cloud-mu 3.1.4 → 3.3.1

data/modules/mu/groomer.rb

@@ -30,6 +30,21 @@ module MU
       ["Chef", "Ansible"]
     end
 
+    # List of known/supported groomers which are installed and appear to be working
+    # @return [Array<String>]
+    def self.availableGroomers
+      available = []
+      MU::Groomer.supportedGroomers.each { |groomer|
+        begin
+          groomerbase = loadGroomer(groomer)
+          available << groomer if groomerbase.available?
+        rescue LoadError
+        end
+      }
+
+      available
+    end
+
     # Instance methods that any Groomer plugin must implement
     def self.requiredMethods
       [:preClean, :bootstrap, :haveBootstrapped?, :run, :saveDeployData, :getSecret, :saveSecret, :deleteSecret, :reinstall]
@@ -37,7 +52,7 @@ module MU
 
     # Class methods that any Groomer plugin must implement
     def self.requiredClassMethods
-      [:getSecret, :cleanup, :saveSecret, :deleteSecret]
+      [:getSecret, :cleanup, :saveSecret, :deleteSecret, :available?]
     end
 
     class Ansible;

data/modules/mu/groomers/ansible.rb

@@ -24,6 +24,10 @@ module MU
       class NoAnsibleExecError < MuError;
       end
 
+      # One or more Python dependencies missing
+      class AnsibleLibrariesError < MuError;
+      end
+
       # Location in which we'll find our Ansible executables. This only applies
       # to full-grown Mu masters; minimalist gem installs will have to make do
       # with whatever Ansible executables they can find in $PATH.
@@ -40,6 +44,10 @@ module MU
         @ansible_path = node.deploy.deploy_dir+"/ansible"
         @ansible_execs = MU::Groomer::Ansible.ansibleExecDir
 
+        if !MU::Groomer::Ansible.checkPythonDependencies(@server.windows?)
+          raise AnsibleLibrariesError, "One or more python dependencies not available"
+        end
+
         if !@ansible_execs or @ansible_execs.empty?
           raise NoAnsibleExecError, "No Ansible executables found in visible paths"
         end
@@ -54,6 +62,10 @@ module MU
         installRoles
       end
 
+      # Are Ansible executables and key libraries present and accounted for?
+      def self.available?(windows = false)
+        MU::Groomer::Ansible.checkPythonDependencies(windows)
+      end
 
       # Indicate whether our server has been bootstrapped with Ansible
       def haveBootstrapped?
@@ -66,6 +78,7 @@ module MU
       # @param permissions [Boolean]: If true, save the secret under the current active deploy (if any), rather than in the global location for this user
       # @param deploy_dir [String]: If permissions is +true+, save the secret here
       def self.saveSecret(vault: nil, item: nil, data: nil, permissions: false, deploy_dir: nil)
+
         if vault.nil? or vault.empty? or item.nil? or item.empty?
           raise MuError, "Must call saveSecret with vault and item names"
         end
@@ -73,7 +86,6 @@ module MU
           raise MuError, "Ansible vault/item names cannot include forward slashes"
         end
         pwfile = vaultPasswordFile
-        
 
         dir = if permissions
           if deploy_dir
@@ -95,8 +107,9 @@ module MU
         if File.exist?(path)
           MU.log "Overwriting existing vault #{vault} item #{item}"
         end
+
         File.open(path, File::CREAT|File::RDWR|File::TRUNC, 0600) { |f|
-          f.write data
+          f.write data.to_yaml
         }
 
         cmd = %Q{#{ansibleExecDir}/ansible-vault encrypt #{path} --vault-password-file #{pwfile}}
@@ -115,14 +128,23 @@ module MU
       # @param item [String]: The item within the repository to retrieve
       # @param field [String]: OPTIONAL - A specific field within the item to return.
       # @return [Hash]
-      def self.getSecret(vault: nil, item: nil, field: nil)
+      def self.getSecret(vault: nil, item: nil, field: nil, deploy_dir: nil)
         if vault.nil? or vault.empty?
           raise MuError, "Must call getSecret with at least a vault name"
         end
-
         pwfile = vaultPasswordFile
-        dir = secret_dir+"/"+vault
-        if !Dir.exist?(dir)
+
+        dir = nil
+        try = [secret_dir+"/"+vault]
+        try << deploy_dir+"/ansible/vaults/"+vault if deploy_dir
+        try << MU.mommacat.deploy_dir+"/ansible/vaults/"+vault if MU.mommacat.deploy_dir
+        try.each { |maybe_dir|
+          if Dir.exist?(maybe_dir) and (item.nil? or File.exist?(maybe_dir+"/"+item))
+            dir = maybe_dir
+            break
+          end
+        }
+        if dir.nil?
           raise MuNoSuchSecret, "No such vault #{vault}"
         end
 
@@ -135,17 +157,23 @@ module MU
           cmd = %Q{#{ansibleExecDir}/ansible-vault view #{itempath} --vault-password-file #{pwfile}}
           MU.log cmd
           a = `#{cmd}`
-          # If we happen to have stored recognizeable JSON, return it as parsed,
-          # which is a behavior we're used to from Chef vault. Otherwise, return
-          # a String.
+          # If we happen to have stored recognizeable JSON or YAML, return it
+          # as parsed, which is a behavior we're used to from Chef vault.
+          # Otherwise, return a String.
           begin
             data = JSON.parse(a)
-            if field and data[field]
-              data = data[field]
-            end
           rescue JSON::ParserError
-            data = a
+            begin
+              data = YAML.load(a)
+            rescue Psych::SyntaxError => e
+              data = a
+            end
           end
+          [vault, item, field].each { |tier|
+            if data and data.is_a?(Hash) and tier and data[tier]
+              data = data[tier]
+            end
+          }
         else
           data = []
           Dir.foreach(dir) { |entry|
@@ -160,7 +188,7 @@ module MU
 
       # see {MU::Groomer::Ansible.getSecret}
       def getSecret(vault: nil, item: nil, field: nil)
-        self.class.getSecret(vault: vault, item: item, field: field)
+        self.class.getSecret(vault: vault, item: item, field: field, deploy_dir: @server.deploy.deploy_dir)
       end
 
       # Delete a Ansible data bag / Vault
@@ -215,7 +243,9 @@ module MU
           play = {
             "hosts" => @server.config['name']
           }
-          play["become"] = "yes" if @server.config['ssh_user'] != "root"
+          if !@server.windows? and @server.config['ssh_user'] != "root"
+            play["become"] = "yes"
+          end
           play["roles"] = override_runlist if @server.config['run_list'] and !@server.config['run_list'].empty?
           play["vars"] = @server.config['ansible_vars'] if @server.config['ansible_vars']
 
@@ -227,7 +257,7 @@ module MU
           "#{@server.config['name']}.yml"
         end
 
-        cmd = %Q{cd #{@ansible_path} && echo "#{purpose}" && #{@ansible_execs}/ansible-playbook -i hosts #{playbook} --limit=#{@server.mu_name} --vault-password-file #{pwfile} --timeout=30 --vault-password-file #{@ansible_path}/.vault_pw -u #{ssh_user}}
+        cmd = %Q{cd #{@ansible_path} && echo "#{purpose}" && #{@ansible_execs}/ansible-playbook -i hosts #{playbook} --limit=#{@server.windows? ? @server.canonicalIP : @server.mu_name} --vault-password-file #{pwfile} --timeout=30 --vault-password-file #{@ansible_path}/.vault_pw -u #{ssh_user}}
 
         retries = 0
         begin
@@ -252,6 +282,7 @@ module MU
             sleep 30
             retries += 1
             MU.log "Failed Ansible run, will retry (#{retries.to_s}/#{max_retries.to_s})", MU::NOTICE, details: cmd
+
             retry
           else
             tmpfile.unlink if tmpfile
@@ -275,12 +306,12 @@ module MU
       # Bootstrap our server with Ansible- basically, just make sure this node
       # is listed in our deployment's Ansible inventory.
       def bootstrap
-        @inventory.add(@server.config['name'], @server.mu_name)
+        @inventory.add(@server.config['name'], @server.windows? ? @server.canonicalIP : @server.mu_name)
         play = {
           "hosts" => @server.config['name']
         }
 
-        if @server.config['ssh_user'] != "root"
+        if !@server.windows? and @server.config['ssh_user'] != "root"
           play["become"] = "yes"
         end
 
@@ -292,9 +323,26 @@ module MU
           play["vars"] = @server.config['ansible_vars']
         end
 
+        if @server.windows?
+          play["vars"] ||= {}
+          play["vars"]["ansible_connection"] = "winrm"
+          play["vars"]["ansible_winrm_scheme"] = "https"
+          play["vars"]["ansible_winrm_transport"] = "ntlm"
+          play["vars"]["ansible_winrm_server_cert_validation"] = "ignore" # XXX this sucks; use Mu_CA.pem if we can get it to work
+#          play["vars"]["ansible_winrm_ca_trust_path"] = "#{MU.mySSLDir}/Mu_CA.pem"
+          play["vars"]["ansible_user"] = @server.config['windows_admin_username']
+          win_pw = @server.getWindowsAdminPassword
+
+          pwfile = MU::Groomer::Ansible.vaultPasswordFile
+          cmd = %Q{#{MU::Groomer::Ansible.ansibleExecDir}/ansible-vault}
+          output = %x{#{cmd} encrypt_string '#{win_pw.gsub(/'/, "\\\\'")}' --vault-password-file #{pwfile}}
+
+          play["vars"]["ansible_password"] = output
+        end
+
         File.open(@ansible_path+"/"+@server.config['name']+".yml", File::CREAT|File::RDWR|File::TRUNC, 0600) { |f|
           f.flock(File::LOCK_EX)
-          f.puts [play].to_yaml
+          f.puts [play].to_yaml.sub(/ansible_password: \|-?[\n\s]+/, 'ansible_password: ') # Ansible doesn't like this (legal) YAML
           f.flock(File::LOCK_UN)
         }
       end
@@ -351,11 +399,18 @@ module MU
         allvars['deployment']
       end
 
+      # Nuke everything associated with a deploy. Since we're just some files
+      # in the deploy directory, this doesn't have to do anything.
+      def self.cleanup(deploy_id, noop = false)
+#        deploy = MU::MommaCat.new(MU.deploy_id)
+#        inventory = Inventory.new(deploy)
+      end
+
       # Expunge Ansible resources associated with a node.
       # @param node [String]: The Mu name of the node in question.
       # @param _vaults_to_clean [Array<Hash>]: Dummy argument, part of this method's interface but not used by the Ansible layer
       # @param noop [Boolean]: Skip actual deletion, just state what we'd do
-      def self.cleanup(node, _vaults_to_clean = [], noop = false)
+      def self.purge(node, _vaults_to_clean = [], noop = false)
         deploy = MU::MommaCat.new(MU.deploy_id)
         inventory = Inventory.new(deploy)
 #        ansible_path = deploy.deploy_dir+"/ansible"
@@ -388,6 +443,51 @@ module MU
         if !system(cmd, "encrypt_string", string, "--name", name, "--vault-password-file", pwfile)
           raise MuError, "Failed Ansible command: #{cmd} encrypt_string <redacted> --name #{name} --vault-password-file"
         end
+        output
+      end
+
+      # Hunt down and return a path for a Python executable
+      # @return [String]
+      def self.pythonExecDir
+        path = nil
+
+        if File.exist?(BINDIR+"/python")
+          path = BINDIR
+        else
+          paths = [ansibleExecDir]
+          paths.concat(ENV['PATH'].split(/:/))
+          paths << "/usr/bin" # not always in path, esp in pared-down Docker images
+          paths.reject! { |p| p.nil? }
+          paths.uniq.each { |bindir|
+            if File.exist?(bindir+"/python")
+              path = bindir
+              break
+            end
+          }
+        end
+        path
+      end
+
+      # Make sure what's in our Python requirements.txt is reflected in the
+      # Python we're about to run for Ansible
+      def self.checkPythonDependencies(windows = false)
+        return nil if !ansibleExecDir
+
+        execline = File.readlines(ansibleExecDir+"/ansible-playbook").first.chomp.sub(/^#!/, '')
+        if !execline
+          MU.log "Unable to extract a Python executable from #{ansibleExecDir}/ansible-playbook", MU::ERR
+          return false
+        end
+
+        require 'tempfile'
+        f = Tempfile.new("pythoncheck")
+        f.puts "import ansible"
+        f.puts "import winrm" if windows
+        f.close
+
+        system(%Q{#{execline} #{f.path}})
+        f.unlink
+        $?.exitstatus == 0 ? true : false
       end
 
       # Hunt down and return a path for Ansible executables
@@ -397,7 +497,9 @@ module MU
         if File.exist?(BINDIR+"/ansible-playbook")
           path = BINDIR
         else
-          ENV['PATH'].split(/:/).each { |bindir|
+          paths = ENV['PATH'].split(/:/)
+          paths << "/usr/bin"
+          paths.uniq.each { |bindir|
             if File.exist?(bindir+"/ansible-playbook")
               path = bindir
               if !File.exist?(bindir+"/ansible-vault")

data/modules/mu/groomers/chef.rb

@@ -35,6 +35,12 @@ module MU
         end
       }
 
+      # Are the Chef libraries present and accounted for?
+      def self.available?(windows = false)
+        loadChefLib
+        @chefloaded
+      end
+
       @chefloaded = false
       @chefload_semaphore = Mutex.new
       # Autoload is too brain-damaged to get Chef's subclasses/submodules, so
@@ -329,7 +335,7 @@ module MU
             }
           else
             MU.log "Invoking Chef over WinRM on #{@server.mu_name}: #{purpose}"
-            winrm = @server.getWinRMSession(haveBootstrapped? ? 1 : max_retries)
+            winrm = @server.getWinRMSession(haveBootstrapped? ? 2 : max_retries)
             if @server.windows? and @server.windowsRebootPending?(winrm)
               # Windows frequently gets stuck here
               if retries > 5
@@ -362,7 +368,7 @@ module MU
             }
 
             if resp.exitcode == 1 and output_lines.join("\n").match(/Chef Client finished/)
-              MU.log "resp.exit code 1"
+              MU.log output_lines.last
             elsif resp.exitcode != 0
               raise MU::Cloud::BootstrapTempFail if resp.exitcode == 35 or output_lines.join("\n").match(/REBOOT_SCHEDULED| WARN: Reboot requested:|Rebooting server at a recipe's request|Chef::Exceptions::Reboot/)
               raise MU::Groomer::RunError, output_lines.slice(output_lines.length-50, output_lines.length).join("")
@@ -415,9 +421,9 @@ module MU
           if retries < max_retries
             retries += 1
             MU.log "#{@server.mu_name}: Chef run '#{purpose}' failed after #{Time.new - runstart} seconds, retrying (#{retries}/#{max_retries})", MU::WARN, details: e.message.dup
-            if purpose != "Base Windows configuration"
-              windows_try_ssh = !windows_try_ssh
-            end
+#            if purpose != "Base Windows configuration"
+#              windows_try_ssh = !windows_try_ssh
+#            end
             if e.is_a?(WinRM::WinRMError)
               if @server.windows? and retries >= 3 and retries % 3 == 0
                 # Mix in a hard reboot if WinRM isn't answering
@@ -619,13 +625,20 @@ module MU
             kb.name_args = [@server.mu_name]
             kb.config[:manual] = true
             kb.config[:winrm_transport] = :ssl
-            kb.config[:host] = @server.mu_name
             kb.config[:winrm_port] = 5986
             kb.config[:session_timeout] = timeout
             kb.config[:operation_timeout] = timeout
-            kb.config[:winrm_authentication_protocol] = :cert
-            kb.config[:winrm_client_cert] = "#{MU.mySSLDir}/#{@server.mu_name}-winrm.crt"
-            kb.config[:winrm_client_key] = "#{MU.mySSLDir}/#{@server.mu_name}-winrm.key"
+            if retries % 2 == 0
+              kb.config[:host] = canonical_addr
+              kb.config[:winrm_authentication_protocol] = :basic
+              kb.config[:winrm_user] = @server.config['windows_admin_username']
+              kb.config[:winrm_password] = @server.getWindowsAdminPassword
+            else
+              kb.config[:host] = @server.mu_name
+              kb.config[:winrm_authentication_protocol] = :cert
+              kb.config[:winrm_client_cert] = "#{MU.mySSLDir}/#{@server.mu_name}-winrm.crt"
+              kb.config[:winrm_client_key] = "#{MU.mySSLDir}/#{@server.mu_name}-winrm.key"
+            end
 #          kb.config[:ca_trust_file] = "#{MU.mySSLDir}/Mu_CA.pem"
             # XXX ca_trust_file doesn't work for some reason, so we have to set the below for now
             kb.config[:winrm_ssl_verify_mode] = :verify_none
@@ -675,7 +688,7 @@ module MU
                 preClean(false) # it's ok for this to fail
               rescue StandardError => e
               end
-              MU::Groomer::Chef.cleanup(@server.mu_name, nodeonly: true)
+              MU::Groomer::Chef.purge(@server.mu_name, nodeonly: true)
               @config['forced_preclean'] = true
               @server.reboot if @server.windows? # *sigh*
             end
@@ -792,12 +805,52 @@ retry
         end
       end
 
+      # Purge Chef resources matching a particular deploy
+      # @param deploy_id [String]
+      # @param noop [Boolean]
+      def self.cleanup(deploy_id, noop = false)
+        return nil if deploy_id.nil? or deploy_id.empty?
+        begin
+          if File.exist?(Etc.getpwuid(Process.uid).dir+"/.chef/knife.rb")
+            ::Chef::Config.from_file(Etc.getpwuid(Process.uid).dir+"/.chef/knife.rb")
+          end
+          deadnodes = []
+          ::Chef::Config[:environment] ||= MU.environment
+          q = ::Chef::Search::Query.new
+          begin
+            q.search("node", "tags_MU-ID:#{deploy_id}").each { |item|
+              next if item.is_a?(Integer)
+              item.each { |node|
+                deadnodes << node.name
+              }
+            }
+          rescue Net::HTTPServerException
+          end
+
+          begin
+            q.search("node", "name:#{deploy_id}-*").each { |item|
+              next if item.is_a?(Integer)
+              item.each { |node|
+                deadnodes << node.name
+              }
+            }
+          rescue Net::HTTPServerException
+          end
+          MU.log "Missed some Chef resources in node cleanup, purging now", MU::NOTICE if deadnodes.size > 0
+          deadnodes.uniq.each { |node|
+            MU::Groomer::Chef.purge(node, [], noop)
+          }
+        rescue LoadError
+        end
+
+      end
+
       # Expunge Chef resources associated with a node.
       # @param node [String]: The Mu name of the node in question.
       # @param vaults_to_clean [Array<Hash>]: Some vaults to expunge
       # @param noop [Boolean]: Skip actual deletion, just state what we'd do
       # @param nodeonly [Boolean]: Just delete the node and its keys, but leave other artifacts
-      def self.cleanup(node, vaults_to_clean = [], noop = false, nodeonly: false)
+      def self.purge(node, vaults_to_clean = [], noop = false, nodeonly: false)
         loadChefLib
         MU.log "Deleting Chef resources associated with #{node}"
         if !nodeonly

data/modules/mu/logger.rb

@@ -33,6 +33,33 @@ module MU
     # Show DEBUG log entries and extra call stack and threading info
     LOUD = 2.freeze
 
+    # stash a hash map for color outputs
+    COLORMAP = {
+      MU::DEBUG => { :html => "orange", :ansi => :yellow },
+      MU::INFO => { :html => "green", :ansi => :green },
+      MU::NOTICE => { :html => "yellow", :ansi => :yellow },
+      MU::WARN => { :html => "orange", :ansi => :light_red },
+      MU::ERR => { :html => "red", :ansi => :red }
+    }.freeze
+
+    # minimum log verbosity at which we'll print various types of messages
+    PRINT_MSG_IF = {
+      MU::DEBUG => { :msg => LOUD, :details => LOUD },
+      MU::INFO => { :msg => NORMAL, :details => LOUD },
+      MU::NOTICE => { :msg => nil, :details => QUIET },
+      MU::WARN => { :msg => nil, :details => SILENT },
+      MU::ERR => { :msg => nil, :details => nil }
+    }.freeze
+
+    # Syslog equivalents of our log levels
+    SYSLOG_MAP = {
+      MU::DEBUG => Syslog::LOG_DEBUG,
+      MU::INFO => Syslog::LOG_NOTICE,
+      MU::NOTICE => Syslog::LOG_NOTICE,
+      MU::WARN => Syslog::LOG_WARNING,
+      MU::ERR => Syslog::LOG_ERR
+    }.freeze
+
     attr_accessor :verbosity
     @verbosity = MU::Logger::NORMAL
     @quiet = false
@@ -76,59 +103,28 @@ module MU
       html ||= @html
       handle ||= @handle
       color ||= @color
-      return if verbosity == MU::Logger::SILENT
-      return if verbosity < MU::Logger::LOUD and level == DEBUG
-      return if verbosity < MU::Logger::NORMAL and level == INFO
 
-      # By which we mean, "get the filename (with the .rb stripped off) which
-      # originated the call to this method. Which, for our purposes, is the
-      # MU subclass that called us. Useful information. And it looks like Perl.
-      mod_root = Regexp.quote("#{ENV['MU_LIBDIR']}/modules/mu/")
-      bin_root = Regexp.quote("#{ENV['MU_INSTALLDIR']}/bin/")
-      caller_name = caller[1]
+      if verbosity == MU::Logger::SILENT or (verbosity < MU::Logger::LOUD and level == DEBUG) or (verbosity < MU::Logger::NORMAL and level == INFO)
+        return
+      end
 
-      caller_name.sub!(/:.*/, "")
-      caller_name.sub!(/^\.\//, "")
-      caller_name.sub!(/^#{mod_root}/, "")
-      caller_name.sub!(/^#{bin_root}/, "")
-      caller_name.sub!(/\.r[ub]$/, "")
-      caller_name.sub!(/#{Regexp.quote(MU.myRoot)}\//, "")
-      caller_name.sub!(/^modules\//, "")
+      if level == SUMMARY
+        @summary << msg
+        return
+      end
+
+      caller_name = extract_caller_name(caller[1])
 
       time = Time.now.strftime("%b %d %H:%M:%S").to_s
 
       Syslog.open("Mu/"+caller_name, Syslog::LOG_PID, Syslog::LOG_DAEMON | Syslog::LOG_LOCAL3) if !Syslog.opened?
-      if !details.nil?
-        if details.is_a?(Hash) and details.has_key?(:details)
-          details = details[:details]
-        end
-        details = PP.pp(details, '') if !details.is_a?(String)
-      end
-      details = "<pre>"+details+"</pre>" if html
-      # We get passed literal quoted newlines sometimes, fix 'em. Get Windows'
-      # ugly line feeds too.
-      if !details.nil?
-        details = details.dup # in case it's frozen or something
-        details.gsub!(/\\n/, "\n")
-        details.gsub!(/(\\r|\r)/, "")
-      end
+
+      details = format_details(details, html)
 
       msg = msg.first if msg.is_a?(Array)
       msg = "" if msg == nil
       msg = msg.to_s if !msg.is_a?(String) and msg.respond_to?(:to_s)
 
-      # wrapper for writing a log entry to multiple filehandles
-      # @param handles [Array<IO>]
-      # @param msgs [Array<String>]
-      def write(handles = [], msgs = [])
-        return if handles.nil? or msgs.nil?
-        handles.each { |h|
-          msgs.each { |m|
-            h.puts m
-          }
-        }
-      end
-
       @@log_semaphere.synchronize {
         handles = [handle]
         extra_logfile = if deploy and deploy.deploy_dir and Dir.exist?(deploy.deploy_dir)
@@ -137,110 +133,41 @@ module MU
         handles << extra_logfile if extra_logfile
         msgs = []
 
-        case level
-          when SUMMARY
-            @summary << msg
-          when DEBUG
-            if verbosity >= MU::Logger::LOUD
-              if html
-                html_out "#{time} - #{caller_name} - #{msg}", "orange"
-                html_out "&nbsp;#{details}" if details
-              elsif color
-                msgs << "#{time} - #{caller_name} - #{msg}".yellow.on_black
-                msgs << "#{details}".white.on_black if details
-              else
-                msgs << "#{time} - #{caller_name} - #{msg}"
-                msgs << "#{details}" if details
-              end
-              Syslog.log(Syslog::LOG_DEBUG, msg.gsub(/%/, ''))
-              Syslog.log(Syslog::LOG_DEBUG, details.gsub(/%/, '')) if details
-            end
-          when INFO
-            if verbosity >= MU::Logger::NORMAL
-              if html
-                html_out "#{time} - #{caller_name} - #{msg}", "green"
-              elsif color
-                msgs << "#{time} - #{caller_name} - #{msg}".green.on_black
-              else
-                msgs << "#{time} - #{caller_name} - #{msg}"
-              end
-              if verbosity >= MU::Logger::LOUD
-                if html
-                  html_out "&nbsp;#{details}"
-                elsif color
-                  msgs << "#{details}".white.on_black if details
-                else
-                  msgs << "#{details}" if details
-                end
-              end
-              Syslog.log(Syslog::LOG_NOTICE, msg.gsub(/%/, ''))
-              Syslog.log(Syslog::LOG_NOTICE, details.gsub(/%/, '')) if details
-            end
-          when NOTICE
-            if html
-              html_out "#{time} - #{caller_name} - #{msg}", "yellow"
-            elsif color
-              msgs << "#{time} - #{caller_name} - #{msg}".yellow.on_black
-            else
-              msgs << "#{time} - #{caller_name} - #{msg}"
-            end
-            if verbosity >= MU::Logger::QUIET
-              if html
-                html_out "#{caller_name} - #{msg}"
-              elsif color
-                msgs << "#{details}".white.on_black if details
-              else
-                msgs << "#{details}" if details
-              end
-            end
-            Syslog.log(Syslog::LOG_NOTICE, msg.gsub(/%/, ''))
-            Syslog.log(Syslog::LOG_NOTICE, details.gsub(/%/, '')) if details
-          when WARN
-            if html
-              html_out "#{time} - #{caller_name} - #{msg}", "orange"
-            elsif color
-              msgs << "#{time} - #{caller_name} - #{msg}".light_red.on_black
-            else
-              msgs << "#{time} - #{caller_name} - #{msg}"
-            end
-            if verbosity >= MU::Logger::SILENT
-              if html
-                html_out "#{caller_name} - #{msg}"
-              elsif color
-                msgs << "#{details}".white.on_black if details
-              else
-                msgs << "#{details}" if details
-              end
-            end
-            Syslog.log(Syslog::LOG_WARNING, msg.gsub(/%/, ''))
-            Syslog.log(Syslog::LOG_WARNING, details.gsub(/%/, '')) if details
-          when ERR
-            if html
-              html_out "#{time} - #{caller_name} - #{msg}", "red"
-              html_out "&nbsp;#{details}" if details
-            elsif color
-              msgs << "#{time} - #{caller_name} - #{msg}".red.on_black
-              msgs << "#{details}".white.on_black if details
-            else
-              msgs << "#{time} - #{caller_name} - #{msg}"
-              msgs << "#{details}" if details
-            end
-            Syslog.log(Syslog::LOG_ERR, msg.gsub(/%/, ''))
-            Syslog.log(Syslog::LOG_ERR, details.gsub(/%/, '')) if details
+        if !PRINT_MSG_IF[level][:msg] or level >= PRINT_MSG_IF[level][:msg]
+          if html
+            html_out "#{time} - #{caller_name} - #{msg}", COLORMAP[level][:html]
+          else
+            str = "#{time} - #{caller_name} - #{msg}"
+            str = str.send(COLORMAP[level][:ansi]).on_black if color
+            msgs << str
+          end
+          Syslog.log(SYSLOG_MAP[level], msg.gsub(/%/, ''))
+        end
+
+        if details and (!PRINT_MSG_IF[level][:details] or level >= PRINT_MSG_IF[level][:details])
+          if html
+            html_out "&nbsp;#{details}"
           else
-            if html
-              html_out "#{time} - #{caller_name} - #{msg}"
-              html_out "&nbsp;#{details}" if details
-            elsif color
-              msgs << "#{time} - #{caller_name} - #{msg}".white.on_black
-              msgs << "#{details}".white.on_black if details
-            else
-              msgs << "#{time} - #{caller_name} - #{msg}"
-              msgs << "#{details}" if details
-            end
-            Syslog.log(Syslog::LOG_NOTICE, msg.gsub(/%/, ''))
-            Syslog.log(Syslog::LOG_NOTICE, details.gsub(/%/, '')) if details
+            details = details.white.on_black if color
+            msgs << details
+          end
+          Syslog.log(SYSLOG_MAP[level], details.gsub(/%/, ''))
         end
+
+#          else
+#            if html
+#              html_out "#{time} - #{caller_name} - #{msg}"
+#              html_out "&nbsp;#{details}" if details
+#            elsif color
+#              msgs << "#{time} - #{caller_name} - #{msg}".white.on_black
+#              msgs << "#{details}".white.on_black if details
+#            else
+#              msgs << "#{time} - #{caller_name} - #{msg}"
+#              msgs << "#{details}" if details
+#            end
+#            Syslog.log(Syslog::LOG_NOTICE, msg.gsub(/%/, ''))
+#            Syslog.log(Syslog::LOG_NOTICE, details.gsub(/%/, '')) if details
+
         write(handles, msgs)
 
         extra_logfile.close if extra_logfile
@@ -250,6 +177,43 @@ module MU
 
     private
 
+    def format_details(details, html = false)
+      return if details.nil?
+
+      if details.is_a?(Hash) and details.has_key?(:details)
+        details = details[:details]
+      end
+      details = PP.pp(details, '') if !details.is_a?(String)
+
+      details = "<pre>"+details+"</pre>" if html
+      # We get passed literal quoted newlines sometimes, fix 'em. Get Windows'
+      # ugly line feeds too.
+
+      details = details.dup # in case it's frozen or something
+      details.gsub!(/\\n/, "\n")
+      details.gsub!(/(\\r|\r)/, "")
+
+      details
+    end
+
+    # By which we mean, "get the filename (with the .rb stripped off) which
+    # originated the call to this method. Which, for our purposes, is the
+    # MU subclass that called us. Useful information. And it looks like Perl.
+    def extract_caller_name(caller_name)
+      return nil if !caller_name or !caller_name.is_a?(String)
+      mod_root = Regexp.quote("#{ENV['MU_LIBDIR']}/modules/mu/")
+      bin_root = Regexp.quote("#{ENV['MU_INSTALLDIR']}/bin/")
+
+      caller_name.sub!(/:.*/, "")
+      caller_name.sub!(/^\.\//, "")
+      caller_name.sub!(/^#{mod_root}/, "")
+      caller_name.sub!(/^#{bin_root}/, "")
+      caller_name.sub!(/\.r[ub]$/, "")
+      caller_name.sub!(/#{Regexp.quote(MU.myRoot)}\//, "")
+      caller_name.sub!(/^modules\//, "")
+      caller_name
+    end
+
     # Output a log message as HTML.
     #
     # @param msg [String]: The log message to print
@@ -259,5 +223,17 @@ module MU
       @handle.puts "<span style='color:#{rgb.css_rgb};'>#{msg}</span>"
     end
 
+    # wrapper for writing a log entry to multiple filehandles
+    # @param handles [Array<IO>]
+    # @param msgs [Array<String>]
+    def write(handles = [], msgs = [])
+      return if handles.nil? or msgs.nil?
+      handles.each { |h|
+        msgs.each { |m|
+          h.puts m
+        }
+      }
+    end
+
   end #class
 end #module