cloud-mu 3.1.2beta2 → 3.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/cloud-mu.gemspec +1 -1
- data/extras/clean-stock-amis +0 -0
- data/extras/generate-stock-images +0 -0
- data/extras/list-stock-amis +0 -0
- data/extras/vault_tools/export_vaults.sh +0 -0
- data/extras/vault_tools/recreate_vaults.sh +0 -0
- data/extras/vault_tools/test_vaults.sh +0 -0
- data/modules/mu/cleanup.rb +12 -8
- metadata +17 -23
- data/Berksfile.lock +0 -179
- data/bin/mu-azure-tests +0 -46
- data/cookbooks/mu-tools/files/default/Mu_CA.pem +0 -33
- data/modules/mu/kittens.rb +0 -22134
- data/modules/mu/mu.yaml.rb +0 -282
data/modules/mu/mu.yaml.rb
DELETED
@@ -1,282 +0,0 @@
|
|
1
|
-
# Configuration schema for mu.yaml. See also {https://github.com/cloudamatic/mu/wiki/Configuration the Mu wiki}.
|
2
|
-
#
|
3
|
-
# Example:
|
4
|
-
#
|
5
|
-
# <pre>
|
6
|
-
# ---
|
7
|
-
# public_address: 1.2.3.4
|
8
|
-
# mu_admin_email: egtlabs@eglobaltech.com
|
9
|
-
# mu_admin_name: Joe Schmoe
|
10
|
-
# mommacat_port: 2260
|
11
|
-
# banner: My Example Mu Master
|
12
|
-
# mu_repository: git://github.com/cloudamatic/mu.git
|
13
|
-
# repos:
|
14
|
-
# - https://github.com/cloudamatic/mu_demo_platform
|
15
|
-
# allow_invade_foreign_vpcs: true
|
16
|
-
# ansible_dir:
|
17
|
-
# aws:
|
18
|
-
# egtdev:
|
19
|
-
# region: us-east-1
|
20
|
-
# log_bucket_name: egt-mu-log-bucket
|
21
|
-
# default: true
|
22
|
-
# name: egtdev
|
23
|
-
# personal:
|
24
|
-
# region: us-east-2
|
25
|
-
# log_bucket_name: my-mu-log-bucket
|
26
|
-
# name: personal
|
27
|
-
# google:
|
28
|
-
# egtlabs:
|
29
|
-
# project: egt-labs-admin
|
30
|
-
# credentials_file: /opt/mu/etc/google.json
|
31
|
-
# region: us-east4
|
32
|
-
# log_bucket_name: hexabucket-761234
|
33
|
-
# default: true
|
34
|
-
# </pre>
|
35
|
-
module MuYAML
|
36
|
-
# The configuration file format for Mu's main config file.
|
37
|
-
# Amazon Web Services
|
38
|
-
class aws
|
39
|
-
# @!group Required parameters
|
40
|
-
|
41
|
-
# **REQUIRED** -
|
42
|
-
# S3 bucket into which we'll synchronize deploy secrets, and if we're hosted in AWS, collected system logs
|
43
|
-
#
|
44
|
-
# @return [String]
|
45
|
-
attr_accessor :log_bucket_name
|
46
|
-
# @!endgroup
|
47
|
-
# @!group Optional parameters
|
48
|
-
|
49
|
-
# **Must match pattern `(?i-mx:^[a-z0-9]+$)`** -
|
50
|
-
# Credentials used for accessing the AWS API (looks like: AKIAINWLOOAA24PBRBZA)
|
51
|
-
#
|
52
|
-
# @return [String]
|
53
|
-
attr_accessor :access_key
|
54
|
-
|
55
|
-
# Credentials used for accessing the AWS API (looks like: +Z16iRP9QAq7EcjHINyEMs3oR7A76QpfaSgCBogp).
|
56
|
-
#
|
57
|
-
# @return [String]
|
58
|
-
attr_accessor :access_secret
|
59
|
-
|
60
|
-
# **Must match pattern `(?-mix:^\d+$)`** -
|
61
|
-
# Default target account for resources managed using these credentials. This is an AWS account number, e.g. 918972669773. If not specified, we will use the account number which owns these API keys.
|
62
|
-
#
|
63
|
-
# @return [String]
|
64
|
-
attr_accessor :account_number
|
65
|
-
|
66
|
-
# A secure Chef vault and item from which to retrieve an AWS access key and secret. The vault item should have 'access_key' and 'access_secret' elements.
|
67
|
-
#
|
68
|
-
# @return [String]
|
69
|
-
attr_accessor :credentials
|
70
|
-
|
71
|
-
# An INI-formatted AWS credentials file, of the type used by the AWS command-line tools. This is less secure than using 'credentials' to store these in a Chef vault. See: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html
|
72
|
-
#
|
73
|
-
# @return [String]
|
74
|
-
attr_accessor :credentials_file
|
75
|
-
|
76
|
-
# **Default: `false`** -
|
77
|
-
# If set to true, Mu will default to these AWS credentials when targeting AWS resources
|
78
|
-
#
|
79
|
-
# @return [Boolean]
|
80
|
-
attr_accessor :default
|
81
|
-
|
82
|
-
# Default Amazon Web Services region in which these credentials should operate
|
83
|
-
#
|
84
|
-
# @return [String]
|
85
|
-
attr_accessor :region
|
86
|
-
# @!endgroup
|
87
|
-
end
|
88
|
-
# Microsoft Azure Cloud Computing Platform & Services
|
89
|
-
class azure
|
90
|
-
# @!group Optional parameters
|
91
|
-
|
92
|
-
# App client id used to authenticate to our subscription. From https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview
|
93
|
-
#
|
94
|
-
# @return [String]
|
95
|
-
attr_accessor :client_id
|
96
|
-
|
97
|
-
# App client secret used to authenticate to our subscription. From https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview under the 'Certificates & secrets' tab, 'Client secrets.' This can only be retrieved upon initial secret creation.
|
98
|
-
#
|
99
|
-
# @return [String]
|
100
|
-
attr_accessor :client_secret
|
101
|
-
|
102
|
-
# JSON file which contains a hash of directory_id, client_id, client_secret, and subscription values. If found, these will be override values entered directly in mu-configure.
|
103
|
-
#
|
104
|
-
# @return [String]
|
105
|
-
attr_accessor :credentials_file
|
106
|
-
|
107
|
-
# **Default: `false`** -
|
108
|
-
# If set to true, Mu will use this set of Azure credentials when targeting Azure without a specific account having been requested
|
109
|
-
#
|
110
|
-
# @return [Boolean]
|
111
|
-
attr_accessor :default
|
112
|
-
|
113
|
-
# AKA Tenant ID; the default Microsoft Azure Directory project in which we operate and deploy, from https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview
|
114
|
-
#
|
115
|
-
# @return [String]
|
116
|
-
attr_accessor :directory_id
|
117
|
-
|
118
|
-
# **Default: `eastus`** -
|
119
|
-
# Default Microsoft Azure region in which we operate and deploy
|
120
|
-
#
|
121
|
-
# @return [String]
|
122
|
-
attr_accessor :region
|
123
|
-
|
124
|
-
# Default Microsoft Azure Subscription we will use to deploy, from https://portal.azure.com/#blade/Microsoft_Azure_Billing/SubscriptionsBlade
|
125
|
-
#
|
126
|
-
# @return [String]
|
127
|
-
attr_accessor :subscription
|
128
|
-
# @!endgroup
|
129
|
-
end
|
130
|
-
# Google Cloud Platform
|
131
|
-
class google
|
132
|
-
# @!group Required parameters
|
133
|
-
|
134
|
-
# **REQUIRED** -
|
135
|
-
# Cloud Storage bucket into which we'll synchronize deploy secrets, and if we're hosted in GCP, collected system logs
|
136
|
-
#
|
137
|
-
# @return [String]
|
138
|
-
attr_accessor :log_bucket_name
|
139
|
-
|
140
|
-
# **REQUIRED** -
|
141
|
-
# Default Google Cloud Platform project in which we operate and deploy. Generate a service account at: https://console.cloud.google.com/iam-admin/serviceaccounts/project, making sure the account has sufficient privileges to manage cloud resources. Download the private key as JSON, and import that key to the vault specified here. Import example: knife vault create secrets google -J my-google-service-account.json
|
142
|
-
#
|
143
|
-
# @return [String]
|
144
|
-
attr_accessor :project
|
145
|
-
# @!endgroup
|
146
|
-
# @!group Optional parameters
|
147
|
-
|
148
|
-
# A secure Chef vault and item from which to retrieve the JSON-formatted Service Account credentials for our GCP account, in the format vault:itemname (e.g. 'secrets:google'). Generate a service account at: https://console.cloud.google.com/iam-admin/serviceaccounts/project, making sure the account has sufficient privileges to manage cloud resources. Download the private key as JSON, and import that key to the vault specified here. Import example: knife vault create secrets google -J my-google-service-account.json
|
149
|
-
#
|
150
|
-
# @return [String]
|
151
|
-
attr_accessor :credentials
|
152
|
-
|
153
|
-
# JSON-formatted Service Account credentials for our GCP account, b64-encoded and dropped directly into mu.yaml. Generate a service account at: https://console.cloud.google.com/iam-admin/serviceaccounts/project, making sure the account has sufficient privileges to manage cloud resources. Download the private key as JSON and point this argument to the file. This is less secure than using 'credentials' to store in a vault.
|
154
|
-
#
|
155
|
-
# @return [String]
|
156
|
-
attr_accessor :credentials_encoded
|
157
|
-
|
158
|
-
# JSON-formatted Service Account credentials for our GCP account, stored in plain text in a file. Generate a service account at: https://console.cloud.google.com/iam-admin/serviceaccounts/project, making sure the account has sufficient privileges to manage cloud resources. Download the private key as JSON and point this argument to the file. This is less secure than using 'credentials' to store in a vault.
|
159
|
-
#
|
160
|
-
# @return [String]
|
161
|
-
attr_accessor :credentials_file
|
162
|
-
|
163
|
-
# For Google Cloud projects which are attached to a GSuite domain. Some API calls (groups, users, etc) require this identifier. From admin.google.com, choose Security, the Single Sign On, and look for the Entity ID field. The value after idpid= in the URL there should be the customer ID.
|
164
|
-
#
|
165
|
-
# @return [String]
|
166
|
-
attr_accessor :customer_id
|
167
|
-
|
168
|
-
# **Default: `false`** -
|
169
|
-
# If set to true, Mu will use this set of GCP credentials when targeting the Google Cloud without a specific account having been requested
|
170
|
-
#
|
171
|
-
# @return [Boolean]
|
172
|
-
attr_accessor :default
|
173
|
-
|
174
|
-
# For Google Cloud projects which are attached to a GSuite domain. GCP service accounts cannot view or manage GSuite resources (groups, users, etc) directly, but must instead masquerade as a GSuite user which has delegated authority to the service account. See also: https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority
|
175
|
-
#
|
176
|
-
# @return [String]
|
177
|
-
attr_accessor :masequerade_as
|
178
|
-
|
179
|
-
# **Default: `us-east4`** -
|
180
|
-
# Default Google Cloud Platform region in which we operate and deploy
|
181
|
-
#
|
182
|
-
# @return [String]
|
183
|
-
attr_accessor :region
|
184
|
-
# @!endgroup
|
185
|
-
end
|
186
|
-
# @!group Required parameters
|
187
|
-
|
188
|
-
# **REQUIRED**,
|
189
|
-
# **Must match pattern `(?i-mx:^[a-z0-9\-_]+$)`** -
|
190
|
-
# The local system's value for HOSTNAME
|
191
|
-
#
|
192
|
-
# @return [String]
|
193
|
-
attr_accessor :hostname
|
194
|
-
|
195
|
-
# **REQUIRED**,
|
196
|
-
# **Must match pattern `(?i-mx:\A([\w+\-].?)+@[a-z\d\-]+(\.[a-z]+)*\.[a-z]+\z)`** -
|
197
|
-
# Administative contact email
|
198
|
-
#
|
199
|
-
# @return [String]
|
200
|
-
attr_accessor :mu_admin_email
|
201
|
-
|
202
|
-
# **REQUIRED**,
|
203
|
-
# **Must match pattern `(?-mix:^(127\.0\.0\.1|localhost)$)`** -
|
204
|
-
# IP address or hostname
|
205
|
-
#
|
206
|
-
# @return [String]
|
207
|
-
attr_accessor :public_address
|
208
|
-
# @!endgroup
|
209
|
-
# @!group Optional parameters
|
210
|
-
|
211
|
-
# If set to true, Mu will be allowed to modify routing and peering behavior of VPCs which it did not create, but for which it has permissions.
|
212
|
-
#
|
213
|
-
# @return [Boolean]
|
214
|
-
attr_accessor :allow_invade_foreign_vpcs
|
215
|
-
|
216
|
-
# Intended for use with minimal installs which use Ansible as a groomer and which do not store Ansible artifacts in a dedicated git repository. This allows simply pointing to a local directory.
|
217
|
-
#
|
218
|
-
# @return [String]
|
219
|
-
attr_accessor :ansible_dir
|
220
|
-
|
221
|
-
# Amazon Web Services
|
222
|
-
#
|
223
|
-
# @return [aws]
|
224
|
-
# @see aws
|
225
|
-
attr_accessor :aws
|
226
|
-
|
227
|
-
# Microsoft Azure Cloud Computing Platform & Services
|
228
|
-
#
|
229
|
-
# @return [azure]
|
230
|
-
# @see azure
|
231
|
-
attr_accessor :azure
|
232
|
-
|
233
|
-
# Login banner, displayed in various locations
|
234
|
-
#
|
235
|
-
# @return [String]
|
236
|
-
attr_accessor :banner
|
237
|
-
|
238
|
-
# **Default: `false`** -
|
239
|
-
# Disable the Momma Cat grooming daemon. Nodes which require asynchronous Ansible/Chef bootstraps will not function. This option is only honored in gem-based installations.
|
240
|
-
#
|
241
|
-
# @return [Boolean]
|
242
|
-
attr_accessor :disable_mommacat
|
243
|
-
|
244
|
-
# Google Cloud Platform
|
245
|
-
#
|
246
|
-
# @return [google]
|
247
|
-
# @see google
|
248
|
-
attr_accessor :google
|
249
|
-
|
250
|
-
# Optional extra Chef roles or recipes to invoke when running chef-client on this Master (ex: recipe[mycookbook::mumaster])
|
251
|
-
#
|
252
|
-
# @return [Array<String>]
|
253
|
-
attr_accessor :master_runlist_extras
|
254
|
-
|
255
|
-
# **Default: `2260`**,
|
256
|
-
# **Must match pattern `(?i-mx:^[0-9]+$)`** -
|
257
|
-
# Listen port for the Momma Cat grooming daemon
|
258
|
-
#
|
259
|
-
# @return [String]
|
260
|
-
attr_accessor :mommacat_port
|
261
|
-
|
262
|
-
# **Default: `Mu Administrator`** -
|
263
|
-
# Administative contact's full name
|
264
|
-
#
|
265
|
-
# @return [String]
|
266
|
-
attr_accessor :mu_admin_name
|
267
|
-
|
268
|
-
# **Default: `git://github.com/cloudamatic/mu.git`**,
|
269
|
-
# **Must match pattern `(?-mix:(((git|ssh|http(s)?)|(git@[\w\.]+))(:(\/\/)?))?([\w\.@\:\/\-~]+)(\.git)?(\/)?)`** -
|
270
|
-
# Source repository for Mu tools
|
271
|
-
#
|
272
|
-
# @return [String]
|
273
|
-
attr_accessor :mu_repository
|
274
|
-
|
275
|
-
# **Default: `["https://github.com/cloudamatic/mu_demo_platform"]`**,
|
276
|
-
# **Must match pattern `(?-mix:(((git|ssh|http(s)?)|(git@[\w\.]+))(:(\/\/)?))?([\w\.@\:\/\-~]+)(\.git)?(\/)?)`** -
|
277
|
-
# Optional platform repositories, as a Git URL or Github repo name (ex: eGT-Labs/fema_platform.git)
|
278
|
-
#
|
279
|
-
# @return [Array<String>]
|
280
|
-
attr_accessor :repos
|
281
|
-
# @!endgroup
|
282
|
-
end
|