}/aws/log.rb +15 -12
data/modules/mu/{clouds → providers}/aws/msg_queue.rb +17 -16
data/modules/mu/{clouds → providers}/aws/nosqldb.rb +18 -11
data/modules/mu/{clouds → providers}/aws/notifier.rb +11 -6
data/modules/mu/{clouds → providers}/aws/role.rb +112 -86
data/modules/mu/{clouds → providers}/aws/search_domain.rb +39 -33
data/modules/mu/{clouds → providers}/aws/server.rb +835 -1133
data/modules/mu/{clouds → providers}/aws/server_pool.rb +56 -60
data/modules/mu/{clouds → providers}/aws/storage_pool.rb +24 -42
data/modules/mu/{clouds → providers}/aws/user.rb +21 -22
data/modules/mu/{clouds → providers}/aws/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/aws/userdata/linux.erb +0 -0
data/modules/mu/{clouds → providers}/aws/userdata/windows.erb +2 -1
data/modules/mu/{clouds → providers}/aws/vpc.rb +523 -929
data/modules/mu/providers/aws/vpc_subnet.rb +286 -0
data/modules/mu/{clouds → providers}/azure.rb +29 -9
data/modules/mu/{clouds → providers}/azure/container_cluster.rb +3 -8
data/modules/mu/{clouds → providers}/azure/firewall_rule.rb +18 -11
data/modules/mu/{clouds → providers}/azure/habitat.rb +8 -6
data/modules/mu/{clouds → providers}/azure/loadbalancer.rb +5 -5
data/modules/mu/{clouds → providers}/azure/role.rb +8 -10
data/modules/mu/{clouds → providers}/azure/server.rb +95 -48
data/modules/mu/{clouds → providers}/azure/user.rb +6 -8
data/modules/mu/{clouds → providers}/azure/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/azure/userdata/linux.erb +0 -0
data/modules/mu/{clouds → providers}/azure/userdata/windows.erb +0 -0
data/modules/mu/{clouds → providers}/azure/vpc.rb +16 -21
data/modules/mu/{clouds → providers}/cloudformation.rb +18 -7
data/modules/mu/{clouds → providers}/cloudformation/alarm.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/cache_cluster.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/collection.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/database.rb +6 -17
data/modules/mu/{clouds → providers}/cloudformation/dnszone.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/firewall_rule.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/loadbalancer.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/log.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/server.rb +7 -7
data/modules/mu/{clouds → providers}/cloudformation/server_pool.rb +5 -5
data/modules/mu/{clouds → providers}/cloudformation/vpc.rb +5 -7
data/modules/mu/{clouds → providers}/docker.rb +0 -0
data/modules/mu/{clouds → providers}/google.rb +67 -30
data/modules/mu/{clouds → providers}/google/bucket.rb +13 -15
data/modules/mu/{clouds → providers}/google/container_cluster.rb +84 -77
data/modules/mu/{clouds → providers}/google/database.rb +10 -20
data/modules/mu/{clouds → providers}/google/firewall_rule.rb +15 -14
data/modules/mu/{clouds → providers}/google/folder.rb +20 -17
data/modules/mu/{clouds → providers}/google/function.rb +139 -167
data/modules/mu/{clouds → providers}/google/group.rb +29 -34
data/modules/mu/{clouds → providers}/google/habitat.rb +21 -22
data/modules/mu/{clouds → providers}/google/loadbalancer.rb +18 -20
data/modules/mu/{clouds → providers}/google/role.rb +92 -58
data/modules/mu/{clouds → providers}/google/server.rb +242 -155
data/modules/mu/{clouds → providers}/google/server_pool.rb +25 -44
data/modules/mu/{clouds → providers}/google/user.rb +95 -31
data/modules/mu/{clouds → providers}/google/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/google/userdata/linux.erb +0 -0
data/modules/mu/{clouds → providers}/google/userdata/windows.erb +0 -0
data/modules/mu/{clouds → providers}/google/vpc.rb +103 -79
data/modules/tests/bucket.yml +4 -0
data/modules/tests/centos6.yaml +11 -0
data/modules/tests/centos7.yaml +11 -0
data/modules/tests/centos8.yaml +12 -0
data/modules/tests/ecs.yaml +23 -0
data/modules/tests/includes-and-params.yaml +2 -1
data/modules/tests/rds.yaml +108 -0
data/modules/tests/regrooms/aws-iam.yaml +201 -0
data/modules/tests/regrooms/bucket.yml +19 -0
data/modules/tests/regrooms/rds.yaml +123 -0
data/modules/tests/server-with-scrub-muisms.yaml +1 -0
data/modules/tests/super_simple_bok.yml +1 -3
data/modules/tests/win2k12.yaml +17 -5
data/modules/tests/win2k16.yaml +25 -0
data/modules/tests/win2k19.yaml +25 -0
data/requirements.txt +1 -0
data/spec/mu/clouds/azure_spec.rb +2 -2
metadata +232 -154
data/extras/image-generators/AWS/windows.yaml +0 -18
data/modules/mu/clouds/aws/database.rb +0 -1985

data/modules/mu/groomers/chef.rb CHANGED

@@ -35,6 +35,12 @@ module MU
         end
       }
+      # Are the Chef libraries present and accounted for?
+      def self.available?(windows = false)
+        loadChefLib
+        @chefloaded
+      end
       @chefloaded = false
       @chefload_semaphore = Mutex.new
       # Autoload is too brain-damaged to get Chef's subclasses/submodules, so
@@ -184,13 +190,13 @@ module MU
         if !item.nil?
           begin
             loaded = ::ChefVault::Item.load(vault, item)
-          rescue ::ChefVault::Exceptions::KeysNotFound => e
+          rescue ::ChefVault::Exceptions::KeysNotFound
             raise MuNoSuchSecret, "Can't load the Chef Vault #{vault}:#{item}. Does it exist? Chef user: #{MU.chef_user}"
           end
         else
           # If we didn't ask for a particular item, list what we have.
           begin
-            loaded = ::Chef::DataBag.load(vault).keys.select { |k, v| !k.match(/_keys$/) }
+            loaded = ::Chef::DataBag.load(vault).keys.select { |k| !k.match(/_keys$/) }
           rescue Net::HTTPServerException
             raise MuNoSuchSecret, "Failed to retrieve Vault #{vault}"
           end
@@ -258,7 +264,6 @@ module MU
           knifeAddToRunList(multiple: @config['run_list'])
         end
-        pending_reboot_count = 0
         chef_node = ::Chef::Node.load(@server.mu_name)
         if !@config['application_attributes'].nil?
           MU.log "Setting node:#{@server.mu_name} application_attributes", MU::DEBUG, details: @config['application_attributes']
@@ -300,7 +305,7 @@ module MU
               cmd = "#{upgrade_cmd} chef-client --color || echo #{error_signal}"
             end
             Timeout::timeout(timeout) {
-              retval = ssh.exec!(cmd) { |ch, stream, data|
+              ssh.exec!(cmd) { |_ch, _stream, data|
                 extra_logfile = if Dir.exist?(@server.deploy.deploy_dir)
                   File.open(@server.deploy.deploy_dir+"/log", "a")
                 end
@@ -330,7 +335,7 @@ module MU
             }
           else
             MU.log "Invoking Chef over WinRM on #{@server.mu_name}: #{purpose}"
-            winrm = @server.getWinRMSession(haveBootstrapped? ? 1 : max_retries)
+            winrm = @server.getWinRMSession(haveBootstrapped? ? 2 : max_retries)
             if @server.windows? and @server.windowsRebootPending?(winrm)
               # Windows frequently gets stuck here
               if retries > 5
@@ -363,7 +368,7 @@ module MU
             }
             if resp.exitcode == 1 and output_lines.join("\n").match(/Chef Client finished/)
-              MU.log "resp.exit code 1"
+              MU.log output_lines.last
             elsif resp.exitcode != 0
               raise MU::Cloud::BootstrapTempFail if resp.exitcode == 35 or output_lines.join("\n").match(/REBOOT_SCHEDULED| WARN: Reboot requested:|Rebooting server at a recipe's request|Chef::Exceptions::Reboot/)
               raise MU::Groomer::RunError, output_lines.slice(output_lines.length-50, output_lines.length).join("")
@@ -380,7 +385,7 @@ module MU
             sleep 30
           end
           retry
-        rescue RuntimeError, SystemCallError, Timeout::Error, SocketError, Errno::ECONNRESET, IOError, Net::SSH::Exception, MU::Groomer::RunError, WinRM::WinRMError, MU::MuError => e
+        rescue SystemExit, Timeout::Error, MU::Cloud::BootstrapTempFail, Net::HTTPServerException, HTTPClient::ConnectTimeoutError, WinRM::WinRMError, Net::SSH::AuthenticationFailed, Net::SSH::Disconnect, Net::SSH::ConnectionTimeout, Net::SSH::Proxy::ConnectError, Net::SSH::Exception, Errno::ECONNRESET, Errno::EHOSTUNREACH, Errno::ECONNREFUSED, Errno::EPIPE, SocketError, IOError => e
           begin
             ssh.close if !ssh.nil?
           rescue Net::SSH::Exception, IOError => e
@@ -390,6 +395,8 @@ module MU
               MU.log "ssh session to #{@server.mu_name} was closed unexpectedly, waiting before trying again", MU::NOTICE
             end
             sleep 10
+          rescue StandardError => e
+            MU.log "Error I don't recognize closing ssh tunnel", MU::WARN, details: e.inspect
           end
           if e.instance_of?(MU::Groomer::RunError) and retries == 0 and max_retries > 1 and purpose != "Base Windows configuration"
             MU.log "Got a run error, will attempt to install/update Chef Client on next attempt", MU::NOTICE
@@ -404,7 +411,7 @@ module MU
               begin
                 preClean(true) # drop any Chef install that's not ours
                 @server.reboot # try gently rebooting the thing
-              rescue Exception => e # it's ok to fail here (and to ignore failure)
+              rescue StandardError => e # it's ok to fail here (and to ignore failure)
                 MU.log "preclean err #{e.inspect}", MU::ERR
               end
               reboot_first_fail = false
@@ -414,9 +421,9 @@ module MU
           if retries < max_retries
             retries += 1
             MU.log "#{@server.mu_name}: Chef run '#{purpose}' failed after #{Time.new - runstart} seconds, retrying (#{retries}/#{max_retries})", MU::WARN, details: e.message.dup
-            if purpose != "Base Windows configuration"
-              windows_try_ssh = !windows_try_ssh
-            end
+#            if purpose != "Base Windows configuration"
+#              windows_try_ssh = !windows_try_ssh
+#            end
             if e.is_a?(WinRM::WinRMError)
               if @server.windows? and retries >= 3 and retries % 3 == 0
                 # Mix in a hard reboot if WinRM isn't answering
@@ -429,7 +436,7 @@ module MU
             @server.deploy.sendAdminSlack("Chef run '#{purpose}' failed on `#{@server.mu_name}` :crying_cat_face:", msg: e.message)
             raise MU::Groomer::RunError, "#{@server.mu_name}: Chef run '#{purpose}' failed #{max_retries} times, last error was: #{e.message}"
           end
-        rescue Exception => e
+        rescue StandardError => e
           @server.deploy.sendAdminSlack("Chef run '#{purpose}' failed on `#{@server.mu_name}` :crying_cat_face:", msg: e.inspect)
           raise MU::Groomer::RunError, "Caught unexpected #{e.inspect} on #{@server.mu_name} in @groomer.run at #{e.backtrace[0]}"
@@ -443,8 +450,8 @@ module MU
       def splunkVaultInit
         self.class.loadChefLib
         begin
-          loaded = ::ChefVault::Item.load("splunk", "admin_user")
-        rescue ::ChefVault::Exceptions::KeysNotFound => e
+          ::ChefVault::Item.load("splunk", "admin_user")
+        rescue ::ChefVault::Exceptions::KeysNotFound
           pw = Password.pronounceable(12..14)
           creds = {
             "username" => "admin",
@@ -550,7 +557,7 @@ module MU
             winrm = @server.getWinRMSession(1, 30, winrm_retries: 2)
             pp winrm.run(cmd)
             return
-          rescue Net::SSH::Disconnect, SystemCallError, Timeout::Error, Errno::ECONNRESET, Errno::EHOSTUNREACH, Net::SSH::Proxy::ConnectError, SocketError, Net::SSH::Disconnect, Net::SSH::AuthenticationFailed, IOError, Net::HTTPServerException, SystemExit, Errno::ECONNREFUSED, Errno::EPIPE, WinRM::WinRMError, HTTPClient::ConnectTimeoutError, RuntimeError, MU::Cloud::BootstrapTempFail, MU::MuError => e
+          rescue SystemExit, Timeout::Error, MU::Cloud::BootstrapTempFail, MU::MuError, Net::HTTPServerException, HTTPClient::ConnectTimeoutError, WinRM::WinRMError, Net::SSH::AuthenticationFailed, Net::SSH::Disconnect, Net::SSH::ConnectionTimeout, Net::SSH::Proxy::ConnectError, Net::SSH::Exception, Errno::ECONNRESET, Errno::EHOSTUNREACH, Errno::ECONNREFUSED, Errno::EPIPE, SocketError, IOError
             MU.log "WinRM failure attempting Chef upgrade on #{@server.mu_name}, will fall back to ssh", MU::WARN
             cmd = %Q{powershell.exe -inputformat none -noprofile "#{cmd}"}
           end
@@ -558,7 +565,7 @@ module MU
         MU.log "Attempting Chef upgrade via ssh on #{@server.mu_name}", MU::NOTICE, details: cmd
         ssh = @server.getSSHSession(1)
-        retval = ssh.exec!(cmd) { |ch, stream, data|
+        ssh.exec!(cmd) { |_ch, _stream, data|
           puts data
         }
       end
@@ -580,7 +587,7 @@ module MU
           @config['cleaned_chef'] = true
         end
-        nat_ssh_key, nat_ssh_user, nat_ssh_host, canonical_addr, ssh_user, ssh_key_name = @server.getSSHConfig
+        _nat_ssh_key, _nat_ssh_user, _nat_ssh_host, canonical_addr, ssh_user, ssh_key_name = @server.getSSHConfig
         MU.log "Bootstrapping #{@server.mu_name} (#{canonical_addr}) with knife"
@@ -593,11 +600,12 @@ module MU
           json_attribs['skipinitialupdates'] = @config['skipinitialupdates']
         end
-        if !@config['vault_access'].nil?
-          vault_access = @config['vault_access']
-        else
-          vault_access = []
-        end
+# XXX this seems to break Knife Bootstrap
+#        vault_access = if !@config['vault_access'].nil?
+#          @config['vault_access']
+#        else
+#          []
+#        end
         @server.windows? ? max_retries = 25 : max_retries = 10
         @server.windows? ? timeout = 1800 : timeout = 300
@@ -617,13 +625,20 @@ module MU
             kb.name_args = [@server.mu_name]
             kb.config[:manual] = true
             kb.config[:winrm_transport] = :ssl
-            kb.config[:host] = @server.mu_name
             kb.config[:winrm_port] = 5986
             kb.config[:session_timeout] = timeout
             kb.config[:operation_timeout] = timeout
-            kb.config[:winrm_authentication_protocol] = :cert
-            kb.config[:winrm_client_cert] = "#{MU.mySSLDir}/#{@server.mu_name}-winrm.crt"
-            kb.config[:winrm_client_key] = "#{MU.mySSLDir}/#{@server.mu_name}-winrm.key"
+            if retries % 2 == 0
+              kb.config[:host] = canonical_addr
+              kb.config[:winrm_authentication_protocol] = :basic
+              kb.config[:winrm_user] = @server.config['windows_admin_username']
+              kb.config[:winrm_password] = @server.getWindowsAdminPassword
+            else
+              kb.config[:host] = @server.mu_name
+              kb.config[:winrm_authentication_protocol] = :cert
+              kb.config[:winrm_client_cert] = "#{MU.mySSLDir}/#{@server.mu_name}-winrm.crt"
+              kb.config[:winrm_client_key] = "#{MU.mySSLDir}/#{@server.mu_name}-winrm.key"
+            end
 #          kb.config[:ca_trust_file] = "#{MU.mySSLDir}/Mu_CA.pem"
             # XXX ca_trust_file doesn't work for some reason, so we have to set the below for now
             kb.config[:winrm_ssl_verify_mode] = :verify_none
@@ -658,7 +673,7 @@ module MU
           }
           # throws Net::HTTPServerException if we haven't really bootstrapped
           ::Chef::Node.load(@server.mu_name)
-        rescue Net::SSH::Disconnect, SystemCallError, Timeout::Error, Errno::ECONNRESET, Errno::EHOSTUNREACH, Net::SSH::Proxy::ConnectError, SocketError, Net::SSH::Disconnect, Net::SSH::AuthenticationFailed, IOError, Net::HTTPServerException, SystemExit, Errno::ECONNREFUSED, Errno::EPIPE, WinRM::WinRMError, HTTPClient::ConnectTimeoutError, RuntimeError, MU::Cloud::BootstrapTempFail, Net::SSH::Exception, Net::SSH::ConnectionTimeout => e
+        rescue SystemExit, Timeout::Error, MU::Cloud::BootstrapTempFail, Net::HTTPServerException, HTTPClient::ConnectTimeoutError, WinRM::WinRMError, Net::SSH::AuthenticationFailed, Net::SSH::Disconnect, Net::SSH::ConnectionTimeout, Net::SSH::Proxy::ConnectError, Net::SSH::Exception, Errno::ECONNRESET, Errno::EHOSTUNREACH, Errno::ECONNREFUSED, Errno::EPIPE, SocketError, IOError => e
           if retries < max_retries
             retries += 1
             # Bad Chef installs are possible culprits of bootstrap failures, so
@@ -671,9 +686,9 @@ module MU
                !@config['forced_preclean']
               begin
                 preClean(false) # it's ok for this to fail
-              rescue Exception => e
+              rescue StandardError => e
               end
-              MU::Groomer::Chef.cleanup(@server.mu_name, nodeonly: true)
+              MU::Groomer::Chef.purge(@server.mu_name, nodeonly: true)
               @config['forced_preclean'] = true
               @server.reboot if @server.windows? # *sigh*
             end
@@ -683,7 +698,7 @@ module MU
           else
             raise MuError, "#{@server.mu_name}: Knife Bootstrap failed too many times with #{e.inspect}"
           end
-        rescue Exception => e
+        rescue StandardError => e
 MU.log e.inspect, MU::ERR, details: e.backtrace
 sleep 10*retries
 retry
@@ -700,7 +715,7 @@ retry
           end
         }
         knifeAddToRunList("role[mu-node]")
-        knifeAddToRunList("mu-tools::selinux")
+        knifeAddToRunList("recipe[mu-tools::selinux]")
         grantSecretAccess(@server.mu_name, "windows_credentials") if @server.windows?
         grantSecretAccess(@server.mu_name, "ssl_cert")
@@ -748,7 +763,7 @@ retry
           return
         end
-        @server.describe(update_cache: true) # Make sure we're fresh
+        @server.describe
         saveChefMetadata
         begin
           chef_node = ::Chef::Node.load(@server.mu_name)
@@ -785,17 +800,57 @@ retry
             chef_node.save
           end
           return chef_node['deployment']
-        rescue Net::HTTPServerException => e
+        rescue Net::HTTPServerException
           MU.log "Attempted to save deployment to Chef node #{@server.mu_name} before it was bootstrapped.", MU::DEBUG
         end
       end
+      # Purge Chef resources matching a particular deploy
+      # @param deploy_id [String]
+      # @param noop [Boolean]
+      def self.cleanup(deploy_id, noop = false)
+        return nil if deploy_id.nil? or deploy_id.empty?
+        begin
+          if File.exist?(Etc.getpwuid(Process.uid).dir+"/.chef/knife.rb")
+            ::Chef::Config.from_file(Etc.getpwuid(Process.uid).dir+"/.chef/knife.rb")
+          end
+          deadnodes = []
+          ::Chef::Config[:environment] ||= MU.environment
+          q = ::Chef::Search::Query.new
+          begin
+            q.search("node", "tags_MU-ID:#{deploy_id}").each { |item|
+              next if item.is_a?(Integer)
+              item.each { |node|
+                deadnodes << node.name
+              }
+            }
+          rescue Net::HTTPServerException
+          end
+          begin
+            q.search("node", "name:#{deploy_id}-*").each { |item|
+              next if item.is_a?(Integer)
+              item.each { |node|
+                deadnodes << node.name
+              }
+            }
+          rescue Net::HTTPServerException
+          end
+          MU.log "Missed some Chef resources in node cleanup, purging now", MU::NOTICE if deadnodes.size > 0
+          deadnodes.uniq.each { |node|
+            MU::Groomer::Chef.purge(node, [], noop)
+          }
+        rescue LoadError
+        end
+      end
       # Expunge Chef resources associated with a node.
       # @param node [String]: The Mu name of the node in question.
       # @param vaults_to_clean [Array<Hash>]: Some vaults to expunge
       # @param noop [Boolean]: Skip actual deletion, just state what we'd do
       # @param nodeonly [Boolean]: Just delete the node and its keys, but leave other artifacts
-      def self.cleanup(node, vaults_to_clean = [], noop = false, nodeonly: false)
+      def self.purge(node, vaults_to_clean = [], noop = false, nodeonly: false)
         loadChefLib
         MU.log "Deleting Chef resources associated with #{node}"
         if !nodeonly
@@ -804,7 +859,7 @@ retry
             MU.log "knife vault remove #{vault['vault']} #{vault['item']} --search name:#{node}", MU::NOTICE
             begin
               ::Chef::Knife.run(['vault', 'remove', vault['vault'], vault['item'], "--search", "name:#{node}"]) if !noop
-            rescue Exception => e
+            rescue StandardError => e
               MU.log "Error removing vault access for #{node} from #{vault['vault']} #{vault['item']}", MU::ERR, details: e.inspect
             end
             MU::MommaCat.unlock("vault-#{vault['vault']}")
@@ -858,7 +913,7 @@ retry
                   ::Chef::Knife.run(['vault', 'refresh', vault['vault'], vault['item']])
                 end
               end
-            rescue JSON::ParserError => e
+            rescue JSON::ParserError
               MU.log "Error parsing JSON from data bag #{vault['vault']} #{vault['item']}_keys, skipping vault client cleanse", MU::WARN
             end
           end
@@ -887,18 +942,34 @@ retry
         MU.log "Granting #{host} access to #{vault} #{item}"
         begin
           ::Chef::Knife.run(['vault', 'update', vault, item, "--search", "name:#{host}"])
-        rescue Exception => e
+        rescue StandardError => e
           MU.log e.inspect, MU::ERR, details: caller
         end
         MU::MommaCat.unlock("vault-#{vault}", true)
       end
+      # Execute a +knife+ command, and return its exit status and output
+      # @param cmd [String]: The knife subcommand to run, such as +vault list+
+      # @param showoutput [String]: Print the results to stdout
+      # @return [Array<Integer,String>]
+      def self.knifeCmd(cmd, showoutput = false)
+        MU.log "knife #{cmd}", MU::NOTICE if showoutput
+        output = `#{MU::Groomer::Chef.knife} #{cmd}`
+        exitstatus = $?.exitstatus
+        if showoutput
+          puts output
+          puts "Exit status: #{exitstatus}"
+        end
+        return [exitstatus, output]
+      end
       private
       # Save common Mu attributes to this node's Chef node structure.
       def saveChefMetadata
         self.class.loadChefLib
-        nat_ssh_key, nat_ssh_user, nat_ssh_host, canonical_addr, ssh_user, ssh_key_name = @server.getSSHConfig
+        @server.getSSHConfig # why though
         MU.log "Saving #{@server.mu_name} Chef artifacts"
         begin
@@ -998,7 +1069,7 @@ retry
           deploy = MU::MommaCat.getLitter(MU.deploy_id, use_cache: false)
           @config['dependencies'].each{ |dep|
             if dep['type'] == "database" && deploy.deployment.has_key?("databases") && deploy.deployment["databases"].has_key?(dep['name'])
-                deploy.deployment["databases"][dep['name']].each { |name, database|
+                deploy.deployment["databases"][dep['name']].values.each { |database|
                 grantSecretAccess(database['vault_name'], database['vault_item']) if database.has_key?("vault_name") && database.has_key?("vault_item")
               }
             end
@@ -1019,18 +1090,6 @@ retry
         @secrets_granted["#{vault}:#{item}"] = item
       end
-      def self.knifeCmd(cmd, showoutput = false)
-        MU.log "knife #{cmd}", MU::NOTICE if showoutput
-        output = `#{MU::Groomer::Chef.knife} #{cmd}`
-        exitstatus = $?.exitstatus
-        if showoutput
-          puts output
-          puts "Exit status: #{exitstatus}"
-        end
-        return [exitstatus, output]
-      end
       def knifeCmd(cmd, showoutput = false)
         self.class.knifeCmd(cmd, showoutput)
       end
@@ -1063,9 +1122,11 @@ retry
         if multiple.size == 0
           multiple = [rl_entry]
         end
-        multiple.each { |entry|
+        multiple.map! { |entry|
           if !entry.match(/^role|recipe\[/)
-            entry = "#{type}[#{entry}]"
+            "#{type}[#{entry}]"
+          else
+            entry
           end
         }
@@ -1110,8 +1171,8 @@ retry
           MU.log("Adding #{rl_string} to Chef run_list of #{@server.mu_name}")
           MU.log("Running #{query}", MU::DEBUG)
           output=%x{#{query}}
-            # XXX rescue Exception is bad style
-        rescue Exception => e
+            # XXX rescue StandardError is bad style
+        rescue StandardError => e
           raise MuError, "FAIL: #{MU::Groomer::Chef.knife} node run_list add #{@server.mu_name} \"#{rl_string}\": #{e.message} (output was #{output})"
         end
       end

data/modules/mu/logger.rb CHANGED

@@ -33,6 +33,33 @@ module MU
     # Show DEBUG log entries and extra call stack and threading info
     LOUD = 2.freeze
+    # stash a hash map for color outputs
+    COLORMAP = {
+      MU::DEBUG => { :html => "orange", :ansi => :yellow },
+      MU::INFO => { :html => "green", :ansi => :green },
+      MU::NOTICE => { :html => "yellow", :ansi => :yellow },
+      MU::WARN => { :html => "orange", :ansi => :light_red },
+      MU::ERR => { :html => "red", :ansi => :red }
+    }.freeze
+    # minimum log verbosity at which we'll print various types of messages
+    PRINT_MSG_IF = {
+      MU::DEBUG => { :msg => LOUD, :details => LOUD },
+      MU::INFO => { :msg => NORMAL, :details => LOUD },
+      MU::NOTICE => { :msg => nil, :details => QUIET },
+      MU::WARN => { :msg => nil, :details => SILENT },
+      MU::ERR => { :msg => nil, :details => nil }
+    }.freeze
+    # Syslog equivalents of our log levels
+    SYSLOG_MAP = {
+      MU::DEBUG => Syslog::LOG_DEBUG,
+      MU::INFO => Syslog::LOG_NOTICE,
+      MU::NOTICE => Syslog::LOG_NOTICE,
+      MU::WARN => Syslog::LOG_WARNING,
+      MU::ERR => Syslog::LOG_ERR
+    }.freeze
     attr_accessor :verbosity
     @verbosity = MU::Logger::NORMAL
     @quiet = false
@@ -66,66 +93,38 @@ module MU
     def log(msg,
             level=INFO,
             details: nil,
-            html: @html,
-            verbosity: @verbosity,
-            handle: @handle,
-            color: @color,
+            html: nil,
+            verbosity: nil,
+            handle: nil,
+            color: nil,
             deploy: MU.mommacat
     )
       verbosity ||= @verbosity
-      return if verbosity == MU::Logger::SILENT
-      return if verbosity < MU::Logger::LOUD and level == DEBUG
-      return if verbosity < MU::Logger::NORMAL and level == INFO
+      html ||= @html
+      handle ||= @handle
+      color ||= @color
-      # By which we mean, "get the filename (with the .rb stripped off) which
-      # originated the call to this method. Which, for our purposes, is the
-      # MU subclass that called us. Useful information. And it looks like Perl.
-      mod_root = Regexp.quote("#{ENV['MU_LIBDIR']}/modules/mu/")
-      bin_root = Regexp.quote("#{ENV['MU_INSTALLDIR']}/bin/")
-      caller_name = caller[1]
+      if verbosity == MU::Logger::SILENT or (verbosity < MU::Logger::LOUD and level == DEBUG) or (verbosity < MU::Logger::NORMAL and level == INFO)
+        return
+      end
-      caller_name.sub!(/:.*/, "")
-      caller_name.sub!(/^\.\//, "")
-      caller_name.sub!(/^#{mod_root}/, "")
-      caller_name.sub!(/^#{bin_root}/, "")
-      caller_name.sub!(/\.r[ub]$/, "")
-      caller_name.sub!(/#{Regexp.quote(MU.myRoot)}\//, "")
-      caller_name.sub!(/^modules\//, "")
+      if level == SUMMARY
+        @summary << msg
+        return
+      end
+      caller_name = extract_caller_name(caller[1])
       time = Time.now.strftime("%b %d %H:%M:%S").to_s
       Syslog.open("Mu/"+caller_name, Syslog::LOG_PID, Syslog::LOG_DAEMON | Syslog::LOG_LOCAL3) if !Syslog.opened?
-      if !details.nil?
-        if details.is_a?(Hash) and details.has_key?(:details)
-          details = details[:details]
-        end
-        details = PP.pp(details, '') if !details.is_a?(String)
-      end
-      details = "<pre>"+details+"</pre>" if @html
-      # We get passed literal quoted newlines sometimes, fix 'em. Get Windows'
-      # ugly line feeds too.
-      if !details.nil?
-        details = details.dup # in case it's frozen or something
-        details.gsub!(/\\n/, "\n")
-        details.gsub!(/(\\r|\r)/, "")
-      end
+      details = format_details(details, html)
       msg = msg.first if msg.is_a?(Array)
       msg = "" if msg == nil
       msg = msg.to_s if !msg.is_a?(String) and msg.respond_to?(:to_s)
-      # wrapper for writing a log entry to multiple filehandles
-      # @param handles [Array<IO>]
-      # @param msgs [Array<String>]
-      def write(handles = [], msgs = [])
-        return if handles.nil? or msgs.nil?
-        handles.each { |h|
-          msgs.each { |m|
-            h.puts m
-          }
-        }
-      end
       @@log_semaphere.synchronize {
         handles = [handle]
         extra_logfile = if deploy and deploy.deploy_dir and Dir.exist?(deploy.deploy_dir)
@@ -134,110 +133,41 @@ module MU
         handles << extra_logfile if extra_logfile
         msgs = []
-        case level
-          when SUMMARY
-            @summary << msg
-          when DEBUG
-            if verbosity >= MU::Logger::LOUD
-              if @html
-                html_out "#{time} - #{caller_name} - #{msg}", "orange"
-                html_out "&nbsp;#{details}" if details
-              elsif color
-                msgs << "#{time} - #{caller_name} - #{msg}".yellow.on_black
-                msgs << "#{details}".white.on_black if details
-              else
-                msgs << "#{time} - #{caller_name} - #{msg}"
-                msgs << "#{details}" if details
-              end
-              Syslog.log(Syslog::LOG_DEBUG, msg.gsub(/%/, ''))
-              Syslog.log(Syslog::LOG_DEBUG, details.gsub(/%/, '')) if details
-            end
-          when INFO
-            if verbosity >= MU::Logger::NORMAL
-              if @html
-                html_out "#{time} - #{caller_name} - #{msg}", "green"
-              elsif color
-                msgs << "#{time} - #{caller_name} - #{msg}".green.on_black
-              else
-                msgs << "#{time} - #{caller_name} - #{msg}"
-              end
-              if verbosity >= MU::Logger::LOUD
-                if @html
-                  html_out "&nbsp;#{details}"
-                elsif color
-                  msgs << "#{details}".white.on_black if details
-                else
-                  msgs << "#{details}" if details
-                end
-              end
-              Syslog.log(Syslog::LOG_NOTICE, msg.gsub(/%/, ''))
-              Syslog.log(Syslog::LOG_NOTICE, details.gsub(/%/, '')) if details
-            end
-          when NOTICE
-            if @html
-              html_out "#{time} - #{caller_name} - #{msg}", "yellow"
-            elsif color
-              msgs << "#{time} - #{caller_name} - #{msg}".yellow.on_black
-            else
-              msgs << "#{time} - #{caller_name} - #{msg}"
-            end
-            if verbosity >= MU::Logger::QUIET
-              if @html
-                html_out "#{caller_name} - #{msg}"
-              elsif color
-                msgs << "#{details}".white.on_black if details
-              else
-                msgs << "#{details}" if details
-              end
-            end
-            Syslog.log(Syslog::LOG_NOTICE, msg.gsub(/%/, ''))
-            Syslog.log(Syslog::LOG_NOTICE, details.gsub(/%/, '')) if details
-          when WARN
-            if @html
-              html_out "#{time} - #{caller_name} - #{msg}", "orange"
-            elsif color
-              msgs << "#{time} - #{caller_name} - #{msg}".light_red.on_black
-            else
-              msgs << "#{time} - #{caller_name} - #{msg}"
-            end
-            if verbosity >= MU::Logger::SILENT
-              if @html
-                html_out "#{caller_name} - #{msg}"
-              elsif color
-                msgs << "#{details}".white.on_black if details
-              else
-                msgs << "#{details}" if details
-              end
-            end
-            Syslog.log(Syslog::LOG_WARNING, msg.gsub(/%/, ''))
-            Syslog.log(Syslog::LOG_WARNING, details.gsub(/%/, '')) if details
-          when ERR
-            if @html
-              html_out "#{time} - #{caller_name} - #{msg}", "red"
-              html_out "&nbsp;#{details}" if details
-            elsif color
-              msgs << "#{time} - #{caller_name} - #{msg}".red.on_black
-              msgs << "#{details}".white.on_black if details
-            else
-              msgs << "#{time} - #{caller_name} - #{msg}"
-              msgs << "#{details}" if details
-            end
-            Syslog.log(Syslog::LOG_ERR, msg.gsub(/%/, ''))
-            Syslog.log(Syslog::LOG_ERR, details.gsub(/%/, '')) if details
+        if !PRINT_MSG_IF[level][:msg] or level >= PRINT_MSG_IF[level][:msg]
+          if html
+            html_out "#{time} - #{caller_name} - #{msg}", COLORMAP[level][:html]
+          else
+            str = "#{time} - #{caller_name} - #{msg}"
+            str = str.send(COLORMAP[level][:ansi]).on_black if color
+            msgs << str
+          end
+          Syslog.log(SYSLOG_MAP[level], msg.gsub(/%/, ''))
+        end
+        if details and (!PRINT_MSG_IF[level][:details] or level >= PRINT_MSG_IF[level][:details])
+          if html
+            html_out "&nbsp;#{details}"
           else
-            if @html
-              html_out "#{time} - #{caller_name} - #{msg}"
-              html_out "&nbsp;#{details}" if details
-            elsif color
-              msgs << "#{time} - #{caller_name} - #{msg}".white.on_black
-              msgs << "#{details}".white.on_black if details
-            else
-              msgs << "#{time} - #{caller_name} - #{msg}"
-              msgs << "#{details}" if details
-            end
-            Syslog.log(Syslog::LOG_NOTICE, msg.gsub(/%/, ''))
-            Syslog.log(Syslog::LOG_NOTICE, details.gsub(/%/, '')) if details
+            details = details.white.on_black if color
+            msgs << details
+          end
+          Syslog.log(SYSLOG_MAP[level], details.gsub(/%/, ''))
         end
+#          else
+#            if html
+#              html_out "#{time} - #{caller_name} - #{msg}"
+#              html_out "&nbsp;#{details}" if details
+#            elsif color
+#              msgs << "#{time} - #{caller_name} - #{msg}".white.on_black
+#              msgs << "#{details}".white.on_black if details
+#            else
+#              msgs << "#{time} - #{caller_name} - #{msg}"
+#              msgs << "#{details}" if details
+#            end
+#            Syslog.log(Syslog::LOG_NOTICE, msg.gsub(/%/, ''))
+#            Syslog.log(Syslog::LOG_NOTICE, details.gsub(/%/, '')) if details
         write(handles, msgs)
         extra_logfile.close if extra_logfile
@@ -247,6 +177,43 @@ module MU
     private
+    def format_details(details, html = false)
+      return if details.nil?
+      if details.is_a?(Hash) and details.has_key?(:details)
+        details = details[:details]
+      end
+      details = PP.pp(details, '') if !details.is_a?(String)
+      details = "<pre>"+details+"</pre>" if html
+      # We get passed literal quoted newlines sometimes, fix 'em. Get Windows'
+      # ugly line feeds too.
+      details = details.dup # in case it's frozen or something
+      details.gsub!(/\\n/, "\n")
+      details.gsub!(/(\\r|\r)/, "")
+      details
+    end
+    # By which we mean, "get the filename (with the .rb stripped off) which
+    # originated the call to this method. Which, for our purposes, is the
+    # MU subclass that called us. Useful information. And it looks like Perl.
+    def extract_caller_name(caller_name)
+      return nil if !caller_name or !caller_name.is_a?(String)
+      mod_root = Regexp.quote("#{ENV['MU_LIBDIR']}/modules/mu/")
+      bin_root = Regexp.quote("#{ENV['MU_INSTALLDIR']}/bin/")
+      caller_name.sub!(/:.*/, "")
+      caller_name.sub!(/^\.\//, "")
+      caller_name.sub!(/^#{mod_root}/, "")
+      caller_name.sub!(/^#{bin_root}/, "")
+      caller_name.sub!(/\.r[ub]$/, "")
+      caller_name.sub!(/#{Regexp.quote(MU.myRoot)}\//, "")
+      caller_name.sub!(/^modules\//, "")
+      caller_name
+    end
     # Output a log message as HTML.
     #
     # @param msg [String]: The log message to print
@@ -256,5 +223,17 @@ module MU
       @handle.puts "<span style='color:#{rgb.css_rgb};'>#{msg}</span>"
     end
+    # wrapper for writing a log entry to multiple filehandles
+    # @param handles [Array<IO>]
+    # @param msgs [Array<String>]
+    def write(handles = [], msgs = [])
+      return if handles.nil? or msgs.nil?
+      handles.each { |h|
+        msgs.each { |m|
+          h.puts m
+        }
+      }
+    end
   end #class
 end #module