cloud-mu 3.1.4 → 3.1.5

data/cookbooks/mu-tools/resources/windows_users.rb

@@ -195,48 +195,49 @@ action :config do
   else
     # We want to run ec2config as admin user so Windows userdata executes as admin, however the local admin account doesn't have Logon As a Service right. Domain privileges are set separately
 
-    cookbook_file "c:\\Windows\\SysWOW64\\ntrights.exe" do
-      source "ntrights"
-    end
-    [new_resource.ssh_user, new_resource.ec2config_user].each { |usr|
-			pass = if usr == new_resource.ec2config_user
-				new_resource.ec2config_password
-			elsif usr == new_resource.ssh_user
-				new_resource.ssh_password
-			end
-
-      user usr do
-        password pass
-      end
-
-      group "Administrators" do
-        action :modify
-        members usr
-        append true
-      end
-
-      %w{SeDenyRemoteInteractiveLogonRight SeDenyInteractiveLogonRight SeServiceLogonRight}.each { |privilege|
-        batch "Grant local user #{usr} logon as service right" do
-          code "C:\\Windows\\SysWOW64\\ntrights +r #{privilege} -u #{usr}"
-        end
-      }
-
-			# XXX user resource seems not to really be setting password, or is setting			# in such a way that the user is being required to change it. Workaround.
-      powershell_script "Adjust local account params for #{usr}" do
-				code <<-EOH
-					(([adsi]('WinNT://./#{usr}, user')).psbase.invoke('SetPassword', '#{pass}'))
-				EOH
-      end
-
-      if usr == new_resource.ssh_user
-
-        %w{SeCreateTokenPrivilege SeTcbPrivilege SeAssignPrimaryTokenPrivilege}.each { |privilege|
-          batch "Grant local user #{usr} logon as service right" do
-            code "C:\\Windows\\SysWOW64\\ntrights +r #{privilege} -u #{usr}"
-          end
-        }
-					
-      end
-    }
+#    cookbook_file "c:\\Windows\\SysWOW64\\ntrights.exe" do
+#      source "ntrights"
+#    end
+#    [new_resource.ssh_user, new_resource.ec2config_user].each { |usr|
+#			pass = if usr == new_resource.ec2config_user
+#				new_resource.ec2config_password
+#			elsif usr == new_resource.ssh_user
+#				new_resource.ssh_password
+#			end
+#
+#      user usr do
+#        password pass
+#        action :modify
+#      end
+#
+#      group "Administrators" do
+#        action :modify
+#        members usr
+#        append true
+#      end
+#
+#      %w{SeDenyRemoteInteractiveLogonRight SeDenyInteractiveLogonRight SeServiceLogonRight}.each { |privilege|
+#        batch "Grant local user #{usr} logon as service right" do
+#          code "C:\\Windows\\SysWOW64\\ntrights +r #{privilege} -u #{usr}"
+#        end
+#      }
+#
+#			# XXX user resource seems not to really be setting password, or is setting			# in such a way that the user is being required to change it. Workaround.
+#      powershell_script "Adjust local account params for #{usr}" do
+#				code <<-EOH
+#					(([adsi]('WinNT://./#{usr}, user')).psbase.invoke('SetPassword', '#{pass}'))
+#				EOH
+#      end
+#
+#      if usr == new_resource.ssh_user
+#
+#        %w{SeCreateTokenPrivilege SeTcbPrivilege SeAssignPrimaryTokenPrivilege}.each { |privilege|
+#          batch "Grant local user #{usr} logon as service right" do
+#            code "C:\\Windows\\SysWOW64\\ntrights +r #{privilege} -u #{usr}"
+#          end
+#        }
+#					
+#      end
+#    }
   end
 end

data/extras/image-generators/AWS/win2k12.yaml

@@ -1,16 +1,19 @@
 ---
   appname: mu
+  vpcs:
+  - name: windowsbuild
   servers: 
-    - 
-      name: win2k12
-      platform: windows
-      size: m4.large
-      scrub_groomer: true
-      run_list:
-      - recipe[mu-tools::updates]
-      - recipe[mu-utility::cleanup_image_helper]
-      create_image:
-        image_then_destroy: true
-        public: true
-        copy_to_regions:
-        - "#ALL"
+  - name: win2k12
+    platform: win2k12
+    vpc:
+      name: windowsbuild
+    size: m4.large
+    scrub_groomer: true
+    groomer: Ansible
+    run_list:
+    - mu-windows
+    create_image:
+      image_then_destroy: true
+      public: true
+      copy_to_regions:
+      - "#ALL"

data/extras/image-generators/AWS/win2k16.yaml

@@ -1,16 +1,19 @@
 ---
   appname: mu
+  vpcs:
+  - name: windowsbuild
   servers: 
-    - 
-      name: win2k16
-      platform: windows
-      size: m4.large
-      scrub_groomer: true
-      run_list:
-      - recipe[mu-tools::updates]
-      - recipe[mu-utility::cleanup_image_helper]
-      create_image:
-        image_then_destroy: true
-        public: true
-        copy_to_regions:
-        - "#ALL"
+  - name: win2k16
+    platform: win2k16
+    vpc:
+      name: windowsbuild
+    size: m4.large
+    scrub_groomer: true
+    groomer: Ansible
+    run_list:
+    - mu-windows
+    create_image:
+      image_then_destroy: true
+      public: true
+      copy_to_regions:
+      - "#ALL"

data/extras/image-generators/AWS/win2k19.yaml

@@ -0,0 +1,19 @@
+---
+  appname: mu
+  vpcs:
+  - name: windowsbuild
+  servers: 
+  - name: win2k19
+    platform: windows
+    vpc:
+      name: windowsbuild
+    size: m4.large
+    scrub_groomer: true
+    groomer: Ansible
+    run_list:
+    - mu-windows
+    create_image:
+      image_then_destroy: true
+      public: true
+      copy_to_regions:
+      - "#ALL"

data/modules/mu.rb

@@ -263,6 +263,7 @@ module MU
       end while newguy.nil?
 
       @@mu_global_thread_semaphore.synchronize {
+        MU.dupGlobals(Thread.current.object_id, target_thread: newguy)
         @@mu_global_threads << newguy
       }
 
@@ -295,6 +296,68 @@ module MU
     end
   end
 
+  # Boilerplate retry block executor, for making cloud API calls which might
+  # fail transiently.
+  #
+  # @param catchme [Array<Exception>]: Exception classes which should be caught and retried
+  # @param wait [Integer]: Number of seconds to wait between retries
+  # @param max [Integer]: Maximum number of retries; if less than 1, will retry indefinitely
+  # @param ignoreme [Array<Exception>]: Exception classes which can be silently treated as success. This will override any +loop_if+ block and return automatically (after invoking +always+, if the latter was specified).
+  # @param on_retry [Proc]: Optional block of code to invoke during retries
+  # @param always [Proc]: Optional block of code to invoke before returning or failing, a bit like +ensure+
+  # @param loop_if [Proc]: Optional block of code to invoke which will cause our block to be rerun until true
+  # @param loop_msg [String]: Message to display every third attempt
+  def self.retrier(catchme = nil, wait: 30, max: 0, ignoreme: [], on_retry: nil, always: nil, loop_if: nil, loop_msg: nil)
+
+    loop_if ||= Proc.new { false }
+
+    retries = 0
+    begin
+      retries += 1
+      loglevel = ((retries % 3) == 0) ? MU::NOTICE : MU::DEBUG
+      log_attempts = retries.to_s
+      log_attempts += (max > 0 ? "/"+max.to_s : "")
+      yield(retries, wait) if block_given?
+      if loop_if.call
+        MU.log loop_msg, loglevel, details: log_attempts if loop_msg
+        sleep wait
+      end
+    rescue StandardError => e
+      if catchme and catchme.include?(e.class)
+        if max > 0 and retries >= max
+          always.call if always and always.is_a?(Proc)
+          if ignoreme.include?(e.class)
+            return
+          else
+            raise e
+          end
+        end
+
+        if on_retry and on_retry.is_a?(Proc)
+          on_retry.call(e)
+        end
+
+        if retries == max-1
+          MU.log e.message, MU::WARN, details: caller
+          sleep wait # wait extra on the final attempt
+        else
+          MU.log e.message, loglevel, details: log_attempts
+        end
+
+        sleep wait
+        retry
+      elsif ignoreme and ignoreme.include?(e.class)
+        always.call if always and always.is_a?(Proc)
+        return
+      else
+        always.call if always and always.is_a?(Proc)
+        raise e
+      end
+    end while loop_if.call and (max < 1 or retries < max)
+
+    always.call if always and always.is_a?(Proc)
+  end
+
   if !ENV.has_key?("MU_LIBDIR") and ENV.has_key?("MU_INSTALLDIR")
     ENV['MU_LIBDIR'] = ENV['MU_INSTALLDIR']+"/lib"
   else
@@ -394,20 +457,20 @@ module MU
   @@global_var_semaphore = Mutex.new
 
   # Set one of our global per-thread variables.
-  def self.setVar(name, value)
+  def self.setVar(name, value, target_thread: Thread.current)
     @@global_var_semaphore.synchronize {
-      @@globals[Thread.current.object_id] ||= Hash.new
-      @@globals[Thread.current.object_id][name] ||= Hash.new
-      @@globals[Thread.current.object_id][name] = value
+      @@globals[target_thread.object_id] ||= Hash.new
+      @@globals[target_thread.object_id][name] ||= Hash.new
+      @@globals[target_thread.object_id][name] = value
     }
   end
 
   # Copy the set of global variables in use by another thread, typically our
   # parent thread.
-  def self.dupGlobals(parent_thread_id)
+  def self.dupGlobals(parent_thread_id, target_thread: Thread.current)
     @@globals[parent_thread_id] ||= {}
     @@globals[parent_thread_id].each_pair { |name, value|
-      setVar(name, value)
+      setVar(name, value, target_thread: target_thread)
     }
   end
 
@@ -1015,15 +1078,15 @@ module MU
 
   # Generate a random password which will satisfy the complexity requirements of stock Amazon Windows AMIs.
   # return [String]: A password string.
-  def self.generateWindowsPassword(safe_pattern: '~!@#%^&*_-+=`|(){}[]:;<>,.?', retries: 25)
+  def self.generateWindowsPassword(safe_pattern: '~!@#%^&*_-+=`|(){}[]:;<>,.?', retries: 50)
     # We have dopey complexity requirements, be stringent here.
     # I'll be nice and not condense this into one elegant-but-unreadable regular expression
     attempts = 0
     safe_metachars = Regexp.escape(safe_pattern)
     begin
       if attempts > retries
-        MU.log "Failed to generate an adequate Windows password after #{attempts}", MU::ERR
-        raise MuError, "Failed to generate an adequate Windows password after #{attempts}"
+        MU.log "Failed to generate an adequate Windows password after #{attempts} attempts", MU::ERR
+        raise MuError, "Failed to generate an adequate Windows password after #{attempts} attempts"
       end
       winpass = Password.random(14..16)
       attempts += 1

data/modules/mu/adoption.rb

@@ -227,6 +227,16 @@ module MU
 
             Thread.abort_on_exception = true
             resources.values.each { |obj_thr|
+              obj_desc = nil
+              begin
+                obj_desc = obj_thr.cloud_desc
+              rescue StandardError
+              ensure
+                if !obj_desc
+                  MU.log cloud+" "+type.to_s+" "+obj_thr.cloud_id+" did not return a cloud descriptor, skipping", MU::WARN
+                  next
+                end
+              end
               threads << Thread.new(obj_thr) { |obj|
 
                 kitten_cfg = obj.toKitten(rootparent: @default_parent, billing: @billing, habitats: @habitats)
@@ -463,7 +473,9 @@ module MU
 
     def resolveReferences(cfg, deploy, parent)
       if cfg.is_a?(MU::Config::Ref)
+        cfg.kitten(deploy) || cfg.kitten
         hashcfg = cfg.to_h
+
         if cfg.kitten(deploy)
           littermate = deploy.findLitterMate(type: cfg.type, name: cfg.name, cloud_id: cfg.id, habitat: cfg.habitat)
 
@@ -486,14 +498,14 @@ module MU
               hashcfg.delete("name") if cfg.id and !cfg.deploy_id
             end
           end
-        elsif hashcfg["id"] # reference to raw cloud ids is reasonable
+        elsif hashcfg["id"] and !hashcfg["name"]
           hashcfg.delete("deploy_id")
-          hashcfg.delete("name")
         else
           pp parent.cloud_desc
           raise Incomplete, "Failed to resolve reference on behalf of #{parent}"
         end
         hashcfg.delete("deploy_id") if hashcfg['deploy_id'] == deploy.deploy_id
+
         if parent and parent.config
           cred_cfg = MU::Cloud.const_get(parent.cloud).credConfig(parent.credentials)
 

data/modules/mu/cloud.rb

@@ -1344,8 +1344,10 @@ module MU
         # which can refer to external resources (@vpc, @loadbalancers,
         # @add_firewall_rules)
         def dependencies(use_cache: false, debug: false)
-          @dependencies = {} if @dependencies.nil?
-          @loadbalancers = [] if @loadbalancers.nil?
+          @dependencies ||= {}
+          @loadbalancers ||= []
+          @firewall_rules ||= []
+
           if @config.nil?
             return [@dependencies, @vpc, @loadbalancers]
           end
@@ -1560,9 +1562,101 @@ puts "CHOOSING #{@vpc.to_s} 'cause it has #{@config['vpc']['subnet_name']}"
             }
           end
 
+          # Munge in external resources referenced by the existing_deploys
+          # keyword
+          if @config["existing_deploys"] && !@config["existing_deploys"].empty?
+            @config["existing_deploys"].each { |ext_deploy|
+              if ext_deploy["cloud_id"]
+                found = MU::MommaCat.findStray(
+                  @config['cloud'],
+                  ext_deploy["cloud_type"],
+                  cloud_id: ext_deploy["cloud_id"],
+                  region: @config['region'],
+                  dummy_ok: false
+                ).first
+  
+                MU.log "Couldn't find existing resource #{ext_deploy["cloud_id"]}, #{ext_deploy["cloud_type"]}", MU::ERR if found.nil?
+                @deploy.notify(ext_deploy["cloud_type"], found.config["name"], found.deploydata, mu_name: found.mu_name, triggering_node: @mu_name)
+              elsif ext_deploy["mu_name"] && ext_deploy["deploy_id"]
+                MU.log "#{ext_deploy["mu_name"]} / #{ext_deploy["deploy_id"]}"
+                found = MU::MommaCat.findStray(
+                  @config['cloud'],
+                  ext_deploy["cloud_type"],
+                  deploy_id: ext_deploy["deploy_id"],
+                  mu_name: ext_deploy["mu_name"],
+                  region: @config['region'],
+                  dummy_ok: false
+                ).first
+  
+                MU.log "Couldn't find existing resource #{ext_deploy["mu_name"]}/#{ext_deploy["deploy_id"]}, #{ext_deploy["cloud_type"]}", MU::ERR if found.nil?
+                @deploy.notify(ext_deploy["cloud_type"], found.config["name"], found.deploydata, mu_name: ext_deploy["mu_name"], triggering_node: @mu_name)
+              else
+                MU.log "Trying to find existing deploy, but either the cloud_id is not valid or no mu_name and deploy_id where provided", MU::ERR
+              end
+            }
+          end
+
+          if @config['dns_records'] && !@config['dns_records'].empty?
+            @config['dns_records'].each { |dnsrec|
+              if dnsrec.has_key?("name")
+                if dnsrec['name'].start_with?(@deploy.deploy_id.downcase) && !dnsrec['name'].start_with?(@mu_name.downcase)
+                  MU.log "DNS records for #{@mu_name} seem to be wrong, deleting from current config", MU::WARN, details: dnsrec
+                  dnsrec.delete('name')
+                  dnsrec.delete('target')
+                end
+              end
+            }
+          end
+
           return [@dependencies, @vpc, @loadbalancers]
         end
 
+        # Using the automatically-defined +@vpc+ from {dependencies} in
+        # conjunction with our config, return our configured subnets.
+        # @return [Array<MU::Cloud::VPC::Subnet>]
+        def mySubnets
+          dependencies
+          if !@vpc or !@config["vpc"]
+            return nil
+          end
+
+          if @config["vpc"]["subnet_id"] or @config["vpc"]["subnet_name"]
+            @config["vpc"]["subnets"] ||= []
+            subnet_block = {}
+            subnet_block["subnet_id"] = @config["vpc"]["subnet_id"] if @config["vpc"]["subnet_id"]
+            subnet_block["subnet_name"] = @config["vpc"]["subnet_name"] if @config["vpc"]["subnet_name"]
+            @config["vpc"]["subnets"] << subnet_block
+            @config["vpc"]["subnets"].uniq!
+          end
+
+          if (!@config["vpc"]["subnets"] or @config["vpc"]["subnets"].empty?) and
+             !@config["vpc"]["subnet_id"]
+            return @vpc.subnets
+          end
+
+          subnets = []
+          @config["vpc"]["subnets"].each { |subnet|
+            subnet_obj = @vpc.getSubnet(cloud_id: subnet["subnet_id"].to_s, name: subnet["subnet_name"].to_s)
+            raise MuError, "Couldn't find a live subnet for #{self.to_s} matching #{subnet} in #{@vpc.to_s} (#{@vpc.subnets.map { |s| s.name }.join(",")})" if subnet_obj.nil?
+            subnets << subnet_obj
+          }
+
+          subnets
+        end
+
+        # @return [Array<MU::Cloud::FirewallRule>]
+        def myFirewallRules
+          dependencies
+
+          rules = []
+          if @dependencies.has_key?("firewall_rule")
+            rules = @dependencies['firewall_rule'].values
+          end
+# XXX what other ways are these specified?
+
+          rules
+        end
+
         # Defaults any resources that don't declare their release-readiness to
         # ALPHA. That'll learn 'em.
         def self.quality
@@ -1668,13 +1762,13 @@ puts "CHOOSING #{@vpc.to_s} 'cause it has #{@config['vpc']['subnet_name']}"
           def handleWindowsFail(e, retries, rebootable_fails, max_retries: 30, reboot_on_problems: false, retry_interval: 45)
             msg = "WinRM connection to https://"+@mu_name+":5986/wsman: #{e.message}, waiting #{retry_interval}s (attempt #{retries}/#{max_retries})"
             if e.class.name == "WinRM::WinRMAuthorizationError" or e.message.match(/execution expired/) and reboot_on_problems
-              if rebootable_fails > 0 and (rebootable_fails % 5) == 0
+              if rebootable_fails > 0 and (rebootable_fails % 7) == 0
                 MU.log "#{@mu_name} still misbehaving, forcing Stop and Start from API", MU::WARN
                 reboot(true) # vicious API stop/start
                 sleep retry_interval*3
                 rebootable_fails = 0
               else
-                if rebootable_fails == 3
+                if rebootable_fails == 5
                   MU.log "#{@mu_name} misbehaving, attempting to reboot from API", MU::WARN
                   reboot # graceful API restart
                   sleep retry_interval*2
@@ -1900,7 +1994,7 @@ puts "CHOOSING #{@vpc.to_s} 'cause it has #{@config['vpc']['subnet_name']}"
           # @param timeout [Integer]:
           # @param winrm_retries [Integer]:
           # @param reboot_on_problems [Boolean]:
-          def getWinRMSession(max_retries = 40, retry_interval = 60, timeout: 30, winrm_retries: 5, reboot_on_problems: false)
+          def getWinRMSession(max_retries = 40, retry_interval = 60, timeout: 30, winrm_retries: 2, reboot_on_problems: false)
             _nat_ssh_key, _nat_ssh_user, _nat_ssh_host, canonical_ip, _ssh_user, _ssh_key_name = getSSHConfig
             @mu_name ||= @config['mu_name']
 
@@ -1924,7 +2018,8 @@ puts "CHOOSING #{@vpc.to_s} 'cause it has #{@config['vpc']['subnet_name']}"
             retries = 0
             rebootable_fails = 0
             begin
-              MU.log "Calling WinRM on #{@mu_name}", MU::DEBUG, details: opts
+              loglevel = retries > 4 ? MU::NOTICE : MU::DEBUG
+              MU.log "Calling WinRM on #{@mu_name}", loglevel, details: opts
               opts = {
                 endpoint: 'https://'+@mu_name+':5986/wsman',
                 retry_limit: winrm_retries,
@@ -1932,10 +2027,16 @@ puts "CHOOSING #{@vpc.to_s} 'cause it has #{@config['vpc']['subnet_name']}"
                 ca_trust_path: "#{MU.mySSLDir}/Mu_CA.pem",
                 transport: :ssl,
                 operation_timeout: timeout,
-                client_cert: "#{MU.mySSLDir}/#{@mu_name}-winrm.crt",
-                client_key: "#{MU.mySSLDir}/#{@mu_name}-winrm.key"
               }
+              if retries % 2 == 0
+                opts[:user] = @config['windows_admin_username']
+                opts[:password] = getWindowsAdminPassword
+              else
+                opts[:client_cert] = "#{MU.mySSLDir}/#{@mu_name}-winrm.crt"
+                opts[:client_key] = "#{MU.mySSLDir}/#{@mu_name}-winrm.key"
+              end
               conn = WinRM::Connection.new(opts)
+              conn.logger.level = :debug if retries > 2
               MU.log "WinRM connection to #{@mu_name} created", MU::DEBUG, details: conn
               shell = conn.shell(:powershell)
               shell.run('ipconfig') # verify that we can do something
@@ -2069,10 +2170,10 @@ puts "CHOOSING #{@vpc.to_s} 'cause it has #{@config['vpc']['subnet_name']}"
               if params and params[:region]
                 in_msg += " "+params[:region]
               end
-              if params and params[:flags] and params[:flags]["project"]
+              if params and params[:flags] and params[:flags]["project"] and !params[:flags]["project"].empty?
                 in_msg += " project "+params[:flags]["project"]
               end
-              MU.log "Skipping #{shortname} cleanup method in #{in_msg} due to exception: #{e.message}", MU::WARN, details: e.backtrace
+              MU.log "Skipping #{shortname} cleanup method in #{in_msg} due to #{e.class.name}: #{e.message}", MU::WARN, details: e.backtrace
               ok = false
             end
           }