cloud-mu 3.1.3 → 3.1.4

data/modules/mu.rb

@@ -121,22 +121,18 @@ class Hash
       # custom objects which we might find in here so that we can get away with
       # sorting arrays full of weird, non-primitive types.
       done = []
-#      before_a = on.dup
-#      after_a = on.dup.sort
-#      before_b = with.dup
-#      after_b = with.dup.sort
       on.sort.each { |elt|
         if elt.is_a?(Hash) and elt['name'] or elt['entity']# or elt['cloud_id']
           with.sort.each { |other_elt|
-            if (elt['name'] and other_elt['name'] == elt['name']) or
-               (elt['name'].nil? and !elt["id"].nil? and elt["id"] == other_elt["id"]) or
-               (elt['name'].nil? and elt["id"].nil? and
-                !elt["entity"].nil? and !other_elt["entity"].nil? and
-                 (
-                   (elt["entity"]["id"] and elt["entity"]["id"] == other_elt["entity"]["id"]) or
-                   (elt["entity"]["name"] and elt["entity"]["name"] == other_elt["entity"]["name"])
-                 )
-               )
+            # Figure out what convention this thing is using for resource identification
+            compare_a, compare_b = if elt['name'].nil? and elt["id"].nil? and !elt["entity"].nil? and !other_elt["entity"].nil?
+              [elt["entity"], other_elt["entity"]]
+            else
+              [elt, other_elt]
+            end
+
+            if (compare_a['name'] and compare_b['name'] == compare_a['name']) or
+               (compare_a['name'].nil? and !compare_a["id"].nil? and compare_a["id"] == compare_b["id"])
               break if elt == other_elt
               done << elt
               done << other_elt
@@ -649,7 +645,7 @@ module MU
      !$MU_CFG['public_address'].empty? and @@my_public_ip != $MU_CFG['public_address']
     @@mu_public_addr = $MU_CFG['public_address']
     if !@@mu_public_addr.match(/^\d+\.\d+\.\d+\.\d+$/)
-      hostname = IO.readlines("/etc/hostname")[0].gsub /\n/, ''
+      hostname = IO.readlines("/etc/hostname")[0].gsub(/\n/, '')
 
       hostlines = File.open('/etc/hosts').grep(/.*#{hostname}.*/)
       if hostlines and !hostlines.empty?

data/modules/mu/adoption.rb

@@ -123,6 +123,8 @@ module MU
         MU.log "Failed to locate a folder that resembles #{@parent}", MU::ERR
       end
       MU.log "Scraping complete"
+
+      @scraped
     end
 
     # Given a list of BoK style tags, try to reverse-engineer the correct
@@ -130,8 +132,9 @@ module MU
     # this infers from Mu-style tagging, but we'll add a couple cases for
     # special cloud provider cases.
     # @param tags [Array<Hash>]
+    # @param basename [String]
     # return [String]
-    def self.tagsToName(tags = [])
+    def self.tagsToName(tags = [], basename: nil)
       tags.each { |tag|
         if tag['key'] == "aws:cloudformation:logical-id"
           return tag['value']
@@ -144,6 +147,7 @@ module MU
           break
         end
       }
+
       tags.each { |tag|
         if tag['key'] == "Name"
           if muid and tag['value'].match(/^#{Regexp.quote(muid)}-(.*)/)
@@ -153,6 +157,11 @@ module MU
           end
         end
       }
+
+      if basename and muid and basename.match(/^#{Regexp.quote(muid)}-(.*)/)
+        return Regexp.last_match[1].downcase
+      end
+
       nil
     end
 
@@ -206,7 +215,7 @@ module MU
           @scraped.each_pair { |type, resources|
             res_class = begin
               MU::Cloud.loadCloudType(cloud, type)
-            rescue MU::Cloud::MuCloudResourceNotImplemented => e
+            rescue MU::Cloud::MuCloudResourceNotImplemented
               # XXX I don't think this can actually happen
               next
             end
@@ -217,8 +226,8 @@ module MU
             class_semaphore = Mutex.new
 
             Thread.abort_on_exception = true
-            resources.each_pair { |cloud_id_thr, obj_thr|
-              threads << Thread.new(cloud_id_thr, obj_thr) { |cloud_id, obj|
+            resources.values.each { |obj_thr|
+              threads << Thread.new(obj_thr) { |obj|
 
                 kitten_cfg = obj.toKitten(rootparent: @default_parent, billing: @billing, habitats: @habitats)
                 if kitten_cfg
@@ -307,14 +316,14 @@ module MU
 
     private
 
-    def scrubSchemaDefaults(conf_chunk, schema_chunk, depth = 0, siblings = nil, type: nil)
+    def scrubSchemaDefaults(conf_chunk, schema_chunk, depth = 0, type: nil)
       return if schema_chunk.nil?
 
       if !conf_chunk.nil? and schema_chunk["properties"].kind_of?(Hash) and conf_chunk.is_a?(Hash)
         deletia = []
         schema_chunk["properties"].each_pair { |key, subschema|
           next if !conf_chunk[key]
-          shortclass, cfg_name, cfg_plural, classname = MU::Cloud.getResourceNames(key)
+          shortclass, _cfg_name, _cfg_plural, _classname = MU::Cloud.getResourceNames(key)
 
           if subschema["default_if"]
             subschema["default_if"].each { |cond|
@@ -328,7 +337,7 @@ module MU
           if subschema["default"] and conf_chunk[key] == subschema["default"]
             deletia << key
           elsif ["array", "object"].include?(subschema["type"])
-            scrubSchemaDefaults(conf_chunk[key], subschema, depth+1, conf_chunk, type: shortclass)
+            scrubSchemaDefaults(conf_chunk[key], subschema, depth+1, type: shortclass)
           end
         }
         deletia.each { |key| conf_chunk.delete(key) }
@@ -339,7 +348,7 @@ module MU
           realschema = if type and schema_chunk["items"] and schema_chunk["items"]["properties"] and item["cloud"] and MU::Cloud.supportedClouds.include?(item['cloud'])
 
             cloudclass = Object.const_get("MU").const_get("Cloud").const_get(item["cloud"]).const_get(type)
-            toplevel_required, cloudschema = cloudclass.schema(self)
+            _toplevel_required, cloudschema = cloudclass.schema(self)
 
             newschema = schema_chunk["items"].dup
             newschema["properties"].merge!(cloudschema)
@@ -349,7 +358,7 @@ module MU
           end
           next if ["array", "object"].include?(realschema["type"])
 
-          scrubSchemaDefaults(item, realschema, depth+1, conf_chunk, type: type)
+          scrubSchemaDefaults(item, realschema, depth+1, type: type)
         }
       end
 
@@ -373,10 +382,7 @@ module MU
         'billing_acct' => {},
         'us_only' => {},
       }
-      clouds = {}
-      credentials = {}
-      regions = {}
-      MU::Cloud.resource_types.each_pair { |typename, attrs|
+      MU::Cloud.resource_types.values.each { |attrs|
         if bok[attrs[:cfg_plural]]
           processed = []
           bok[attrs[:cfg_plural]].each { |resource|
@@ -434,7 +440,7 @@ module MU
         next if counts.size != 1
         bok[field] = counts.keys.first
         MU.log "Setting global default #{field} to #{bok[field]} (#{deploy.deploy_id})", MU::DEBUG
-        MU::Cloud.resource_types.each_pair { |typename, attrs|
+        MU::Cloud.resource_types.values.each { |attrs|
           if bok[attrs[:cfg_plural]]
             new_resources = []
             bok[attrs[:cfg_plural]].each { |resource|

data/modules/mu/cleanup.rb

@@ -25,8 +25,6 @@ module MU
   # Routines for removing cloud resources.
   class Cleanup
 
-    home = Etc.getpwuid(Process.uid).dir
-
     @deploy_id = nil
     @noop = false
     @onlycloud = false
@@ -81,7 +79,7 @@ module MU
             MU.log "Searching for remnants of #{deploy_id}, though this may be an invalid MU-ID.", MU::WARN
           end
           @mommacat = MU::MommaCat.new(deploy_id, mu_user: MU.mu_user, delay_descriptor_load: true)
-        rescue Exception => e
+        rescue StandardError => e
           MU.log "Can't load a deploy record for #{deploy_id} (#{e.inspect}), cleaning up resources by guesswork", MU::WARN, details: e.backtrace
           MU.setVar("deploy_id", deploy_id)
 
@@ -90,6 +88,7 @@ module MU
 
       regionsused = @mommacat.regionsUsed if @mommacat
       credsused = @mommacat.credsUsed if @mommacat
+      habitatsused = @mommacat.habitatsUsed if @mommacat
 
       if !@skipcloud
         creds = {}
@@ -112,7 +111,6 @@ module MU
         }
 
         parent_thread_id = Thread.current.object_id
-        deleted_nodes = 0
         cloudthreads = []
         keyname = "deploy-#{MU.deploy_id}"
         had_failures = false
@@ -127,7 +125,6 @@ module MU
               next if credsused and !credsused.include?(credset)
               global_vs_region_semaphore = Mutex.new
               global_done = {}
-              habitats_done = {}
               regionthreads = []
               acct_regions.each { |r|
                 if regionsused
@@ -172,10 +169,13 @@ module MU
                   # CloudFormation sometimes fails internally.
                   projectthreads = []
                   projects.each { |project|
-                    next if !habitatclass.isLive?(project, credset)
                     if habitats and !habitats.empty? and project != ""
                       next if !habitats.include?(project)
                     end
+                    if habitatsused and !habitatsused.empty? and project != ""
+                      next if !habitatsused.include?(project)
+                    end
+                    next if !habitatclass.isLive?(project, credset)
 
                     projectthreads << Thread.new {
                       MU.dupGlobals(parent_thread_id)
@@ -192,7 +192,6 @@ module MU
                         "skipsnapshots" => @skipsnapshots,
                       }
                       types_in_order.each { |t|
-                        shortclass, cfg_name, cfg_plural, classname = MU::Cloud.getResourceNames(t)
                         begin
                           skipme = false
                           global_vs_region_semaphore.synchronize {
@@ -424,8 +423,12 @@ module MU
 
     end
 
-    private
-
+    # Wrapper for dynamically invoking resource type cleanup methods.
+    # @param type [String]:
+    # @param credset [String]:
+    # @param provider [String]:
+    # @param flags [Hash]:
+    # @param region [String]:
     def self.call_cleanup(type, credset, provider, flags, region)
       if @mommacat.nil? or @mommacat.numKittens(types: [type]) > 0
         if @mommacat
@@ -458,6 +461,7 @@ module MU
       else
         true
       end
+
     end
   end #class
 end #module

data/modules/mu/cloud.rb

@@ -479,7 +479,7 @@ module MU
       @@platform_cache = MU::Cloud.supportedClouds.map { |cloud|
         begin
           loadCloudType(cloud, :Server)
-        rescue MU::Cloud::MuCloudResourceNotImplemented, MU::MuError => e
+        rescue MU::Cloud::MuCloudResourceNotImplemented, MU::MuError
           next
         end
 
@@ -529,7 +529,7 @@ module MU
                 images.deep_merge!(YAML.load(response))
                 break
               end
-            rescue Exception => e
+            rescue StandardError
               if fail_hard
                 raise MuError, "Failed to fetch stock images from #{base_url}/#{cloud}.yaml (#{e.message})"
               else
@@ -624,7 +624,7 @@ module MU
         end
       else
         if region
-          images.each_pair { |p, regions|
+          images.values.each { |regions|
             # Filter to match our requested region, but for all the platforms,
             # since we didn't specify one.
             if regions.is_a?(Hash)
@@ -652,7 +652,6 @@ module MU
             cloudclass[:cfg_name] == type or
             cloudclass[:cfg_plural] == type or
             Object.const_get("MU").const_get("Cloud").const_get(name) == type
-          cfg_name = cloudclass[:cfg_name]
           type = name
           return [type.to_sym, cloudclass[:cfg_name], cloudclass[:cfg_plural], Object.const_get("MU").const_get("Cloud").const_get(name), cloudclass]
         end
@@ -802,7 +801,7 @@ module MU
     # @return [Class]: The cloud-specific class implementing this resource
     def self.loadCloudType(cloud, type)
       raise MuError, "cloud argument to MU::Cloud.loadCloudType cannot be nil" if cloud.nil?
-      shortclass, cfg_name, cfg_plural, classname = MU::Cloud.getResourceNames(type)
+      shortclass, cfg_name, _cfg_plural, _classname = MU::Cloud.getResourceNames(type)
       if @cloud_class_cache.has_key?(cloud) and @cloud_class_cache[cloud].has_key?(type)
         if @cloud_class_cache[cloud][type].nil?
           raise MuError, "The '#{type}' resource is not supported in cloud #{cloud} (tried MU::#{cloud}::#{type})", caller
@@ -864,7 +863,7 @@ module MU
       }
     }
 
-    @@resource_types.each_pair { |name, attrs|
+    @@resource_types.keys.each { |name|
       Object.const_get("MU").const_get("Cloud").const_get(name).class_eval {
         attr_reader :cloudclass
         attr_reader :cloudobj
@@ -1145,19 +1144,19 @@ module MU
           if self.class.cfg_name == "server"
             begin
               ip = canonicalIP
-              MU::MommaCat.removeIPFromSSHKnownHosts(ip) if ip
+              MU::Master.removeIPFromSSHKnownHosts(ip) if ip
               if @deploy and @deploy.deployment and
-                 @deploy.deployment['servers'] and @config['name'] and
+                 @deploy.deployment['servers'] and @config['name']
                 me = @deploy.deployment['servers'][@config['name']][@mu_name]
                 if me
                   ["private_ip_address", "public_ip_address"].each { |field|
                     if me[field]
-                      MU::MommaCat.removeIPFromSSHKnownHosts(me[field])
+                      MU::Master.removeIPFromSSHKnownHosts(me[field])
                     end
                   }
                   if me["private_ip_list"]
-                    me["private_ip_list"].each { |ip|
-                      MU::MommaCat.removeIPFromSSHKnownHosts(ip)
+                    me["private_ip_list"].each { |private_ip|
+                      MU::Master.removeIPFromSSHKnownHosts(private_ip)
                     }
                   end
                 end
@@ -1286,7 +1285,7 @@ module MU
               if !@cloud_desc_cache
                 MU.log "cloud_desc via #{self.class.name}.find() failed to locate a live object.\nWas called by #{caller[0]}", MU::WARN, details: args
               end
-            rescue Exception => e
+            rescue StandardError => e
               MU.log "Got #{e.inspect} trying to find cloud handle for #{self.class.shortname} #{@mu_name} (#{@cloud_id})", MU::WARN
               raise e
             end
@@ -1297,9 +1296,8 @@ module MU
 
         # Retrieve all of the known metadata for this resource.
         # @param cloud_id [String]: The cloud platform's identifier for the resource we're describing. Makes lookups more efficient.
-        # @param update_cache [Boolean]: Ignore cached data if we have any, instead reconsituting from original sources.
         # @return [Array<Hash>]: mu_name, config, deploydata
-        def describe(cloud_id: nil, update_cache: false)
+        def describe(cloud_id: nil)
           if cloud_id.nil? and !@cloudobj.nil?
             @cloud_id ||= @cloudobj.cloud_id
           end
@@ -1614,7 +1612,7 @@ puts "CHOOSING #{@vpc.to_s} 'cause it has #{@config['vpc']['subnet_name']}"
               end
               begin
                 cloudclass = MU::Cloud.loadCloudType(cloud, shortname)
-              rescue MU::MuError => e
+              rescue MU::MuError
                 next
               end
 
@@ -1778,17 +1776,14 @@ puts "CHOOSING #{@vpc.to_s} 'cause it has #{@config['vpc']['subnet_name']}"
                 MU.log "Failed at installing Cygwin", MU::ERR, details: resp
               end
 
-              set_hostname = true
               hostname = nil
               if !@config['active_directory'].nil?
                 if @config['active_directory']['node_type'] == "domain_controller" && @config['active_directory']['domain_controller_hostname']
                   hostname = @config['active_directory']['domain_controller_hostname']
                   @mu_windows_name = hostname
-                  set_hostname = true
                 else
                   # Do we have an AD specific hostname?
                   hostname = @mu_windows_name
-                  set_hostname = true
                 end
               else
                 hostname = @mu_windows_name
@@ -1859,7 +1854,7 @@ puts "CHOOSING #{@vpc.to_s} 'cause it has #{@config['vpc']['subnet_name']}"
               end
               if windows?
                 output = ssh.exec!(win_env_fix)
-                output = ssh.exec!(win_installer_check)
+                output += ssh.exec!(win_installer_check)
                 raise MU::Cloud::BootstrapTempFail, "Got nil output from ssh session, waiting and retrying" if output.nil?
                 if output.match(/InProgress/)
                   raise MU::Cloud::BootstrapTempFail, "Windows Installer service is still doing something, need to wait"
@@ -1906,14 +1901,13 @@ puts "CHOOSING #{@vpc.to_s} 'cause it has #{@config['vpc']['subnet_name']}"
           # @param winrm_retries [Integer]:
           # @param reboot_on_problems [Boolean]:
           def getWinRMSession(max_retries = 40, retry_interval = 60, timeout: 30, winrm_retries: 5, reboot_on_problems: false)
-            nat_ssh_key, nat_ssh_user, nat_ssh_host, canonical_ip, ssh_user, ssh_key_name = getSSHConfig
+            _nat_ssh_key, _nat_ssh_user, _nat_ssh_host, canonical_ip, _ssh_user, _ssh_key_name = getSSHConfig
             @mu_name ||= @config['mu_name']
 
-            conn = nil
             shell = nil
             opts = nil
             # and now, a thing I really don't want to do
-            MU::MommaCat.addInstanceToEtcHosts(canonical_ip, @mu_name)
+            MU::Master.addInstanceToEtcHosts(canonical_ip, @mu_name)
 
             # catch exceptions that circumvent our regular call stack
             Thread.abort_on_exception = false
@@ -1949,7 +1943,7 @@ puts "CHOOSING #{@vpc.to_s} 'cause it has #{@config['vpc']['subnet_name']}"
               retries, rebootable_fails = handleWindowsFail(e, retries, rebootable_fails, max_retries: max_retries, reboot_on_problems: reboot_on_problems, retry_interval: retry_interval)
               retry
             ensure
-              MU::MommaCat.removeInstanceFromEtcHosts(@mu_name)
+              MU::Master.removeInstanceFromEtcHosts(@mu_name)
             end
 
             shell
@@ -1960,7 +1954,7 @@ puts "CHOOSING #{@vpc.to_s} 'cause it has #{@config['vpc']['subnet_name']}"
           # @return [Net::SSH::Connection::Session]
           def getSSHSession(max_retries = 12, retry_interval = 30)
             ssh_keydir = Etc.getpwnam(@deploy.mu_user).dir+"/.ssh"
-            nat_ssh_key, nat_ssh_user, nat_ssh_host, canonical_ip, ssh_user, ssh_key_name = getSSHConfig
+            nat_ssh_key, nat_ssh_user, nat_ssh_host, canonical_ip, ssh_user, _ssh_key_name = getSSHConfig
             session = nil
             retries = 0
 
@@ -2011,7 +2005,8 @@ puts "CHOOSING #{@vpc.to_s} 'cause it has #{@config['vpc']['subnet_name']}"
               e.remember_host!
               session.close
               retry
-            rescue SystemCallError, Timeout::Error, Errno::ECONNRESET, Errno::EHOSTUNREACH, Net::SSH::Proxy::ConnectError, SocketError, Net::SSH::Disconnect, Net::SSH::AuthenticationFailed, IOError, Net::SSH::ConnectionTimeout, Net::SSH::Proxy::ConnectError, MU::Cloud::NetSSHFail => e
+#            rescue SystemCallError, Timeout::Error, Errno::ECONNRESET, Errno::EHOSTUNREACH, Net::SSH::Proxy::ConnectError, SocketError, Net::SSH::Disconnect, Net::SSH::AuthenticationFailed, IOError, Net::SSH::ConnectionTimeout, Net::SSH::Proxy::ConnectError, MU::Cloud::NetSSHFail => e
+            rescue SystemExit, Timeout::Error, Net::SSH::AuthenticationFailed, Net::SSH::Disconnect, Net::SSH::ConnectionTimeout, Net::SSH::Proxy::ConnectError, Net::SSH::Exception, Errno::ECONNRESET, Errno::EHOSTUNREACH, Errno::ECONNREFUSED, Errno::EPIPE, SocketError, IOError => e
               begin
                 session.close if !session.nil?
               rescue Net::SSH::Disconnect, IOError => e
@@ -2059,12 +2054,17 @@ puts "CHOOSING #{@vpc.to_s} 'cause it has #{@config['vpc']['subnet_name']}"
           clouds.each { |cloud|
             begin
               cloudclass = MU::Cloud.loadCloudType(cloud, shortname)
+
+              if cloudclass.isGlobal?
+                params.delete(:region)
+              end
+
               raise MuCloudResourceNotImplemented if !cloudclass.respond_to?(:cleanup) or cloudclass.method(:cleanup).owner.to_s != "#<Class:#{cloudclass}>"
               MU.log "Invoking #{cloudclass}.cleanup from #{shortname}", MU::DEBUG, details: flags
               cloudclass.cleanup(params)
             rescue MuCloudResourceNotImplemented
               MU.log "No #{cloud} implementation of #{shortname}.cleanup, skipping", MU::DEBUG, details: flags
-            rescue Exception => e
+            rescue StandardError => e
               in_msg = cloud
               if params and params[:region]
                 in_msg += " "+params[:region]

data/modules/mu/clouds/aws.rb

@@ -38,8 +38,8 @@ module MU
       # repetitive setup tasks (like resolving +:resource_group+ for Azure
       # resources) have always been done.
       # @param cloudobj [MU::Cloud]
-      # @param deploy [MU::MommaCat]
-      def self.resourceInitHook(cloudobj, deploy)
+      # @param _deploy [MU::MommaCat]
+      def self.resourceInitHook(cloudobj, _deploy)
         class << self
           attr_reader :cloudformation_data
         end
@@ -63,7 +63,6 @@ module MU
           return nil
         end
 
-        loaded = false
         cred_obj = nil
         if cred_cfg['access_key'] and cred_cfg['access_secret'] and
           # access key and secret just sitting in mu.yaml
@@ -137,11 +136,22 @@ module MU
           # assume we've got an IAM profile and hope for the best
           ENV.delete('AWS_ACCESS_KEY_ID')
           ENV.delete('AWS_SECRET_ACCESS_KEY')
-          cred_obj = Aws::InstanceProfileCredentials.new
+          retries = 0
+          begin
+            cred_obj = Aws::InstanceProfileCredentials.new
+            if cred_obj.nil?
+              retries += 1
+              MU.log "Failed to fetch AWS instance profile credentials, attempt #{retries.to_s}/10", MU::WARN
+              sleep 3
+            end
+          end while cred_obj.nil? and retries < 10
 #          if name.nil?
 #            Aws.config = {region: ENV['EC2_REGION']}
 #          end
         end
+if cred_obj.nil?
+MU.log "cred_obj is nil and hosted? says #{hosted?.to_s}", MU::WARN, details: name
+end
 
         if name.nil?
           @@creds_loaded["#default"] = cred_obj
@@ -283,52 +293,13 @@ module MU
         )
       end
 
-      # Tag EC2 resources. 
-      #
-      # @param resources [Array<String>]: The cloud provider identifier of the resource to tag
-      # @param key [String]: The name of the tag to create
-      # @param value [String]: The value of the tag
-      # @param region [String]: The cloud provider region
-      # @return [void,<Hash>]
-      def self.createTag(key, value, resources = [], region: myRegion, credentials: nil)
-  
-        if !MU::Cloud::CloudFormation.emitCloudFormation
-          begin
-            MU::Cloud::AWS.ec2(region: region, credentials: credentials).create_tags(
-              resources: resources,
-              tags: [
-                {
-                  key: key,
-                  value: value
-                }
-              ]
-            )
-          rescue Aws::EC2::Errors::ServiceError => e
-            MU.log "Got #{e.inspect} tagging #{resources.size.to_s} resources with #{key}=#{value}", MU::WARN, details: resources if attempts > 1
-            if attempts < 5
-              attempts = attempts + 1
-              sleep 15
-              retry
-            else
-              raise e
-            end
-          end
-          MU.log "Created tag #{key} with value #{value}", MU::DEBUG, details: resources
-        else
-          return {
-            "Key" =>  key,
-            "Value" => value
-          }
-        end
-      end
-
       @@azs = {}
       # List the Availability Zones associated with a given Amazon Web Services
       # region. If no region is given, search the one in which this MU master
       # server resides.
       # @param region [String]: The region to search.
       # @return [Array<String>]: The Availability Zones in this region.
-      def self.listAZs(region: MU.curRegion, account: nil, credentials: nil)
+      def self.listAZs(region: MU.curRegion, credentials: nil)
         cfg = credConfig(credentials)
         return [] if !cfg
         if !region.nil? and @@azs[region]
@@ -491,7 +462,32 @@ module MU
       # @param cloudobj [MU::Cloud::AWS]: The resource from which to extract the habitat id
       # @return [String,nil]
       def self.habitat(cloudobj, nolookup: false, deploy: nil)
-        cloudobj.respond_to?(:account_number) ? cloudobj.account_number : nil
+        @@habmap ||= {}
+# XXX whaddabout config['habitat'] HNNNGH
+
+        if cloudobj.respond_to?(:account_number) and cloudobj.account_number and
+           !cloudobj.account_number.empty?
+          return cloudobj.account_number
+        elsif cloudobj.config and cloudobj.config['account']
+          if nolookup
+            return cloudobj.config['account']
+          end
+          if @@habmap[cloudobj.config['account']]
+            return @@habmap[cloudobj.config['account']]
+          end
+          deploy ||= cloudobj.deploy if cloudobj.respond_to?(:deploy)
+
+          MU.log "Incomplete implementation: MU::Cloud::AWS.habitat", MU::DEBUG, details: deploy
+
+#          accountobj = accountLookup(cloudobj.config['account'], deploy, raise_on_fail: false)
+
+#          if accountobj
+#            @@habmap[cloudobj.config['account']] = accountobj.cloud_id
+#            return accountobj.cloud_id
+#          end
+        end
+
+        nil
       end
 
 
@@ -506,7 +502,6 @@ module MU
 
         return creds['account_number'] if creds['account_number']
 
-        user_list = MU::Cloud::AWS.iam(credentials: name).list_users.users
         acct_num = MU::Cloud::AWS.iam(credentials: name).list_users.users.first.arn.split(/:/)[4]
         acct_num.to_s
       end
@@ -543,8 +538,8 @@ module MU
         if !found
           MU.log "Attempting to create log bucket #{cfg['log_bucket_name']} for credentials #{credentials}", MU::WARN
           begin
-            resp = MU::Cloud::AWS.s3(credentials: credentials).create_bucket(bucket: cfg['log_bucket_name'], acl: "private")
-          rescue Aws::S3::Errors::BucketAlreadyExists => e
+            MU::Cloud::AWS.s3(credentials: credentials).create_bucket(bucket: cfg['log_bucket_name'], acl: "private")
+          rescue Aws::S3::Errors::BucketAlreadyExists
             raise MuError, "AWS credentials #{credentials} need a log bucket, and the name #{cfg['log_bucket_name']} is unavailable. Use mu-configure to edit credentials '#{credentials}' or 'hostname'"
           end
         end
@@ -620,9 +615,9 @@ module MU
             # Check each credential sets' resident account, then
             $MU_CFG['aws'].each_pair { |acctname, cfg|
               begin
-                user_list = MU::Cloud::AWS.iam(credentials: acctname).list_users.users
+                MU::Cloud::AWS.iam(credentials: acctname).list_users.users
 #             rescue ::Aws::IAM::Errors => e # XXX why does this NameError here?
-              rescue Exception => e
+              rescue StandardError => e
                 MU.log e.inspect, MU::WARN, details: cfg
                 next
               end
@@ -653,7 +648,7 @@ module MU
 #       begin
 #          user_list = MU::Cloud::AWS.iam(region: credConfig['region']).list_users.users
 ##        rescue ::Aws::IAM::Errors => e # XXX why does this NameError here?
-#        rescue Exception => e
+#        rescue StandardError => e
 #          MU.log "Got #{e.inspect} while trying to figure out our account number", MU::WARN, details: caller
 #        end
 #        if user_list.nil? or user_list.size == 0
@@ -682,7 +677,6 @@ module MU
         if @@regions.size == 0
           return [] if credConfig.nil?
           result = MU::Cloud::AWS.ec2(region: myRegion, credentials: credentials).describe_regions.regions
-          regions = []
           @@regions_semaphore.synchronize {
             begin
               result.each { |r|
@@ -1154,6 +1148,55 @@ module MU
         end
       end
 
+      # Tag a resource. Defaults to applying our MU deployment identifier, if no
+      # arguments other than the resource identifier are given.
+      # XXX this belongs in the cloud layer(s)
+      #
+      # @param resource [String]: The cloud provider identifier of the resource to tag
+      # @param tag_name [String]: The name of the tag to create
+      # @param tag_value [String]: The value of the tag
+      # @param region [String]: The cloud provider region
+      # @return [void]
+      def self.createTag(resource = nil,
+          tag_name="MU-ID",
+          tag_value=MU.deploy_id,
+          region: MU.curRegion,
+          credentials: nil)
+        attempts = 0
+
+        return nil if resource.nil?
+        resource = [resource] if resource.is_a?(String)
+
+        if !MU::Cloud::CloudFormation.emitCloudFormation
+          begin
+            MU::Cloud::AWS.ec2(credentials: credentials, region: region).create_tags(
+              resources: resource,
+              tags: [
+                {
+                  key: tag_name,
+                  value: tag_value
+                }
+              ]
+            )
+          rescue Aws::EC2::Errors::ServiceError => e
+            MU.log "Got #{e.inspect} tagging #{resource} with #{tag_name}=#{tag_value}", MU::WARN if attempts > 1
+            if attempts < 5
+              attempts = attempts + 1
+              sleep 15
+              retry
+            else
+              raise e
+            end
+          end
+          MU.log "Created tag #{tag_name} with value #{tag_value} for resource #{resource}", MU::DEBUG
+        else
+          return {
+            "Key" =>  tag_name,
+            "Value" => tag_value
+          }
+        end
+      end
+
       @syslog_port_semaphore = Mutex.new
       # Punch AWS security group holes for client nodes to talk back to us, the
       # Mu Master, if we're in AWS.
@@ -1205,8 +1248,8 @@ module MU
             )
             sg_id = group.group_id
             my_sgs << sg_id
-            MU::MommaCat.createTag sg_id, "Name", my_client_sg_name
-            MU::MommaCat.createTag sg_id, "MU-MASTER-IP", MU.mu_public_ip
+            MU::Cloud::AWS.createTag sg_id, "Name", my_client_sg_name
+            MU::Cloud::AWS.createTag sg_id, "MU-MASTER-IP", MU.mu_public_ip
             MU::Cloud::AWS.ec2.modify_instance_attribute(
                 instance_id: my_instance_id,
                 groups: my_sgs
@@ -1237,7 +1280,7 @@ module MU
         end
 
         allow_ips = ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
-        MU::MommaCat.listAllNodes.each_pair { |node, data|
+        MU::MommaCat.listAllNodes.values.each { |data|
           next if data.nil? or !data.is_a?(Hash)
           ["public_ip_address"].each { |key|
             if data.has_key?(key) and !data[key].nil? and !data[key].empty?
@@ -1266,7 +1309,7 @@ module MU
                             }
                         ]
                     )
-                  rescue Aws::EC2::Errors::InvalidPermissionNotFound => e
+                  rescue Aws::EC2::Errors::InvalidPermissionNotFound
                     MU.log "Permission disappeared from #{sg_id} (port #{port.to_s}) before I could remove it", MU::WARN, details: MU.structToHash(rule.ip_ranges)
                   end
                 end
@@ -1300,8 +1343,6 @@ module MU
         }
       end
 
-      private
-
       # XXX we shouldn't have to do this, but AWS does not provide a way to look
       # it up, and the pricing API only returns the human-readable strings.
       @@regionLookup = {
@@ -1397,7 +1438,7 @@ module MU
             MU.log "Got #{e.inspect} calling EC2's #{method_sym} in #{@region} with credentials #{@credentials}, waiting #{interval.to_s}s and retrying. Args were: #{arguments}", debuglevel, details: caller
             sleep interval
             retry
-          rescue Exception => e
+          rescue StandardError => e
             MU.log "Got #{e.inspect} calling EC2's #{method_sym} in #{@region} with credentials #{@credentials}", MU::DEBUG, details: arguments
             raise e
           end