RubyGems - cloud-mu - Versions diffs - 3.1.2 → 3.2.0 - Mend

cloud-mu 3.1.2 → 3.2.0

Files changed (201) hide show

checksums.yaml +4 -4
data/Dockerfile +15 -3
data/ansible/roles/mu-windows/README.md +33 -0
data/ansible/roles/mu-windows/defaults/main.yml +2 -0
data/ansible/roles/mu-windows/files/LaunchConfig.json +9 -0
data/ansible/roles/mu-windows/files/config.xml +76 -0
data/ansible/roles/mu-windows/handlers/main.yml +2 -0
data/ansible/roles/mu-windows/meta/main.yml +53 -0
data/ansible/roles/mu-windows/tasks/main.yml +36 -0
data/ansible/roles/mu-windows/tests/inventory +2 -0
data/ansible/roles/mu-windows/tests/test.yml +5 -0
data/ansible/roles/mu-windows/vars/main.yml +2 -0
data/bin/mu-adopt +10 -13
data/bin/mu-azure-tests +57 -0
data/bin/mu-cleanup +2 -4
data/bin/mu-configure +52 -0
data/bin/mu-deploy +3 -3
data/bin/mu-findstray-tests +25 -0
data/bin/mu-gen-docs +2 -4
data/bin/mu-load-config.rb +2 -3
data/bin/mu-node-manage +15 -16
data/bin/mu-run-tests +135 -37
data/cloud-mu.gemspec +22 -20
data/cookbooks/mu-activedirectory/resources/domain.rb +4 -4
data/cookbooks/mu-activedirectory/resources/domain_controller.rb +4 -4
data/cookbooks/mu-tools/libraries/helper.rb +3 -2
data/cookbooks/mu-tools/libraries/monkey.rb +35 -0
data/cookbooks/mu-tools/recipes/apply_security.rb +14 -14
data/cookbooks/mu-tools/recipes/aws_api.rb +9 -0
data/cookbooks/mu-tools/recipes/eks.rb +2 -2
data/cookbooks/mu-tools/recipes/google_api.rb +2 -2
data/cookbooks/mu-tools/recipes/selinux.rb +2 -1
data/cookbooks/mu-tools/recipes/windows-client.rb +163 -164
data/cookbooks/mu-tools/resources/disk.rb +1 -1
data/cookbooks/mu-tools/resources/windows_users.rb +44 -43
data/extras/clean-stock-amis +25 -19
data/extras/generate-stock-images +1 -0
data/extras/image-generators/AWS/win2k12.yaml +18 -13
data/extras/image-generators/AWS/win2k16.yaml +18 -13
data/extras/image-generators/AWS/win2k19.yaml +21 -0
data/extras/image-generators/Google/centos6.yaml +1 -0
data/extras/image-generators/Google/centos7.yaml +1 -1
data/modules/mommacat.ru +6 -16
data/modules/mu.rb +165 -111
data/modules/mu/adoption.rb +401 -68
data/modules/mu/cleanup.rb +199 -306
data/modules/mu/cloud.rb +100 -1632
data/modules/mu/cloud/database.rb +49 -0
data/modules/mu/cloud/dnszone.rb +46 -0
data/modules/mu/cloud/machine_images.rb +212 -0
data/modules/mu/cloud/providers.rb +81 -0
data/modules/mu/cloud/resource_base.rb +920 -0
data/modules/mu/cloud/server.rb +40 -0
data/modules/mu/cloud/server_pool.rb +1 -0
data/modules/mu/cloud/ssh_sessions.rb +228 -0
data/modules/mu/cloud/winrm_sessions.rb +237 -0
data/modules/mu/cloud/wrappers.rb +165 -0
data/modules/mu/config.rb +171 -1767
data/modules/mu/config/alarm.rb +2 -6
data/modules/mu/config/bucket.rb +4 -4
data/modules/mu/config/cache_cluster.rb +1 -1
data/modules/mu/config/collection.rb +4 -4
data/modules/mu/config/container_cluster.rb +9 -4
data/modules/mu/config/database.rb +83 -104
data/modules/mu/config/database.yml +1 -2
data/modules/mu/config/dnszone.rb +6 -6
data/modules/mu/config/doc_helpers.rb +516 -0
data/modules/mu/config/endpoint.rb +4 -4
data/modules/mu/config/firewall_rule.rb +103 -4
data/modules/mu/config/folder.rb +4 -4
data/modules/mu/config/function.rb +3 -3
data/modules/mu/config/group.rb +4 -4
data/modules/mu/config/habitat.rb +4 -4
data/modules/mu/config/loadbalancer.rb +60 -14
data/modules/mu/config/log.rb +4 -4
data/modules/mu/config/msg_queue.rb +4 -4
data/modules/mu/config/nosqldb.rb +4 -4
data/modules/mu/config/notifier.rb +3 -3
data/modules/mu/config/ref.rb +365 -0
data/modules/mu/config/role.rb +4 -4
data/modules/mu/config/schema_helpers.rb +509 -0
data/modules/mu/config/search_domain.rb +4 -4
data/modules/mu/config/server.rb +97 -70
data/modules/mu/config/server.yml +1 -0
data/modules/mu/config/server_pool.rb +5 -9
data/modules/mu/config/storage_pool.rb +1 -1
data/modules/mu/config/tail.rb +200 -0
data/modules/mu/config/user.rb +4 -4
data/modules/mu/config/vpc.rb +70 -27
data/modules/mu/config/vpc.yml +0 -1
data/modules/mu/defaults/AWS.yaml +83 -60
data/modules/mu/defaults/Azure.yaml +1 -0
data/modules/mu/defaults/Google.yaml +3 -2
data/modules/mu/deploy.rb +30 -26
data/modules/mu/groomer.rb +17 -2
data/modules/mu/groomers/ansible.rb +188 -41
data/modules/mu/groomers/chef.rb +116 -55
data/modules/mu/logger.rb +127 -148
data/modules/mu/master.rb +389 -2
data/modules/mu/master/chef.rb +3 -4
data/modules/mu/master/ldap.rb +3 -3
data/modules/mu/master/ssl.rb +12 -3
data/modules/mu/mommacat.rb +217 -2612
data/modules/mu/mommacat/daemon.rb +397 -0
data/modules/mu/mommacat/naming.rb +473 -0
data/modules/mu/mommacat/search.rb +495 -0
data/modules/mu/mommacat/storage.rb +722 -0
data/modules/mu/{clouds → providers}/README.md +1 -1
data/modules/mu/{clouds → providers}/aws.rb +271 -112
data/modules/mu/{clouds → providers}/aws/alarm.rb +5 -3
data/modules/mu/{clouds → providers}/aws/bucket.rb +26 -22
data/modules/mu/{clouds → providers}/aws/cache_cluster.rb +33 -67
data/modules/mu/{clouds → providers}/aws/collection.rb +24 -23
data/modules/mu/{clouds → providers}/aws/container_cluster.rb +681 -721
data/modules/mu/providers/aws/database.rb +1744 -0
data/modules/mu/{clouds → providers}/aws/dnszone.rb +64 -63
data/modules/mu/{clouds → providers}/aws/endpoint.rb +22 -27
data/modules/mu/{clouds → providers}/aws/firewall_rule.rb +214 -244
data/modules/mu/{clouds → providers}/aws/folder.rb +7 -7
data/modules/mu/{clouds → providers}/aws/function.rb +17 -22
data/modules/mu/{clouds → providers}/aws/group.rb +23 -23
data/modules/mu/{clouds → providers}/aws/habitat.rb +17 -14
data/modules/mu/{clouds → providers}/aws/loadbalancer.rb +57 -48
data/modules/mu/{clouds → providers}/aws/log.rb +15 -12
data/modules/mu/{clouds → providers}/aws/msg_queue.rb +17 -16
data/modules/mu/{clouds → providers}/aws/nosqldb.rb +18 -11
data/modules/mu/{clouds → providers}/aws/notifier.rb +11 -6
data/modules/mu/{clouds → providers}/aws/role.rb +112 -86
data/modules/mu/{clouds → providers}/aws/search_domain.rb +39 -33
data/modules/mu/{clouds → providers}/aws/server.rb +835 -1133
data/modules/mu/{clouds → providers}/aws/server_pool.rb +56 -60
data/modules/mu/{clouds → providers}/aws/storage_pool.rb +24 -42
data/modules/mu/{clouds → providers}/aws/user.rb +21 -22
data/modules/mu/{clouds → providers}/aws/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/aws/userdata/linux.erb +0 -0
data/modules/mu/{clouds → providers}/aws/userdata/windows.erb +2 -1
data/modules/mu/{clouds → providers}/aws/vpc.rb +523 -929
data/modules/mu/providers/aws/vpc_subnet.rb +286 -0
data/modules/mu/{clouds → providers}/azure.rb +29 -9
data/modules/mu/{clouds → providers}/azure/container_cluster.rb +3 -8
data/modules/mu/{clouds → providers}/azure/firewall_rule.rb +18 -11
data/modules/mu/{clouds → providers}/azure/habitat.rb +8 -6
data/modules/mu/{clouds → providers}/azure/loadbalancer.rb +5 -5
data/modules/mu/{clouds → providers}/azure/role.rb +8 -10
data/modules/mu/{clouds → providers}/azure/server.rb +95 -48
data/modules/mu/{clouds → providers}/azure/user.rb +6 -8
data/modules/mu/{clouds → providers}/azure/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/azure/userdata/linux.erb +0 -0
data/modules/mu/{clouds → providers}/azure/userdata/windows.erb +0 -0
data/modules/mu/{clouds → providers}/azure/vpc.rb +16 -21
data/modules/mu/{clouds → providers}/cloudformation.rb +18 -7
data/modules/mu/{clouds → providers}/cloudformation/alarm.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/cache_cluster.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/collection.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/database.rb +6 -17
data/modules/mu/{clouds → providers}/cloudformation/dnszone.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/firewall_rule.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/loadbalancer.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/log.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/server.rb +7 -7
data/modules/mu/{clouds → providers}/cloudformation/server_pool.rb +5 -5
data/modules/mu/{clouds → providers}/cloudformation/vpc.rb +5 -7
data/modules/mu/{clouds → providers}/docker.rb +0 -0
data/modules/mu/{clouds → providers}/google.rb +67 -30
data/modules/mu/{clouds → providers}/google/bucket.rb +13 -15
data/modules/mu/{clouds → providers}/google/container_cluster.rb +84 -77
data/modules/mu/{clouds → providers}/google/database.rb +10 -20
data/modules/mu/{clouds → providers}/google/firewall_rule.rb +15 -14
data/modules/mu/{clouds → providers}/google/folder.rb +20 -17
data/modules/mu/{clouds → providers}/google/function.rb +139 -167
data/modules/mu/{clouds → providers}/google/group.rb +29 -34
data/modules/mu/{clouds → providers}/google/habitat.rb +21 -22
data/modules/mu/{clouds → providers}/google/loadbalancer.rb +18 -20
data/modules/mu/{clouds → providers}/google/role.rb +92 -58
data/modules/mu/{clouds → providers}/google/server.rb +242 -155
data/modules/mu/{clouds → providers}/google/server_pool.rb +25 -44
data/modules/mu/{clouds → providers}/google/user.rb +95 -31
data/modules/mu/{clouds → providers}/google/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/google/userdata/linux.erb +0 -0
data/modules/mu/{clouds → providers}/google/userdata/windows.erb +0 -0
data/modules/mu/{clouds → providers}/google/vpc.rb +103 -79
data/modules/tests/bucket.yml +4 -0
data/modules/tests/centos6.yaml +11 -0
data/modules/tests/centos7.yaml +11 -0
data/modules/tests/centos8.yaml +12 -0
data/modules/tests/ecs.yaml +23 -0
data/modules/tests/includes-and-params.yaml +2 -1
data/modules/tests/rds.yaml +108 -0
data/modules/tests/regrooms/aws-iam.yaml +201 -0
data/modules/tests/regrooms/bucket.yml +19 -0
data/modules/tests/regrooms/rds.yaml +123 -0
data/modules/tests/server-with-scrub-muisms.yaml +1 -0
data/modules/tests/super_simple_bok.yml +1 -3
data/modules/tests/win2k12.yaml +17 -5
data/modules/tests/win2k16.yaml +25 -0
data/modules/tests/win2k19.yaml +25 -0
data/requirements.txt +1 -0
data/spec/mu/clouds/azure_spec.rb +2 -2
metadata +232 -154
data/extras/image-generators/AWS/windows.yaml +0 -18
data/modules/mu/clouds/aws/database.rb +0 -1985

data/modules/mu/groomers/chef.rb CHANGED

@@ -35,6 +35,12 @@ module MU
         end
       }
+      # Are the Chef libraries present and accounted for?
+      def self.available?(windows = false)
+        loadChefLib
+        @chefloaded
+      end
       @chefloaded = false
       @chefload_semaphore = Mutex.new
       # Autoload is too brain-damaged to get Chef's subclasses/submodules, so
@@ -184,13 +190,13 @@ module MU
         if !item.nil?
           begin
             loaded = ::ChefVault::Item.load(vault, item)
-          rescue ::ChefVault::Exceptions::KeysNotFound => e
+          rescue ::ChefVault::Exceptions::KeysNotFound
             raise MuNoSuchSecret, "Can't load the Chef Vault #{vault}:#{item}. Does it exist? Chef user: #{MU.chef_user}"
           end
         else
           # If we didn't ask for a particular item, list what we have.
           begin
-            loaded = ::Chef::DataBag.load(vault).keys.select { |k, v| !k.match(/_keys$/) }
+            loaded = ::Chef::DataBag.load(vault).keys.select { |k| !k.match(/_keys$/) }
           rescue Net::HTTPServerException
             raise MuNoSuchSecret, "Failed to retrieve Vault #{vault}"
           end
@@ -258,7 +264,6 @@ module MU
           knifeAddToRunList(multiple: @config['run_list'])
         end
-        pending_reboot_count = 0
         chef_node = ::Chef::Node.load(@server.mu_name)
         if !@config['application_attributes'].nil?
           MU.log "Setting node:#{@server.mu_name} application_attributes", MU::DEBUG, details: @config['application_attributes']
@@ -300,7 +305,7 @@ module MU
               cmd = "#{upgrade_cmd} chef-client --color || echo #{error_signal}"
             end
             Timeout::timeout(timeout) {
-              retval = ssh.exec!(cmd) { |ch, stream, data|
+              ssh.exec!(cmd) { |_ch, _stream, data|
                 extra_logfile = if Dir.exist?(@server.deploy.deploy_dir)
                   File.open(@server.deploy.deploy_dir+"/log", "a")
                 end
@@ -330,7 +335,7 @@ module MU
             }
           else
             MU.log "Invoking Chef over WinRM on #{@server.mu_name}: #{purpose}"
-            winrm = @server.getWinRMSession(haveBootstrapped? ? 1 : max_retries)
+            winrm = @server.getWinRMSession(haveBootstrapped? ? 2 : max_retries)
             if @server.windows? and @server.windowsRebootPending?(winrm)
               # Windows frequently gets stuck here
               if retries > 5
@@ -363,7 +368,7 @@ module MU
             }
             if resp.exitcode == 1 and output_lines.join("\n").match(/Chef Client finished/)
-              MU.log "resp.exit code 1"
+              MU.log output_lines.last
             elsif resp.exitcode != 0
               raise MU::Cloud::BootstrapTempFail if resp.exitcode == 35 or output_lines.join("\n").match(/REBOOT_SCHEDULED| WARN: Reboot requested:|Rebooting server at a recipe's request|Chef::Exceptions::Reboot/)
               raise MU::Groomer::RunError, output_lines.slice(output_lines.length-50, output_lines.length).join("")
@@ -380,7 +385,7 @@ module MU
             sleep 30
           end
           retry
-        rescue RuntimeError, SystemCallError, Timeout::Error, SocketError, Errno::ECONNRESET, IOError, Net::SSH::Exception, MU::Groomer::RunError, WinRM::WinRMError, MU::MuError => e
+        rescue SystemExit, Timeout::Error, MU::Cloud::BootstrapTempFail, Net::HTTPServerException, HTTPClient::ConnectTimeoutError, WinRM::WinRMError, Net::SSH::AuthenticationFailed, Net::SSH::Disconnect, Net::SSH::ConnectionTimeout, Net::SSH::Proxy::ConnectError, Net::SSH::Exception, Errno::ECONNRESET, Errno::EHOSTUNREACH, Errno::ECONNREFUSED, Errno::EPIPE, SocketError, IOError => e
           begin
             ssh.close if !ssh.nil?
           rescue Net::SSH::Exception, IOError => e
@@ -390,6 +395,8 @@ module MU
               MU.log "ssh session to #{@server.mu_name} was closed unexpectedly, waiting before trying again", MU::NOTICE
             end
             sleep 10
+          rescue StandardError => e
+            MU.log "Error I don't recognize closing ssh tunnel", MU::WARN, details: e.inspect
           end
           if e.instance_of?(MU::Groomer::RunError) and retries == 0 and max_retries > 1 and purpose != "Base Windows configuration"
             MU.log "Got a run error, will attempt to install/update Chef Client on next attempt", MU::NOTICE
@@ -404,7 +411,7 @@ module MU
               begin
                 preClean(true) # drop any Chef install that's not ours
                 @server.reboot # try gently rebooting the thing
-              rescue Exception => e # it's ok to fail here (and to ignore failure)
+              rescue StandardError => e # it's ok to fail here (and to ignore failure)
                 MU.log "preclean err #{e.inspect}", MU::ERR
               end
               reboot_first_fail = false
@@ -414,9 +421,9 @@ module MU
           if retries < max_retries
             retries += 1
             MU.log "#{@server.mu_name}: Chef run '#{purpose}' failed after #{Time.new - runstart} seconds, retrying (#{retries}/#{max_retries})", MU::WARN, details: e.message.dup
-            if purpose != "Base Windows configuration"
-              windows_try_ssh = !windows_try_ssh
-            end
+#            if purpose != "Base Windows configuration"
+#              windows_try_ssh = !windows_try_ssh
+#            end
             if e.is_a?(WinRM::WinRMError)
               if @server.windows? and retries >= 3 and retries % 3 == 0
                 # Mix in a hard reboot if WinRM isn't answering
@@ -429,7 +436,7 @@ module MU
             @server.deploy.sendAdminSlack("Chef run '#{purpose}' failed on `#{@server.mu_name}` :crying_cat_face:", msg: e.message)
             raise MU::Groomer::RunError, "#{@server.mu_name}: Chef run '#{purpose}' failed #{max_retries} times, last error was: #{e.message}"
           end
-        rescue Exception => e
+        rescue StandardError => e
           @server.deploy.sendAdminSlack("Chef run '#{purpose}' failed on `#{@server.mu_name}` :crying_cat_face:", msg: e.inspect)
           raise MU::Groomer::RunError, "Caught unexpected #{e.inspect} on #{@server.mu_name} in @groomer.run at #{e.backtrace[0]}"
@@ -443,8 +450,8 @@ module MU
       def splunkVaultInit
         self.class.loadChefLib
         begin
-          loaded = ::ChefVault::Item.load("splunk", "admin_user")
-        rescue ::ChefVault::Exceptions::KeysNotFound => e
+          ::ChefVault::Item.load("splunk", "admin_user")
+        rescue ::ChefVault::Exceptions::KeysNotFound
           pw = Password.pronounceable(12..14)
           creds = {
             "username" => "admin",
@@ -550,7 +557,7 @@ module MU
             winrm = @server.getWinRMSession(1, 30, winrm_retries: 2)
             pp winrm.run(cmd)
             return
-          rescue Net::SSH::Disconnect, SystemCallError, Timeout::Error, Errno::ECONNRESET, Errno::EHOSTUNREACH, Net::SSH::Proxy::ConnectError, SocketError, Net::SSH::Disconnect, Net::SSH::AuthenticationFailed, IOError, Net::HTTPServerException, SystemExit, Errno::ECONNREFUSED, Errno::EPIPE, WinRM::WinRMError, HTTPClient::ConnectTimeoutError, RuntimeError, MU::Cloud::BootstrapTempFail, MU::MuError => e
+          rescue SystemExit, Timeout::Error, MU::Cloud::BootstrapTempFail, MU::MuError, Net::HTTPServerException, HTTPClient::ConnectTimeoutError, WinRM::WinRMError, Net::SSH::AuthenticationFailed, Net::SSH::Disconnect, Net::SSH::ConnectionTimeout, Net::SSH::Proxy::ConnectError, Net::SSH::Exception, Errno::ECONNRESET, Errno::EHOSTUNREACH, Errno::ECONNREFUSED, Errno::EPIPE, SocketError, IOError
             MU.log "WinRM failure attempting Chef upgrade on #{@server.mu_name}, will fall back to ssh", MU::WARN
             cmd = %Q{powershell.exe -inputformat none -noprofile "#{cmd}"}
           end
@@ -558,7 +565,7 @@ module MU
         MU.log "Attempting Chef upgrade via ssh on #{@server.mu_name}", MU::NOTICE, details: cmd
         ssh = @server.getSSHSession(1)
-        retval = ssh.exec!(cmd) { |ch, stream, data|
+        ssh.exec!(cmd) { |_ch, _stream, data|
           puts data
         }
       end
@@ -580,7 +587,7 @@ module MU
           @config['cleaned_chef'] = true
         end
-        nat_ssh_key, nat_ssh_user, nat_ssh_host, canonical_addr, ssh_user, ssh_key_name = @server.getSSHConfig
+        _nat_ssh_key, _nat_ssh_user, _nat_ssh_host, canonical_addr, ssh_user, ssh_key_name = @server.getSSHConfig
         MU.log "Bootstrapping #{@server.mu_name} (#{canonical_addr}) with knife"
@@ -593,11 +600,12 @@ module MU
           json_attribs['skipinitialupdates'] = @config['skipinitialupdates']
         end
-        if !@config['vault_access'].nil?
-          vault_access = @config['vault_access']
-        else
-          vault_access = []
-        end
+# XXX this seems to break Knife Bootstrap
+#        vault_access = if !@config['vault_access'].nil?
+#          @config['vault_access']
+#        else
+#          []
+#        end
         @server.windows? ? max_retries = 25 : max_retries = 10
         @server.windows? ? timeout = 1800 : timeout = 300
@@ -617,13 +625,20 @@ module MU
             kb.name_args = [@server.mu_name]
             kb.config[:manual] = true
             kb.config[:winrm_transport] = :ssl
-            kb.config[:host] = @server.mu_name
             kb.config[:winrm_port] = 5986
             kb.config[:session_timeout] = timeout
             kb.config[:operation_timeout] = timeout
-            kb.config[:winrm_authentication_protocol] = :cert
-            kb.config[:winrm_client_cert] = "#{MU.mySSLDir}/#{@server.mu_name}-winrm.crt"
-            kb.config[:winrm_client_key] = "#{MU.mySSLDir}/#{@server.mu_name}-winrm.key"
+            if retries % 2 == 0
+              kb.config[:host] = canonical_addr
+              kb.config[:winrm_authentication_protocol] = :basic
+              kb.config[:winrm_user] = @server.config['windows_admin_username']
+              kb.config[:winrm_password] = @server.getWindowsAdminPassword
+            else
+              kb.config[:host] = @server.mu_name
+              kb.config[:winrm_authentication_protocol] = :cert
+              kb.config[:winrm_client_cert] = "#{MU.mySSLDir}/#{@server.mu_name}-winrm.crt"
+              kb.config[:winrm_client_key] = "#{MU.mySSLDir}/#{@server.mu_name}-winrm.key"
+            end
 #          kb.config[:ca_trust_file] = "#{MU.mySSLDir}/Mu_CA.pem"
             # XXX ca_trust_file doesn't work for some reason, so we have to set the below for now
             kb.config[:winrm_ssl_verify_mode] = :verify_none
@@ -658,7 +673,7 @@ module MU
           }
           # throws Net::HTTPServerException if we haven't really bootstrapped
           ::Chef::Node.load(@server.mu_name)
-        rescue Net::SSH::Disconnect, SystemCallError, Timeout::Error, Errno::ECONNRESET, Errno::EHOSTUNREACH, Net::SSH::Proxy::ConnectError, SocketError, Net::SSH::Disconnect, Net::SSH::AuthenticationFailed, IOError, Net::HTTPServerException, SystemExit, Errno::ECONNREFUSED, Errno::EPIPE, WinRM::WinRMError, HTTPClient::ConnectTimeoutError, RuntimeError, MU::Cloud::BootstrapTempFail, Net::SSH::Exception, Net::SSH::ConnectionTimeout => e
+        rescue SystemExit, Timeout::Error, MU::Cloud::BootstrapTempFail, Net::HTTPServerException, HTTPClient::ConnectTimeoutError, WinRM::WinRMError, Net::SSH::AuthenticationFailed, Net::SSH::Disconnect, Net::SSH::ConnectionTimeout, Net::SSH::Proxy::ConnectError, Net::SSH::Exception, Errno::ECONNRESET, Errno::EHOSTUNREACH, Errno::ECONNREFUSED, Errno::EPIPE, SocketError, IOError => e
           if retries < max_retries
             retries += 1
             # Bad Chef installs are possible culprits of bootstrap failures, so
@@ -671,9 +686,9 @@ module MU
                !@config['forced_preclean']
               begin
                 preClean(false) # it's ok for this to fail
-              rescue Exception => e
+              rescue StandardError => e
               end
-              MU::Groomer::Chef.cleanup(@server.mu_name, nodeonly: true)
+              MU::Groomer::Chef.purge(@server.mu_name, nodeonly: true)
               @config['forced_preclean'] = true
               @server.reboot if @server.windows? # *sigh*
             end
@@ -683,7 +698,7 @@ module MU
           else
             raise MuError, "#{@server.mu_name}: Knife Bootstrap failed too many times with #{e.inspect}"
           end
-        rescue Exception => e
+        rescue StandardError => e
 MU.log e.inspect, MU::ERR, details: e.backtrace
 sleep 10*retries
 retry
@@ -700,7 +715,7 @@ retry
           end
         }
         knifeAddToRunList("role[mu-node]")
-        knifeAddToRunList("mu-tools::selinux")
+        knifeAddToRunList("recipe[mu-tools::selinux]")
         grantSecretAccess(@server.mu_name, "windows_credentials") if @server.windows?
         grantSecretAccess(@server.mu_name, "ssl_cert")
@@ -748,7 +763,7 @@ retry
           return
         end
-        @server.describe(update_cache: true) # Make sure we're fresh
+        @server.describe
         saveChefMetadata
         begin
           chef_node = ::Chef::Node.load(@server.mu_name)
@@ -785,17 +800,57 @@ retry
             chef_node.save
           end
           return chef_node['deployment']
-        rescue Net::HTTPServerException => e
+        rescue Net::HTTPServerException
           MU.log "Attempted to save deployment to Chef node #{@server.mu_name} before it was bootstrapped.", MU::DEBUG
         end
       end
+      # Purge Chef resources matching a particular deploy
+      # @param deploy_id [String]
+      # @param noop [Boolean]
+      def self.cleanup(deploy_id, noop = false)
+        return nil if deploy_id.nil? or deploy_id.empty?
+        begin
+          if File.exist?(Etc.getpwuid(Process.uid).dir+"/.chef/knife.rb")
+            ::Chef::Config.from_file(Etc.getpwuid(Process.uid).dir+"/.chef/knife.rb")
+          end
+          deadnodes = []
+          ::Chef::Config[:environment] ||= MU.environment
+          q = ::Chef::Search::Query.new
+          begin
+            q.search("node", "tags_MU-ID:#{deploy_id}").each { |item|
+              next if item.is_a?(Integer)
+              item.each { |node|
+                deadnodes << node.name
+              }
+            }
+          rescue Net::HTTPServerException
+          end
+          begin
+            q.search("node", "name:#{deploy_id}-*").each { |item|
+              next if item.is_a?(Integer)
+              item.each { |node|
+                deadnodes << node.name
+              }
+            }
+          rescue Net::HTTPServerException
+          end
+          MU.log "Missed some Chef resources in node cleanup, purging now", MU::NOTICE if deadnodes.size > 0
+          deadnodes.uniq.each { |node|
+            MU::Groomer::Chef.purge(node, [], noop)
+          }
+        rescue LoadError
+        end
+      end
       # Expunge Chef resources associated with a node.
       # @param node [String]: The Mu name of the node in question.
       # @param vaults_to_clean [Array<Hash>]: Some vaults to expunge
       # @param noop [Boolean]: Skip actual deletion, just state what we'd do
       # @param nodeonly [Boolean]: Just delete the node and its keys, but leave other artifacts
-      def self.cleanup(node, vaults_to_clean = [], noop = false, nodeonly: false)
+      def self.purge(node, vaults_to_clean = [], noop = false, nodeonly: false)
         loadChefLib
         MU.log "Deleting Chef resources associated with #{node}"
         if !nodeonly
@@ -804,7 +859,7 @@ retry
             MU.log "knife vault remove #{vault['vault']} #{vault['item']} --search name:#{node}", MU::NOTICE
             begin
               ::Chef::Knife.run(['vault', 'remove', vault['vault'], vault['item'], "--search", "name:#{node}"]) if !noop
-            rescue Exception => e
+            rescue StandardError => e
               MU.log "Error removing vault access for #{node} from #{vault['vault']} #{vault['item']}", MU::ERR, details: e.inspect
             end
             MU::MommaCat.unlock("vault-#{vault['vault']}")
@@ -858,7 +913,7 @@ retry
                   ::Chef::Knife.run(['vault', 'refresh', vault['vault'], vault['item']])
                 end
               end
-            rescue JSON::ParserError => e
+            rescue JSON::ParserError
               MU.log "Error parsing JSON from data bag #{vault['vault']} #{vault['item']}_keys, skipping vault client cleanse", MU::WARN
             end
           end
@@ -887,18 +942,34 @@ retry
         MU.log "Granting #{host} access to #{vault} #{item}"
         begin
           ::Chef::Knife.run(['vault', 'update', vault, item, "--search", "name:#{host}"])
-        rescue Exception => e
+        rescue StandardError => e
           MU.log e.inspect, MU::ERR, details: caller
         end
         MU::MommaCat.unlock("vault-#{vault}", true)
       end
+      # Execute a +knife+ command, and return its exit status and output
+      # @param cmd [String]: The knife subcommand to run, such as +vault list+
+      # @param showoutput [String]: Print the results to stdout
+      # @return [Array<Integer,String>]
+      def self.knifeCmd(cmd, showoutput = false)
+        MU.log "knife #{cmd}", MU::NOTICE if showoutput
+        output = `#{MU::Groomer::Chef.knife} #{cmd}`
+        exitstatus = $?.exitstatus
+        if showoutput
+          puts output
+          puts "Exit status: #{exitstatus}"
+        end
+        return [exitstatus, output]
+      end
       private
       # Save common Mu attributes to this node's Chef node structure.
       def saveChefMetadata
         self.class.loadChefLib
-        nat_ssh_key, nat_ssh_user, nat_ssh_host, canonical_addr, ssh_user, ssh_key_name = @server.getSSHConfig
+        @server.getSSHConfig # why though
         MU.log "Saving #{@server.mu_name} Chef artifacts"
         begin
@@ -998,7 +1069,7 @@ retry
           deploy = MU::MommaCat.getLitter(MU.deploy_id, use_cache: false)
           @config['dependencies'].each{ |dep|
             if dep['type'] == "database" && deploy.deployment.has_key?("databases") && deploy.deployment["databases"].has_key?(dep['name'])
-                deploy.deployment["databases"][dep['name']].each { |name, database|
+                deploy.deployment["databases"][dep['name']].values.each { |database|
                 grantSecretAccess(database['vault_name'], database['vault_item']) if database.has_key?("vault_name") && database.has_key?("vault_item")
               }
             end
@@ -1019,18 +1090,6 @@ retry
         @secrets_granted["#{vault}:#{item}"] = item
       end
-      def self.knifeCmd(cmd, showoutput = false)
-        MU.log "knife #{cmd}", MU::NOTICE if showoutput
-        output = `#{MU::Groomer::Chef.knife} #{cmd}`
-        exitstatus = $?.exitstatus
-        if showoutput
-          puts output
-          puts "Exit status: #{exitstatus}"
-        end
-        return [exitstatus, output]
-      end
       def knifeCmd(cmd, showoutput = false)
         self.class.knifeCmd(cmd, showoutput)
       end
@@ -1063,9 +1122,11 @@ retry
         if multiple.size == 0
           multiple = [rl_entry]
         end
-        multiple.each { |entry|
+        multiple.map! { |entry|
           if !entry.match(/^role|recipe\[/)
-            entry = "#{type}[#{entry}]"
+            "#{type}[#{entry}]"
+          else
+            entry
           end
         }
@@ -1110,8 +1171,8 @@ retry
           MU.log("Adding #{rl_string} to Chef run_list of #{@server.mu_name}")
           MU.log("Running #{query}", MU::DEBUG)
           output=%x{#{query}}
-            # XXX rescue Exception is bad style
-        rescue Exception => e
+            # XXX rescue StandardError is bad style
+        rescue StandardError => e
           raise MuError, "FAIL: #{MU::Groomer::Chef.knife} node run_list add #{@server.mu_name} \"#{rl_string}\": #{e.message} (output was #{output})"
         end
       end

data/modules/mu/logger.rb CHANGED

@@ -33,6 +33,33 @@ module MU
     # Show DEBUG log entries and extra call stack and threading info
     LOUD = 2.freeze
+    # stash a hash map for color outputs
+    COLORMAP = {
+      MU::DEBUG => { :html => "orange", :ansi => :yellow },
+      MU::INFO => { :html => "green", :ansi => :green },
+      MU::NOTICE => { :html => "yellow", :ansi => :yellow },
+      MU::WARN => { :html => "orange", :ansi => :light_red },
+      MU::ERR => { :html => "red", :ansi => :red }
+    }.freeze
+    # minimum log verbosity at which we'll print various types of messages
+    PRINT_MSG_IF = {
+      MU::DEBUG => { :msg => LOUD, :details => LOUD },
+      MU::INFO => { :msg => NORMAL, :details => LOUD },
+      MU::NOTICE => { :msg => nil, :details => QUIET },
+      MU::WARN => { :msg => nil, :details => SILENT },
+      MU::ERR => { :msg => nil, :details => nil }
+    }.freeze
+    # Syslog equivalents of our log levels
+    SYSLOG_MAP = {
+      MU::DEBUG => Syslog::LOG_DEBUG,
+      MU::INFO => Syslog::LOG_NOTICE,
+      MU::NOTICE => Syslog::LOG_NOTICE,
+      MU::WARN => Syslog::LOG_WARNING,
+      MU::ERR => Syslog::LOG_ERR
+    }.freeze
     attr_accessor :verbosity
     @verbosity = MU::Logger::NORMAL
     @quiet = false
@@ -66,66 +93,38 @@ module MU
     def log(msg,
             level=INFO,
             details: nil,
-            html: @html,
-            verbosity: @verbosity,
-            handle: @handle,
-            color: @color,
+            html: nil,
+            verbosity: nil,
+            handle: nil,
+            color: nil,
             deploy: MU.mommacat
     )
       verbosity ||= @verbosity
-      return if verbosity == MU::Logger::SILENT
-      return if verbosity < MU::Logger::LOUD and level == DEBUG
-      return if verbosity < MU::Logger::NORMAL and level == INFO
+      html ||= @html
+      handle ||= @handle
+      color ||= @color
-      # By which we mean, "get the filename (with the .rb stripped off) which
-      # originated the call to this method. Which, for our purposes, is the
-      # MU subclass that called us. Useful information. And it looks like Perl.
-      mod_root = Regexp.quote("#{ENV['MU_LIBDIR']}/modules/mu/")
-      bin_root = Regexp.quote("#{ENV['MU_INSTALLDIR']}/bin/")
-      caller_name = caller[1]
+      if verbosity == MU::Logger::SILENT or (verbosity < MU::Logger::LOUD and level == DEBUG) or (verbosity < MU::Logger::NORMAL and level == INFO)
+        return
+      end
-      caller_name.sub!(/:.*/, "")
-      caller_name.sub!(/^\.\//, "")
-      caller_name.sub!(/^#{mod_root}/, "")
-      caller_name.sub!(/^#{bin_root}/, "")
-      caller_name.sub!(/\.r[ub]$/, "")
-      caller_name.sub!(/#{Regexp.quote(MU.myRoot)}\//, "")
-      caller_name.sub!(/^modules\//, "")
+      if level == SUMMARY
+        @summary << msg
+        return
+      end
+      caller_name = extract_caller_name(caller[1])
       time = Time.now.strftime("%b %d %H:%M:%S").to_s
       Syslog.open("Mu/"+caller_name, Syslog::LOG_PID, Syslog::LOG_DAEMON | Syslog::LOG_LOCAL3) if !Syslog.opened?
-      if !details.nil?
-        if details.is_a?(Hash) and details.has_key?(:details)
-          details = details[:details]
-        end
-        details = PP.pp(details, '') if !details.is_a?(String)
-      end
-      details = "<pre>"+details+"</pre>" if @html
-      # We get passed literal quoted newlines sometimes, fix 'em. Get Windows'
-      # ugly line feeds too.
-      if !details.nil?
-        details = details.dup # in case it's frozen or something
-        details.gsub!(/\\n/, "\n")
-        details.gsub!(/(\\r|\r)/, "")
-      end
+      details = format_details(details, html)
       msg = msg.first if msg.is_a?(Array)
       msg = "" if msg == nil
       msg = msg.to_s if !msg.is_a?(String) and msg.respond_to?(:to_s)
-      # wrapper for writing a log entry to multiple filehandles
-      # @param handles [Array<IO>]
-      # @param msgs [Array<String>]
-      def write(handles = [], msgs = [])
-        return if handles.nil? or msgs.nil?
-        handles.each { |h|
-          msgs.each { |m|
-            h.puts m
-          }
-        }
-      end
       @@log_semaphere.synchronize {
         handles = [handle]
         extra_logfile = if deploy and deploy.deploy_dir and Dir.exist?(deploy.deploy_dir)
@@ -134,110 +133,41 @@ module MU
         handles << extra_logfile if extra_logfile
         msgs = []
-        case level
-          when SUMMARY
-            @summary << msg
-          when DEBUG
-            if verbosity >= MU::Logger::LOUD
-              if @html
-                html_out "#{time} - #{caller_name} - #{msg}", "orange"
-                html_out "&nbsp;#{details}" if details
-              elsif color
-                msgs << "#{time} - #{caller_name} - #{msg}".yellow.on_black
-                msgs << "#{details}".white.on_black if details
-              else
-                msgs << "#{time} - #{caller_name} - #{msg}"
-                msgs << "#{details}" if details
-              end
-              Syslog.log(Syslog::LOG_DEBUG, msg.gsub(/%/, ''))
-              Syslog.log(Syslog::LOG_DEBUG, details.gsub(/%/, '')) if details
-            end
-          when INFO
-            if verbosity >= MU::Logger::NORMAL
-              if @html
-                html_out "#{time} - #{caller_name} - #{msg}", "green"
-              elsif color
-                msgs << "#{time} - #{caller_name} - #{msg}".green.on_black
-              else
-                msgs << "#{time} - #{caller_name} - #{msg}"
-              end
-              if verbosity >= MU::Logger::LOUD
-                if @html
-                  html_out "&nbsp;#{details}"
-                elsif color
-                  msgs << "#{details}".white.on_black if details
-                else
-                  msgs << "#{details}" if details
-                end
-              end
-              Syslog.log(Syslog::LOG_NOTICE, msg.gsub(/%/, ''))
-              Syslog.log(Syslog::LOG_NOTICE, details.gsub(/%/, '')) if details
-            end
-          when NOTICE
-            if @html
-              html_out "#{time} - #{caller_name} - #{msg}", "yellow"
-            elsif color
-              msgs << "#{time} - #{caller_name} - #{msg}".yellow.on_black
-            else
-              msgs << "#{time} - #{caller_name} - #{msg}"
-            end
-            if verbosity >= MU::Logger::QUIET
-              if @html
-                html_out "#{caller_name} - #{msg}"
-              elsif color
-                msgs << "#{details}".white.on_black if details
-              else
-                msgs << "#{details}" if details
-              end
-            end
-            Syslog.log(Syslog::LOG_NOTICE, msg.gsub(/%/, ''))
-            Syslog.log(Syslog::LOG_NOTICE, details.gsub(/%/, '')) if details
-          when WARN
-            if @html
-              html_out "#{time} - #{caller_name} - #{msg}", "orange"
-            elsif color
-              msgs << "#{time} - #{caller_name} - #{msg}".light_red.on_black
-            else
-              msgs << "#{time} - #{caller_name} - #{msg}"
-            end
-            if verbosity >= MU::Logger::SILENT
-              if @html
-                html_out "#{caller_name} - #{msg}"
-              elsif color
-                msgs << "#{details}".white.on_black if details
-              else
-                msgs << "#{details}" if details
-              end
-            end
-            Syslog.log(Syslog::LOG_WARNING, msg.gsub(/%/, ''))
-            Syslog.log(Syslog::LOG_WARNING, details.gsub(/%/, '')) if details
-          when ERR
-            if @html
-              html_out "#{time} - #{caller_name} - #{msg}", "red"
-              html_out "&nbsp;#{details}" if details
-            elsif color
-              msgs << "#{time} - #{caller_name} - #{msg}".red.on_black
-              msgs << "#{details}".white.on_black if details
-            else
-              msgs << "#{time} - #{caller_name} - #{msg}"
-              msgs << "#{details}" if details
-            end
-            Syslog.log(Syslog::LOG_ERR, msg.gsub(/%/, ''))
-            Syslog.log(Syslog::LOG_ERR, details.gsub(/%/, '')) if details
+        if !PRINT_MSG_IF[level][:msg] or level >= PRINT_MSG_IF[level][:msg]
+          if html
+            html_out "#{time} - #{caller_name} - #{msg}", COLORMAP[level][:html]
+          else
+            str = "#{time} - #{caller_name} - #{msg}"
+            str = str.send(COLORMAP[level][:ansi]).on_black if color
+            msgs << str
+          end
+          Syslog.log(SYSLOG_MAP[level], msg.gsub(/%/, ''))
+        end
+        if details and (!PRINT_MSG_IF[level][:details] or level >= PRINT_MSG_IF[level][:details])
+          if html
+            html_out "&nbsp;#{details}"
           else
-            if @html
-              html_out "#{time} - #{caller_name} - #{msg}"
-              html_out "&nbsp;#{details}" if details
-            elsif color
-              msgs << "#{time} - #{caller_name} - #{msg}".white.on_black
-              msgs << "#{details}".white.on_black if details
-            else
-              msgs << "#{time} - #{caller_name} - #{msg}"
-              msgs << "#{details}" if details
-            end
-            Syslog.log(Syslog::LOG_NOTICE, msg.gsub(/%/, ''))
-            Syslog.log(Syslog::LOG_NOTICE, details.gsub(/%/, '')) if details
+            details = details.white.on_black if color
+            msgs << details
+          end
+          Syslog.log(SYSLOG_MAP[level], details.gsub(/%/, ''))
         end
+#          else
+#            if html
+#              html_out "#{time} - #{caller_name} - #{msg}"
+#              html_out "&nbsp;#{details}" if details
+#            elsif color
+#              msgs << "#{time} - #{caller_name} - #{msg}".white.on_black
+#              msgs << "#{details}".white.on_black if details
+#            else
+#              msgs << "#{time} - #{caller_name} - #{msg}"
+#              msgs << "#{details}" if details
+#            end
+#            Syslog.log(Syslog::LOG_NOTICE, msg.gsub(/%/, ''))
+#            Syslog.log(Syslog::LOG_NOTICE, details.gsub(/%/, '')) if details
         write(handles, msgs)
         extra_logfile.close if extra_logfile
@@ -247,6 +177,43 @@ module MU
     private
+    def format_details(details, html = false)
+      return if details.nil?
+      if details.is_a?(Hash) and details.has_key?(:details)
+        details = details[:details]
+      end
+      details = PP.pp(details, '') if !details.is_a?(String)
+      details = "<pre>"+details+"</pre>" if html
+      # We get passed literal quoted newlines sometimes, fix 'em. Get Windows'
+      # ugly line feeds too.
+      details = details.dup # in case it's frozen or something
+      details.gsub!(/\\n/, "\n")
+      details.gsub!(/(\\r|\r)/, "")
+      details
+    end
+    # By which we mean, "get the filename (with the .rb stripped off) which
+    # originated the call to this method. Which, for our purposes, is the
+    # MU subclass that called us. Useful information. And it looks like Perl.
+    def extract_caller_name(caller_name)
+      return nil if !caller_name or !caller_name.is_a?(String)
+      mod_root = Regexp.quote("#{ENV['MU_LIBDIR']}/modules/mu/")
+      bin_root = Regexp.quote("#{ENV['MU_INSTALLDIR']}/bin/")
+      caller_name.sub!(/:.*/, "")
+      caller_name.sub!(/^\.\//, "")
+      caller_name.sub!(/^#{mod_root}/, "")
+      caller_name.sub!(/^#{bin_root}/, "")
+      caller_name.sub!(/\.r[ub]$/, "")
+      caller_name.sub!(/#{Regexp.quote(MU.myRoot)}\//, "")
+      caller_name.sub!(/^modules\//, "")
+      caller_name
+    end
     # Output a log message as HTML.
     #
     # @param msg [String]: The log message to print
@@ -256,5 +223,17 @@ module MU
       @handle.puts "<span style='color:#{rgb.css_rgb};'>#{msg}</span>"
     end
+    # wrapper for writing a log entry to multiple filehandles
+    # @param handles [Array<IO>]
+    # @param msgs [Array<String>]
+    def write(handles = [], msgs = [])
+      return if handles.nil? or msgs.nil?
+      handles.each { |h|
+        msgs.each { |m|
+          h.puts m
+        }
+      }
+    end
   end #class
 end #module