cloud-mu 3.1.3 → 3.1.4

data/modules/mu/mommacat/daemon.rb

@@ -0,0 +1,394 @@
+# Copyright:: Copyright (c) 2020 eGlobalTech, Inc., all rights reserved
+#
+# Licensed under the BSD-3 license (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the root of the project or at
+#
+#     http://egt-labs.com/mu/LICENSE.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module MU
+
+  # MommaCat is in charge of managing metadata about resources we've created,
+  # as well as orchestrating amongst them and bootstrapping nodes outside of
+  # the normal synchronous deploy sequence invoked by *mu-deploy*.
+  class MommaCat
+
+    # Check a provided deploy key against our stored version. The instance has
+    # in theory accessed a secret via S3 and encrypted it with the deploy's
+    # public key. If it decrypts correctly, we assume this instance is indeed
+    # one of ours.
+    # @param ciphertext [String]: The text to decrypt.
+    # return [Boolean]: Whether the provided text was encrypted with the correct key
+    def authKey(ciphertext)
+      if @private_key.nil? or @deploy_secret.nil?
+        MU.log "Missing auth metadata, can't authorize node in authKey", MU::ERR
+        return false
+      end
+      my_key = OpenSSL::PKey::RSA.new(@private_key)
+
+      begin
+        if my_key.private_decrypt(ciphertext).force_encoding("UTF-8") == @deploy_secret.force_encoding("UTF-8")
+          MU.log "Matched ciphertext for #{MU.deploy_id}", MU::INFO
+          return true
+        else
+          MU.log "Mis-matched ciphertext for #{MU.deploy_id}", MU::ERR
+          return false
+        end
+      rescue OpenSSL::PKey::RSAError => e
+        MU.log "Error decrypting provided ciphertext using private key from #{deploy_dir}/private_key: #{e.message}", MU::ERR, details: ciphertext
+        return false
+      end
+    end
+
+    # Run {MU::Cloud::Server#postBoot} and {MU::Cloud::Server#groom} on a node.
+    # @param cloud_id [OpenStruct]: The cloud provider's identifier for this node.
+    # @param name [String]: The MU resource name of the node being created.
+    # @param mu_name [String]: The full #{MU::MommaCat.getResourceName} name of the server we're grooming, if it's been initialized already.
+    # @param type [String]: The type of resource that created this node (either *server* or *serverpool*).
+    def groomNode(cloud_id, name, type, mu_name: nil, reraise_fail: false, sync_wait: true)
+      if cloud_id.nil?
+        raise GroomError, "MU::MommaCat.groomNode requires a {MU::Cloud::Server} object"
+      end
+      if name.nil? or name.empty?
+        raise GroomError, "MU::MommaCat.groomNode requires a resource name"
+      end
+      if type.nil? or type.empty?
+        raise GroomError, "MU::MommaCat.groomNode requires a resource type"
+      end
+
+      if !MU::MommaCat.lock(cloud_id+"-mommagroom", true)
+        MU.log "Instance #{cloud_id} on #{MU.deploy_id} (#{type}: #{name}) is already being groomed, ignoring this extra request.", MU::NOTICE
+        MU::MommaCat.unlockAll
+        if !MU::MommaCat.locks.nil? and MU::MommaCat.locks.size > 0
+          puts "------------------------------"
+          puts "Open flock() locks:"
+          pp MU::MommaCat.locks
+          puts "------------------------------"
+        end
+        return
+      end
+      loadDeploy
+
+      # XXX this is to stop Net::SSH from killing our entire stack when it
+      # throws an exception. See ECAP-139 in JIRA. Far as we can tell, it's
+      # just not entirely thread safe.
+      Thread.handle_interrupt(Net::SSH::Disconnect => :never) {
+        begin
+          Thread.handle_interrupt(Net::SSH::Disconnect => :immediate) {
+            MU.log "(Probably harmless) Caught a Net::SSH::Disconnect in #{Thread.current.inspect}", MU::DEBUG, details: Thread.current.backtrace
+          }
+        ensure
+        end
+      }
+
+      if @original_config[type+"s"].nil?
+        raise GroomError, "I see no configured resources of type #{type} (bootstrap request for #{name} on #{@deploy_id})"
+      end
+      kitten = nil
+
+      kitten = findLitterMate(type: "server", name: name, mu_name: mu_name, cloud_id: cloud_id)
+      if !kitten.nil?
+        MU.log "Re-grooming #{mu_name}", details: kitten.deploydata
+      else
+        first_groom = true
+        @original_config[type+"s"].each { |svr|
+          if svr['name'] == name
+            svr["instance_id"] = cloud_id
+
+            # This will almost always be true in server pools, but lets be safe. Somewhat problematic because we are only
+            # looking at deploy_id, but we still know this is our DNS record and not a custom one.
+            if svr['dns_records'] && !svr['dns_records'].empty?
+              svr['dns_records'].each { |dnsrec|
+                if dnsrec.has_key?("name") && dnsrec['name'].start_with?(MU.deploy_id.downcase)
+                  MU.log "DNS record for #{MU.deploy_id.downcase}, #{name} is probably wrong, deleting", MU::WARN, details: dnsrec
+                  dnsrec.delete('name')
+                  dnsrec.delete('target')
+                end
+              }
+            end
+
+            kitten = MU::Cloud::Server.new(mommacat: self, kitten_cfg: svr, cloud_id: cloud_id)
+            mu_name = kitten.mu_name if mu_name.nil?
+            MU.log "Grooming #{mu_name} for the first time", details: svr
+            break
+          end
+        }
+      end
+
+      begin
+        # This is a shared lock with MU::Cloud::AWS::Server.create, to keep from
+        # stomping on synchronous deploys that are still running. This
+        # means we're going to wait here if this instance is still being
+        # bootstrapped by "regular" means.
+        if !MU::MommaCat.lock(cloud_id+"-create", true)
+          MU.log "#{mu_name} is still in mid-creation, skipping", MU::NOTICE
+          MU::MommaCat.unlockAll
+          if !MU::MommaCat.locks.nil? and MU::MommaCat.locks.size > 0
+            puts "------------------------------"
+            puts "Open flock() locks:"
+            pp MU::MommaCat.locks
+            puts "------------------------------"
+          end
+          return
+        end
+        MU::MommaCat.unlock(cloud_id+"-create")
+
+        if !kitten.postBoot(cloud_id)
+          MU.log "#{mu_name} is already being groomed, skipping", MU::NOTICE
+          MU::MommaCat.unlockAll
+          if !MU::MommaCat.locks.nil? and MU::MommaCat.locks.size > 0
+            puts "------------------------------"
+            puts "Open flock() locks:"
+            pp MU::MommaCat.locks
+            puts "------------------------------"
+          end
+          return
+        end
+
+        # This is a shared lock with MU::Deploy.createResources, simulating the
+        # thread logic that tells MU::Cloud::AWS::Server.deploy to wait until
+        # its dependencies are ready. We don't, for example, want to start
+        # deploying if we rely on an RDS instance that isn't ready yet. We can
+        # release this immediately, once we successfully grab it.
+        MU::MommaCat.lock("#{kitten.cloudclass.name}_#{kitten.config["name"]}-dependencies")
+        MU::MommaCat.unlock("#{kitten.cloudclass.name}_#{kitten.config["name"]}-dependencies")
+
+        kitten.groom
+      rescue StandardError => e
+        MU::MommaCat.unlockAll
+        if e.class.name != "MU::Cloud::AWS::Server::BootstrapTempFail" and !File.exist?(deploy_dir+"/.cleanup."+cloud_id) and !File.exist?(deploy_dir+"/.cleanup")
+          MU.log "Grooming FAILED for #{kitten.mu_name} (#{e.inspect})", MU::ERR, details: e.backtrace
+          sendAdminSlack("Grooming FAILED for `#{kitten.mu_name}` with `#{e.message}` :crying_cat_face:", msg: e.backtrace.join("\n"))
+         sendAdminMail("Grooming FAILED for #{kitten.mu_name} on #{MU.appname} \"#{MU.handle}\" (#{MU.deploy_id})",
+           msg: e.inspect,
+           data: e.backtrace,
+           debug: true
+         )
+          raise e if reraise_fail
+        else
+          MU.log "Grooming of #{kitten.mu_name} interrupted by cleanup or planned reboot"
+        end
+        return
+      end
+
+      if !@deployment['servers'].nil? and !sync_wait
+        syncLitter(@deployment["servers"].keys, triggering_node: kitten)
+      end
+      MU::MommaCat.unlock(cloud_id+"-mommagroom")
+      if MU.myCloud == "AWS"
+        MU::Cloud::AWS.openFirewallForClients # XXX add the other clouds, or abstract
+      end
+      MU::MommaCat.getLitter(MU.deploy_id)
+      MU::Master.syncMonitoringConfig(false)
+      MU.log "Grooming complete for '#{name}' mu_name on \"#{MU.handle}\" (#{MU.deploy_id})"
+      FileUtils.touch(MU.dataDir+"/deployments/#{MU.deploy_id}/#{name}_done.txt")
+      MU::MommaCat.unlockAll
+      if first_groom
+        sendAdminSlack("Grooming complete for #{mu_name} :heart_eyes_cat:")
+        sendAdminMail("Grooming complete for '#{name}' (#{mu_name}) on deploy \"#{MU.handle}\" (#{MU.deploy_id})")
+      end
+      return
+    end
+
+    @cleanup_threads = []
+
+    # Iterate over all known deployments and look for instances that have been
+    # terminated, but not yet cleaned up, then clean them up.
+    def self.cleanTerminatedInstances(debug = false)
+      loglevel = debug ? MU::NOTICE : MU::DEBUG
+      MU::MommaCat.lock("clean-terminated-instances", false, true)
+      MU.log "Checking for harvested instances in need of cleanup", loglevel
+      parent_thread_id = Thread.current.object_id
+      purged = 0
+
+      MU::MommaCat.listDeploys.each { |deploy_id|
+        next if File.exist?(deploy_dir(deploy_id)+"/.cleanup")
+        MU.log "Checking for dead wood in #{deploy_id}", loglevel
+        need_reload = false
+        @cleanup_threads << Thread.new {
+          MU.dupGlobals(parent_thread_id)
+          deploy = MU::MommaCat.getLitter(deploy_id, set_context_to_me: true)
+          purged_this_deploy = 0
+            MU.log "#{deploy_id} has some kittens in it", loglevel, details: deploy.kittens.keys
+          if deploy.kittens.has_key?("servers")
+            MU.log "#{deploy_id} has some servers declared", loglevel, details: deploy.object_id
+            deploy.kittens["servers"].values.each { |nodeclasses|
+              nodeclasses.each_pair { |nodeclass, servers|
+                deletia = []
+                MU.log "Checking status of servers under '#{nodeclass}'", loglevel, details: servers.keys
+                servers.each_pair { |mu_name, server|
+                  server.describe
+                  if !server.cloud_id
+                    MU.log "Checking for presence of #{mu_name}, but unable to fetch its cloud_id", MU::WARN, details: server
+                  elsif !server.active?
+                    next if File.exist?(deploy_dir(deploy_id)+"/.cleanup-"+server.cloud_id)
+                    deletia << mu_name
+                    need_reload = true
+                    MU.log "Cleaning up metadata for #{server} (#{nodeclass}), formerly #{server.cloud_id}, which appears to have been terminated", MU::NOTICE
+                    begin
+                      server.destroy
+                      deploy.sendAdminMail("Retired metadata for terminated node #{mu_name}")
+                      deploy.sendAdminSlack("Retired metadata for terminated node `#{mu_name}`")
+                    rescue StandardError => e
+                      MU.log "Saw #{e.message} while retiring #{mu_name}", MU::ERR, details: e.backtrace
+                      next
+                    end
+                    MU.log "Cleanup of metadata for #{server} (#{nodeclass}), formerly #{server.cloud_id} complete", MU::NOTICE
+                    purged = purged + 1
+                    purged_this_deploy = purged_this_deploy + 1
+                  end
+                }
+                deletia.each { |mu_name|
+                  servers.delete(mu_name)
+                }
+                if purged_this_deploy > 0
+                  # XXX triggering_node needs to take more than one node name
+                  deploy.syncLitter(servers.keys, triggering_node: deletia.first)
+                end
+              }
+            }
+          end
+          if need_reload
+            MU.log "Saving modified deploy #{deploy_id}", loglevel
+            deploy.save!
+            MU::MommaCat.getLitter(deploy_id)
+          end
+          MU.purgeGlobals
+        }
+      }
+      @cleanup_threads.each { |t|
+        t.join
+      }
+      MU.log "cleanTerminatedInstances threads complete", loglevel
+      MU::MommaCat.unlock("clean-terminated-instances", true)
+      @cleanup_threads = []
+
+      if purged > 0
+        if MU.myCloud == "AWS"
+          MU::Cloud::AWS.openFirewallForClients # XXX add the other clouds, or abstract
+        end
+        MU::Master.syncMonitoringConfig
+        GC.start
+      end
+      MU.log "cleanTerminatedInstances returning", loglevel
+    end
+
+    # Path to the log file used by the Momma Cat daemon
+    # @return [String]
+    def self.daemonLogFile
+      base = (Process.uid == 0 and !MU.localOnly) ? "/var" : MU.dataDir
+      "#{base}/log/mu-momma-cat.log"
+    end
+
+    # Path to the PID file used by the Momma Cat daemon
+    # @return [String]
+    def self.daemonPidFile
+      base = (Process.uid == 0 and !MU.localOnly) ? "/var" : MU.dataDir
+      "#{base}/run/mommacat.pid"
+    end
+
+		# Start the Momma Cat daemon and return the exit status of the command used
+    # @return [Integer]
+    def self.start
+      if MU.inGem? and MU.muCfg['disable_mommacat']
+        return
+      end
+      base = (Process.uid == 0 and !MU.localOnly) ? "/var" : MU.dataDir
+      [base, "#{base}/log", "#{base}/run"].each { |dir|
+       if !Dir.exist?(dir)
+          MU.log "Creating #{dir}"
+          Dir.mkdir(dir)
+        end
+      }
+      return 0 if status
+    
+      MU.log "Starting Momma Cat on port #{MU.mommaCatPort}, logging to #{daemonLogFile}, PID file #{daemonPidFile}"
+      origdir = Dir.getwd
+      Dir.chdir(MU.myRoot+"/modules")
+
+      # XXX what's the safest way to find the 'bundle' executable in both gem and non-gem installs?
+      if MU.inGem?
+        cmd = %Q{thin --threaded --daemonize --port #{MU.mommaCatPort} --pid #{daemonPidFile} --log #{daemonLogFile} --ssl --ssl-key-file #{MU.muCfg['ssl']['key']} --ssl-cert-file #{MU.muCfg['ssl']['cert']} --ssl-disable-verify --tag mu-momma-cat -R mommacat.ru start}
+      else
+        cmd = %Q{bundle exec thin --threaded --daemonize --port #{MU.mommaCatPort} --pid #{daemonPidFile} --log #{daemonLogFile} --ssl --ssl-key-file #{MU.muCfg['ssl']['key']} --ssl-cert-file #{MU.muCfg['ssl']['cert']} --ssl-disable-verify --tag mu-momma-cat -R mommacat.ru start}
+      end
+
+      MU.log cmd, MU::NOTICE
+
+      retries = 0
+      begin
+        output = %x{#{cmd}}
+        sleep 1
+        retries += 1
+        if retries >= 10
+          MU.log "MommaCat failed to start (command was #{cmd}, working directory #{MU.myRoot}/modules)", MU::WARN, details: output
+          pp caller
+          return $?.exitstatus
+        end
+      end while !status
+
+      Dir.chdir(origdir)
+    
+      if $?.exitstatus != 0
+        exit 1
+      end
+
+      return $?.exitstatus
+    end
+
+    # Return true if the Momma Cat daemon appears to be running
+    # @return [Boolean]
+    def self.status
+      if MU.inGem? and MU.muCfg['disable_mommacat']
+        return true
+      end
+      if File.exist?(daemonPidFile)
+        pid = File.read(daemonPidFile).chomp.to_i
+        begin
+          Process.getpgid(pid)
+          MU.log "Momma Cat running with pid #{pid.to_s}"
+          return true
+        rescue Errno::ESRCH
+        end
+      end
+      MU.log "Momma Cat daemon not running", MU::NOTICE, details: daemonPidFile
+      false
+    end
+    
+		# Stop the Momma Cat daemon, if it's running
+    def self.stop
+      if File.exist?(daemonPidFile)
+        pid = File.read(daemonPidFile).chomp.to_i
+        MU.log "Stopping Momma Cat with pid #{pid.to_s}"
+        Process.kill("INT", pid)
+        killed = false
+        begin
+          Process.getpgid(pid)
+          sleep 1
+        rescue Errno::ESRCH
+          killed = true
+        end while killed
+        MU.log "Momma Cat with pid #{pid.to_s} stopped", MU::DEBUG, details: daemonPidFile
+    
+        begin
+          File.unlink(daemonPidFile)
+        rescue Errno::ENOENT
+        end
+      end
+    end
+
+		# (Re)start the Momma Cat daemon and return the exit status of the start command
+    # @return [Integer]
+    def self.restart
+      stop
+      start
+    end
+
+  end #class
+end #module

data/modules/mu/mommacat/naming.rb

@@ -0,0 +1,366 @@
+# Copyright:: Copyright (c) 2020 eGlobalTech, Inc., all rights reserved
+#
+# Licensed under the BSD-3 license (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the root of the project or at
+#
+#     http://egt-labs.com/mu/LICENSE.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module MU
+
+  # MommaCat is in charge of managing metadata about resources we've created,
+  # as well as orchestrating amongst them and bootstrapping nodes outside of
+  # the normal synchronous deploy sequence invoked by *mu-deploy*.
+  class MommaCat
+
+    # Generate a three-character string which can be used to unique-ify the
+    # names of resources which might potentially collide, e.g. Windows local
+    # hostnames, Amazon Elastic Load Balancers, or server pool instances.
+    # @return [String]: A three-character string consisting of two alphnumeric
+    # characters (uppercase) and one number.
+    def self.genUniquenessString
+      begin
+        candidate = SecureRandom.base64(2).slice(0..1) + SecureRandom.random_number(9).to_s
+        candidate.upcase!
+      end while candidate.match(/[^A-Z0-9]/)
+      return candidate
+    end
+
+    @unique_map_semaphore = Mutex.new
+    @name_unique_str_map = {}
+    # Keep a map of the uniqueness strings we assign to various full names, in
+    # case we want to reuse them later.
+    # @return [Hash<String>]
+    def self.name_unique_str_map
+      @name_unique_str_map
+    end
+
+    # Keep a map of the uniqueness strings we assign to various full names, in
+    # case we want to reuse them later.
+    # @return [Mutex]
+    def self.unique_map_semaphore
+      @unique_map_semaphore
+    end
+
+    # Generate a name string for a resource, incorporate the MU identifier
+    # for this deployment. Will dynamically shorten the name to fit for
+    # restrictive uses (e.g. Windows local hostnames, Amazon Elastic Load
+    # Balancers).
+    # @param name [String]: The shorthand name of the resource, usually the value of the "name" field in an Mu resource declaration.
+    # @param max_length [Integer]: The maximum length of the resulting resource name.
+    # @param need_unique_string [Boolean]: Whether to forcibly append a random three-character string to the name to ensure it's unique. Note that this behavior will be automatically invoked if the name must be truncated.
+    # @param scrub_mu_isms [Boolean]: Don't bother with generating names specific to this deployment. Used to generate generic CloudFormation templates, amongst other purposes.
+    # @param disallowed_chars [Regexp]: A pattern of characters that are illegal for this resource name, such as +/[^a-zA-Z0-9-]/+
+    # @return [String]: A full name string for this resource
+    def getResourceName(name, max_length: 255, need_unique_string: false, use_unique_string: nil, reuse_unique_string: false, scrub_mu_isms: @original_config['scrub_mu_isms'], disallowed_chars: nil)
+      if name.nil?
+        raise MuError, "Got no argument to MU::MommaCat.getResourceName"
+      end
+      if @appname.nil? or @environment.nil? or @timestamp.nil? or @seed.nil?
+        MU.log "getResourceName: Missing global deploy variables in thread #{Thread.current.object_id}, using bare name '#{name}' (appname: #{@appname}, environment: #{@environment}, timestamp: #{@timestamp}, seed: #{@seed}, deploy_id: #{@deploy_id}", MU::WARN, details: caller
+        return name
+      end
+      need_unique_string = false if scrub_mu_isms
+
+      muname = nil
+      if need_unique_string
+        reserved = 4
+      else
+        reserved = 0
+      end
+
+      # First, pare down the base name string until it will fit
+      basename = @appname.upcase + "-" + @environment.upcase + "-" + @timestamp + "-" + @seed.upcase + "-" + name.upcase
+      if scrub_mu_isms
+        basename = @appname.upcase + "-" + @environment.upcase + name.upcase
+      end
+
+      subchar = if disallowed_chars
+        if "-".match(disallowed_chars)
+          if !"_".match(disallowed_chars)
+            "_"
+          else
+            ""
+          end
+        else
+          "-"
+        end
+      end
+
+      if disallowed_chars
+        basename.gsub!(disallowed_chars, subchar) if disallowed_chars
+      end
+      attempts = 0
+      begin
+        if (basename.length + reserved) > max_length
+          MU.log "Stripping name down from #{basename}[#{basename.length.to_s}] (reserved: #{reserved.to_s}, max_length: #{max_length.to_s})", MU::DEBUG
+          if basename == @appname.upcase + "-" + @seed.upcase + "-" + name.upcase
+            # If we've run out of stuff to strip, truncate what's left and
+            # just leave room for the deploy seed and uniqueness string. This
+            # is the bare minimum, and probably what you'll see for most Windows
+            # hostnames.
+            basename = name.upcase + "-" + @appname.upcase
+            basename.slice!((max_length-(reserved+3))..basename.length)
+            basename.sub!(/-$/, "")
+            basename = basename + "-" + @seed.upcase
+            basename.gsub!(disallowed_chars, subchar) if disallowed_chars
+          else
+            # If we have to strip anything, assume we've lost uniqueness and
+            # will have to compensate with #genUniquenessString.
+            need_unique_string = true
+            reserved = 4
+            basename.sub!(/-[^-]+-#{@seed.upcase}-#{Regexp.escape(name.upcase)}$/, "")
+            basename = basename + "-" + @seed.upcase + "-" + name.upcase
+            basename.gsub!(disallowed_chars, subchar) if disallowed_chars
+          end
+        end
+        attempts += 1
+        raise MuError, "Failed to generate a reasonable name getResourceName(#{name}, max_length: #{max_length.to_s}, need_unique_string: #{need_unique_string.to_s}, use_unique_string: #{use_unique_string.to_s}, reuse_unique_string: #{reuse_unique_string.to_s}, scrub_mu_isms: #{scrub_mu_isms.to_s}, disallowed_chars: #{disallowed_chars})" if attempts > 10
+      end while (basename.length + reserved) > max_length
+
+      # Finally, apply our short random differentiator, if it's needed.
+      if need_unique_string
+        # Preferentially use a requested one, if it's not already in use.
+        if !use_unique_string.nil?
+          muname = basename + "-" + use_unique_string
+          if !allocateUniqueResourceName(muname) and !reuse_unique_string
+            MU.log "Requested to use #{use_unique_string} as differentiator when naming #{name}, but the name #{muname} is unavailable.", MU::WARN
+            muname = nil
+          end
+        end
+        if !muname
+          begin
+            unique_string = MU::MommaCat.genUniquenessString
+            muname = basename + "-" + unique_string
+          end while !allocateUniqueResourceName(muname)
+          MU::MommaCat.unique_map_semaphore.synchronize {
+            MU::MommaCat.name_unique_str_map[muname] = unique_string
+          }
+        end
+      else
+        muname = basename
+      end
+      muname.gsub!(disallowed_chars, subchar) if disallowed_chars
+
+      return muname
+    end
+
+    # List the name/value pairs for our mandatory standard set of resource tags, which
+    # should be applied to all taggable cloud provider resources.
+    # @return [Hash<String,String>]
+    def self.listStandardTags
+      return {} if !MU.deploy_id
+      {
+        "MU-ID" => MU.deploy_id,
+        "MU-APP" => MU.appname,
+        "MU-ENV" => MU.environment,
+        "MU-MASTER-IP" => MU.mu_public_ip
+      }
+    end
+    # List the name/value pairs for our mandatory standard set of resource tags
+    # for this deploy.
+    # @return [Hash<String,String>]
+    def listStandardTags
+      {
+        "MU-ID" => @deploy_id,
+        "MU-APP" => @appname,
+        "MU-ENV" => @environment,
+        "MU-MASTER-IP" => MU.mu_public_ip
+      }
+    end
+
+    # List the name/value pairs of our optional set of resource tags which
+    # should be applied to all taggable cloud provider resources.
+    # @return [Hash<String,String>]
+    def self.listOptionalTags
+      return {
+        "MU-HANDLE" => MU.handle,
+        "MU-MASTER-NAME" => Socket.gethostname,
+        "MU-OWNER" => MU.mu_user
+      }
+    end
+
+    # Make sure the given node has proper DNS entries, /etc/hosts entries,
+    # SSH config entries, etc.
+    # @param server [MU::Cloud::Server]: The {MU::Cloud::Server} we'll be setting up.
+    # @param sync_wait [Boolean]: Whether to wait for DNS to fully synchronize before returning.
+    def self.nameKitten(server, sync_wait: false)
+      node, config, _deploydata = server.describe
+
+      mu_zone = nil
+      # XXX GCP!
+      if MU::Cloud::AWS.hosted? and !MU::Cloud::AWS.isGovCloud?
+        zones = MU::Cloud::DNSZone.find(cloud_id: "platform-mu")
+        mu_zone = zones.values.first if !zones.nil?
+      end
+      if !mu_zone.nil?
+        MU::Cloud::DNSZone.genericMuDNSEntry(name: node, target: server.canonicalIP, cloudclass: MU::Cloud::Server, sync_wait: sync_wait)
+      else
+        MU::Master.addInstanceToEtcHosts(server.canonicalIP, node)
+      end
+
+## TO DO: Do DNS registration of "real" records as the last stage after the groomer completes
+      if config && config['dns_records'] && !config['dns_records'].empty?
+        dnscfg = config['dns_records'].dup
+        dnscfg.each { |dnsrec|
+          if !dnsrec.has_key?('name')
+            dnsrec['name'] = node.downcase
+            dnsrec['name'] = "#{dnsrec['name']}.#{MU.environment.downcase}" if dnsrec["append_environment_name"] && !dnsrec['name'].match(/\.#{MU.environment.downcase}$/)
+          end
+
+          if !dnsrec.has_key?("target")
+            # Default to register public endpoint
+            public = true
+
+            if dnsrec.has_key?("target_type")
+              # See if we have a preference for pubic/private endpoint
+              public = dnsrec["target_type"] == "private" ? false : true
+            end
+  
+            dnsrec["target"] =
+              if dnsrec["type"] == "CNAME"
+                if public
+                  # Make sure we have a public canonical name to register. Use the private one if we don't
+                  server.cloud_desc.public_dns_name.empty? ? server.cloud_desc.private_dns_name : server.cloud_desc.public_dns_name
+                else
+                  # If we specifically requested to register the private canonical name lets use that
+                  server.cloud_desc.private_dns_name
+                end
+              elsif dnsrec["type"] == "A"
+                if public
+                  # Make sure we have a public IP address to register. Use the private one if we don't
+                  server.cloud_desc.public_ip_address ? server.cloud_desc.public_ip_address : server.cloud_desc.private_ip_address
+                else
+                  # If we specifically requested to register the private IP lets use that
+                  server.cloud_desc.private_ip_address
+                end
+              end
+          end
+        }
+        if !MU::Cloud::AWS.isGovCloud?
+          MU::Cloud::DNSZone.createRecordsFromConfig(dnscfg)
+        end
+      end
+
+      MU::Master.removeHostFromSSHConfig(node)
+      if server and server.canonicalIP
+        MU::Master.removeIPFromSSHKnownHosts(server.canonicalIP)
+      end
+# XXX add names paramater with useful stuff
+      MU::Master.addHostToSSHConfig(
+          server,
+          ssh_owner: server.deploy.mu_user,
+          ssh_dir: Etc.getpwnam(server.deploy.mu_user).dir+"/.ssh"
+      )
+    end
+
+    # Manufactures a human-readable deployment name from the random
+    # two-character seed in MU-ID. Cat-themed when possible.
+    # @param seed [String]: A two-character seed from which we'll generate a name.
+    # @return [String]: Two words
+    def self.generateHandle(seed)
+      word_one=word_two=nil
+
+      # Unless we've got two letters that don't have corresponding cat-themed
+      # words, we'll insist that our generated handle have at least one cat
+      # element to it.
+      require_cat_words = true
+      if @catwords.select { |word| word.match(/^#{seed[0]}/i) }.size == 0 and
+          @catwords.select { |word| word.match(/^#{seed[1]}/i) }.size == 0
+        require_cat_words = false
+        MU.log "Got an annoying pair of letters #{seed}, not forcing cat-theming", MU::DEBUG
+      end
+      allnouns = @catnouns + @jaegernouns
+      alladjs = @catadjs + @jaegeradjs
+
+      tries = 0
+      begin
+        # Try to avoid picking something "nouny" for the first word
+        source = @catadjs + @catmixed + @jaegeradjs + @jaegermixed
+        first_ltr = source.select { |word| word.match(/^#{seed[0]}/i) }
+        if !first_ltr or first_ltr.size == 0
+          first_ltr = @words.select { |word| word.match(/^#{seed[0]}/i) }
+        end
+        word_one = first_ltr.shuffle.first
+
+        # If we got a paired set that happen to match our letters, go with it
+        if !word_one.nil? and word_one.match(/-#{seed[1]}/i)
+          word_one, word_two = word_one.split(/-/)
+        else
+          source = @words
+          if @catwords.include?(word_one)
+            source = @jaegerwords
+          elsif require_cat_words
+            source = @catwords
+          end
+          second_ltr = source.select { |word| word.match(/^#{seed[1]}/i) and !word.match(/-/i) }
+          word_two = second_ltr.shuffle.first
+        end
+        tries = tries + 1
+      end while tries < 50 and (word_one.nil? or word_two.nil? or word_one.match(/-/) or word_one == word_two or (allnouns.include?(word_one) and allnouns.include?(word_two)) or (alladjs.include?(word_one) and alladjs.include?(word_two)) or (require_cat_words and !@catwords.include?(word_one) and !@catwords.include?(word_two) and !@catwords.include?(word_one+"-"+word_two)))
+
+      if tries >= 50 and (word_one.nil? or word_two.nil?)
+        MU.log "I failed to generated a valid handle from #{seed}, faking it", MU::ERR
+        return "#{seed[0].capitalize} #{seed[1].capitalize}"
+      end
+
+      return "#{word_one.capitalize} #{word_two.capitalize}"
+    end
+
+    private
+
+    # Check to see whether a given resource name is unique across all
+    # deployments on this Mu server. We only enforce this for certain classes
+    # of names. If the name in question is available, add it to our cache of
+    # said names.  See #{MU::MommaCat.getResourceName}
+    # @param name [String]: The name to attempt to allocate.
+    # @return [Boolean]: True if allocation was successful.
+    def allocateUniqueResourceName(name)
+      raise MuError, "Cannot call allocateUniqueResourceName without an active deployment" if @deploy_id.nil?
+      path = File.expand_path(MU.dataDir+"/deployments")
+      File.open(path+"/unique_ids", File::CREAT|File::RDWR, 0600) { |f|
+        existing = []
+        f.flock(File::LOCK_EX)
+        f.readlines.each { |line|
+          existing << line.chomp
+        }
+        begin
+          existing.each { |used|
+            if used.match(/^#{name}:/)
+              if !used.match(/^#{name}:#{@deploy_id}$/)
+                MU.log "#{name} is already reserved by another resource on this Mu server.", MU::WARN, details: caller
+                return false
+              else
+                return true
+              end
+            end
+          }
+          f.puts name+":"+@deploy_id
+          return true
+        ensure
+          f.flock(File::LOCK_UN)
+        end
+      }
+    end
+
+    # 2019-06-03 adding things from https://aiweirdness.com/post/185339301987/once-again-a-neural-net-tries-to-name-cats
+    @catadjs = %w{fuzzy ginger lilac chocolate xanthic wiggly itty chonky norty slonky floofy heckin bebby}
+    @catnouns = %w{bastet biscuits bobcat catnip cheetah chonk dot felix hamb hambina jaguar kitty leopard lion lynx maru mittens moggy neko nip ocelot panther patches paws phoebe purr queen roar saber sekhmet skogkatt socks sphinx spot tail tiger tom whiskers wildcat yowl floof beans ailurophile dander dewclaw grimalkin kibble quick tuft misty simba slonk mew quat eek ziggy whiskeridoo cromch monch screm}
+    @catmixed = %w{abyssinian angora bengal birman bobtail bombay burmese calico chartreux cheshire cornish-rex curl devon egyptian-mau feline furever fumbs havana himilayan japanese-bobtail javanese khao-manee maine-coon manx marmalade mau munchkin norwegian pallas persian peterbald polydactyl ragdoll russian-blue savannah scottish-fold serengeti shorthair siamese siberian singapura snowshoe stray tabby tonkinese tortoiseshell turkish-van tuxedo uncia caterwaul lilac-point chocolate-point mackerel maltese knead whitenose vorpal chewie-bean chicken-whiskey fish-especially thelonious-monsieur tom-glitter serendipitous-kill sparky-buttons nip-nops murder-mittens bite}
+    @catwords = @catadjs + @catnouns + @catmixed
+
+    @jaegeradjs = %w{azure fearless lucky olive vivid electric grey yarely violet ivory jade cinnamon crimson tacit umber mammoth ultra iron zodiac}
+    @jaegernouns = %w{horizon hulk ultimatum yardarm watchman whilrwind wright rhythm ocean enigma eruption typhoon jaeger brawler blaze vandal excalibur paladin juliet kaleidoscope romeo}
+    @jaegermixed = %w{alpha ajax amber avenger brave bravo charlie chocolate chrome corinthian dancer danger dash delta duet echo edge elite eureka foxtrot guardian gold hyperion illusion imperative india intercept kilo lancer night nova november oscar omega pacer quickstrike rogue ronin striker tango titan valor victor vulcan warder xenomorph xenon xray xylem yankee yell yukon zeal zero zoner zodiac}
+    @jaegerwords = @jaegeradjs + @jaegernouns + @jaegermixed
+
+    @words = @catwords + @jaegerwords
+
+  end #class
+end #module