cloud-mu 3.1.4 → 3.3.1

data/bin/mu-deploy

@@ -105,7 +105,7 @@ if $opts[:dryrun]
     Thread.handle_interrupt(MU::Cloud::MuCloudResourceNotImplemented => :never) {
       begin
         Thread.handle_interrupt(MU::Cloud::MuCloudResourceNotImplemented => :immediate) {
-          MU.log "Cost calculator not available for this stack, as it uses a resource not implemented in Mu's CloudFormation layer.", MU::WARN, verbosity: MU::Logger::NORMAL
+          MU.log "Cost calculator not available for this stack, as it uses a resource not implemented in Mu's CloudFormation layer.", MU::NOTICE, verbosity: MU::Logger::NORMAL
           Thread.current.exit
         }
       ensure
@@ -124,7 +124,7 @@ if $opts[:dryrun]
       )
       cost_dummy_deploy.run
     rescue MU::Cloud::MuCloudResourceNotImplemented, MU::Cloud::MuCloudFlagNotImplemented
-      MU.log "Cost calculator not available for this stack, as it uses a resource not implemented in Mu's CloudFormation layer.", MU::WARN, verbosity: MU::Logger::NORMAL
+      MU.log "Cost calculator not available for this stack, as it uses a resource not implemented in Mu's CloudFormation layer.", MU::NOTICE, verbosity: MU::Logger::NORMAL
     end
   end
   exit
@@ -135,7 +135,7 @@ if $opts[:update]
 # TODO consider whether this is useful/valid
 #  old_conf = JSON.parse(File.read(deploy.deploy_dir+"/basket_of_kittens.json"))
 #  stack_conf = old_conf.merge(stack_conf)
-  deploy.updateBasketofKittens(stack_conf)
+  deploy.updateBasketofKittens(stack_conf, skip_validation: true)
   deployer = MU::Deploy.new(
     deploy.environment,
     verbosity: verbosity,

data/bin/mu-findstray-tests

@@ -0,0 +1,25 @@
+#!/usr/local/ruby-current/bin/ruby
+# Copyright:: Copyright (c) 2014 eGlobalTech, Inc., all rights reserved
+#
+# Licensed under the BSD-3 license (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the root of the project or at
+#
+#     http://egt-labs.com/mu/LICENSE.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'rubygems'
+require 'bundler/setup'
+require 'json'
+require 'erb'
+require 'optimist'
+require 'json-schema'
+require File.realpath(File.expand_path(File.dirname(__FILE__)+"/mu-load-config.rb"))
+require 'mu'
+
+MU::MommaCat.findStray("AWS", "firewall_rule", region: MU.myRegion, dummy_ok: true, debug: true)

data/bin/mu-gen-docs

@@ -79,8 +79,7 @@ EOF
       impl_counts[type] ||= 0
       [a, b].each { |cloud|
         begin
-          myclass = Object.const_get("MU").const_get("Cloud").const_get(cloud).const_get(type)
-          case myclass.quality
+          case MU::Cloud.resourceClass(cloud, type).quality
           when MU::Cloud::RELEASE
             cloud_is_useful[cloud] = true
             counts[cloud] += 4
@@ -114,8 +113,7 @@ EOF
     cloudlist.each { |cloud|
       readme += "<td><center>"
       begin
-        myclass = Object.const_get("MU").const_get("Cloud").const_get(cloud).const_get(type)
-        case myclass.quality
+        case MU::Cloud.resourceClass(cloud, type).quality
         when MU::Cloud::RELEASE
           readme += "<img src='release.png' style='#{icon_style}' title='Release Quality' alt='[Release Quality]'>"
         when MU::Cloud::BETA

data/bin/mu-load-config.rb

@@ -134,7 +134,7 @@ def loadMuConfig(default_cfg_overrides = nil)
     }
   end
 
-  global_cfg = { "config_files" => [] }
+  global_cfg = { "config_files" => [], "overridden_keys" => [] }
   if File.exist?(cfgPath)
     global_cfg = YAML.load(File.read(cfgPath))
     global_cfg["config_files"] = [cfgPath]
@@ -147,6 +147,7 @@ def loadMuConfig(default_cfg_overrides = nil)
     if localfile
       global_cfg.merge!(localfile)
       global_cfg["config_files"] << "#{home}/.mu.yaml"
+      global_cfg["overridden_keys"] = localfile.keys
     end
   end
   if !global_cfg.has_key?("installdir")

data/bin/mu-node-manage

@@ -29,9 +29,9 @@ Usage:
   opt :all, "Operate on all nodes/deploys. Use with caution.", :require => false, :default => false, :type => :boolean
   opt :platform, "Operate exclusively on one nodes of a particular operating system. Can be used in conjunction with -a or -d. Valid platforms: linux, windows", :require => false, :type => :string
   opt :environment, "Operate exclusively on one nodes with a particular environment (e.g. dev, prod). Can be used in conjunction with -a or -d.", :require => false, :type => :string
-  opt :override_chef_runlist, "An alternate runlist to pass to Chef, in chefrun mode.", :require => false, :type => :string
+  opt :override_chef_runlist, "An alternate runlist to pass to Chef, in groomeronly mode.", :require => false, :type => :string
   opt :xecute, "Run a shell command on matching nodes. Overrides --mode and suppresses some informational output in favor of scriptability.", :require => false, :type => :string
-  opt :mode, "Action to perform on matching nodes. Valid actions: groom, chefrun, awsmeta, vaults, certs, chefupgrade", :require => false, :default => "chefrun", :type => :string
+  opt :mode, "Action to perform on matching nodes. Valid actions: groom, groomeronly, awsmeta, vaults, certs, chefupgrade", :require => false, :default => "groomeronly", :type => :string
   opt :verbose, "Show output from Chef runs, etc", :require => false, :default => false, :type => :boolean
   opt :winrm, "Force WinRM connection. Disable SSH fallback", :require => false, :default => false, :type => :boolean
   opt :info, "List a particular node attribute", :require => false, :default => 'nodename', :type => :string
@@ -39,8 +39,10 @@ end
 
 MU.setLogging(MU::Logger::LOUD) if $opts[:verbose]
 
-if !["groom", "chefrun", "vaults", "userdata", "awsmeta", "certs", "chefupgrade"].include?($opts[:mode])
-  Optimist::die(:mode, "--mode must be one of: groom, chefrun, awsmeta, vaults, certs, chefupgrade")
+$opts[:mode] = "groomeronly" if $opts[:mode] == "chefrun"
+
+if !["groom", "groomeronly", "vaults", "userdata", "awsmeta", "certs", "chefupgrade"].include?($opts[:mode])
+  Optimist::die(:mode, "--mode must be one of: groom, groomeronly, awsmeta, vaults, certs, chefupgrade")
 end
 if $opts[:platform] and !["linux", "windows"].include?($opts[:platform])
   Optimist::die(:platform, "--platform must be one of: linux, windows")
@@ -176,7 +178,7 @@ end
 exit 1 if !ok
 
 
-def reGroom(deploys = MU::MommaCat.listDeploys, nodes = [], vaults_only: false)
+def reGroom(deploys = MU::MommaCat.listDeploys, nodes = [], vaults_only: false, groomeronly: false)
   badnodes = []
   count = 0
   deploys.each { |muid|
@@ -196,6 +198,8 @@ def reGroom(deploys = MU::MommaCat.listDeploys, nodes = [], vaults_only: false)
                 server.config["vault_access"].each { |v|
                   MU::Groomer::Chef.grantSecretAccess(mu_name, v['vault'], v['item'])
                 }
+              elsif groomeronly
+                server.groomer.run
               else
                 mommacat.groomNode(server.cloud_id, nodeclass, type, mu_name: mu_name)
               end
@@ -227,7 +231,7 @@ def reGroom(deploys = MU::MommaCat.listDeploys, nodes = [], vaults_only: false)
   end
 end
 
-def runCommand(deploys = MU::MommaCat.listDeploys, nodes = [], cmd = nil, print_output: $opts[:verbose], noop: false, chefrun: false, chef_runlist: nil)
+def runCommand(deploys = MU::MommaCat.listDeploys, nodes = [], cmd = nil, print_output: $opts[:verbose], noop: false)
   badnodes = []
   count = 0
   deploys.each { |muid|
@@ -247,12 +251,6 @@ def runCommand(deploys = MU::MommaCat.listDeploys, nodes = [], cmd = nil, print_
             next
           end
 
-          # Generate the command if attemting a chef run
-          if chefrun
-            cmd = serverobj.windows? ? "powershell -Command chef-client" : "chef-client || sudo chef-client"
-            cmd += " -o '#{chef_runlist}'" if chef_runlist
-          end
-
           MU.log "Running '#{cmd}' on #{nodename} (##{count})" if !print_output
 
           # Set Variables to catch the output and exit code of the execution
@@ -363,7 +361,7 @@ def runCommand(deploys = MU::MommaCat.listDeploys, nodes = [], cmd = nil, print_
   }
 
   if badnodes.size > 0
-    cmd = "Chef" if $opts[:mode] == "chefrun"
+    cmd = "Chef" if $opts[:mode] == "groomeronly"
     if !print_output
       MU.log "Not all `#{cmd}` runs exited cleanly", MU::WARN, details: badnodes
     else
@@ -687,12 +685,13 @@ elsif $opts[:mode] == "vaults"
   reGroom(do_deploys, do_nodes, vaults_only: true)
 elsif $opts[:mode] == "chefupgrade"
   chefUpgrade(do_deploys, do_nodes)
-elsif $opts[:mode] == "chefrun"
+elsif $opts[:mode] == "groomeronly"
   print_output = $opts[:verbose] || do_nodes.size == 1
   if $opts[:override_chef_runlist]
-    runCommand(do_deploys, do_nodes, chef_runlist: $opts[:override_chef_runlist], chefrun: true, print_output: print_output)
+#    runCommand(do_deploys, do_nodes, chef_runlist: $opts[:override_chef_runlist], groomeronly: true, print_output: print_output)
   else
-    runCommand(do_deploys, do_nodes, chefrun: true, print_output: print_output)
+#    runCommand(do_deploys, do_nodes, groomeronly: true, print_output: print_output)
+    reGroom(do_deploys, do_nodes, groomeronly: true)
   end
 elsif $opts[:mode] == "userdata" or $opts[:mode] == "awsmeta"
 # Need Google equiv and to select nodes correctly based on what cloud they're in

data/bin/mu-run-tests

@@ -34,6 +34,7 @@ Usage:
 #{$0} [-m <#>] [-f] [-v] [specific test BoK to run [...]]
   EOS
   opt :max_threads, "Environment to set on creation.", :require => false, :default => 3, :type => :integer
+  opt :max_retries, "Number of times to retry failed tests in --dryrun mode.", :require => false, :default => 2, :type => :integer
   opt :full, "Actually run deploys, instead of --dryrun", :require => false, :default => false
   opt :verbose, "Show more information while running", :require => false, :default => false
 end
@@ -42,7 +43,7 @@ only = ARGV
 
 files = Dir.glob("*.yaml", base: dir)
 files.concat(Dir.glob("*.yml", base: dir))
-baseclouds = MU::Cloud.supportedClouds.reject { |c| c == "CloudFormation" }
+baseclouds = MU::Cloud.availableClouds.reject { |c| c == "CloudFormation" }
 
 commands = {}
 failures = []
@@ -56,20 +57,33 @@ end
 
 files.each { |f|
   clouds = baseclouds.dup
+  groomer_match = true
   File.open(dir+"/"+f).readlines.each { |l|
     l.chomp!
-    next if !l.match(/^\s*#\s*clouds: (.*)/)
-    clouds = []
-    cloudstr = Regexp.last_match[1]
-    cloudstr.split(/\s*,\s*/).each { |c|
-      baseclouds.each { |cloud|
-        if cloud.match(/^#{Regexp.quote(c)}$/i)
-          clouds << cloud
+    if l.match(/^\s*#\s*clouds: (.*)/)
+      clouds = []
+      cloudstr = Regexp.last_match[1]
+      cloudstr.split(/\s*,\s*/).each { |c|
+        baseclouds.each { |cloud|
+          if cloud.match(/^#{Regexp.quote(c)}$/i)
+            clouds << cloud
+          end
+        }
+      }
+    elsif l.match(/^\s*#\s*groomers: (.*)/)
+      groomerstr = Regexp.last_match[1]
+      groomerstr.split(/\s*,\s*/).each { |g|
+        if !MU::Groomer.availableGroomers.include?(g)
+          MU.log "#{f} requires groomer #{g}, which is not available. This test will be skipped.", MU::NOTICE
+          groomer_match = false
         end
       }
-    }
-    break
+    end
   }
+  if !groomer_match
+    next
+  end
+
   clouds.each { |cloud|
     cmd = "mu-deploy #{f} --cloud #{cloud} #{$opts[:full] ? "" : "--dryrun"}"
     commands[cmd] = {
@@ -108,8 +122,19 @@ def execCommand(cmd, results_stash)
   }
 
   ok = true
-  output = %x{#{cmd} 2>&1}
-  ok = false if $?.exitstatus != 0
+  retries = 0
+  begin
+    output = %x{#{cmd} 2>&1}
+    if $?.exitstatus != 0
+      ok = false
+      retries += 1
+      if $opts[:verbose] and !$opts[:full] and retries <= $opts[:max_retries]
+        puts "#{cmd} RETRY #{retries.to_s}".light_red
+      end
+    else
+      ok = true
+    end
+  end while !ok and !$opts[:full] and retries <= $opts[:max_retries]
 
   results_stash["output"] += output
 

data/cloud-mu.gemspec

@@ -17,8 +17,8 @@ end
 
 Gem::Specification.new do |s|
   s.name        = 'cloud-mu'
-  s.version     = '3.1.4'
-  s.date        = '2020-02-14'
+  s.version     = '3.3.1'
+  s.date        = '2020-09-29'
   s.require_paths = ['modules']
   s.required_ruby_version = '>= 2.4'
   s.summary     = "The eGTLabs Mu toolkit for unified cloud deployments"
@@ -52,14 +52,16 @@ EOF
   s.add_runtime_dependency 'net-ssh-multi', '~> 1.2', '>= 1.2.1'
   s.add_runtime_dependency 'netaddr', '~> 2.0'
   s.add_runtime_dependency 'nokogiri', "~> 1.10"
+  s.add_runtime_dependency 'openssl-oaep', "~> 0.1"
   s.add_runtime_dependency 'optimist', "~> 3.0"
   s.add_runtime_dependency 'rack', "~> 2.0"
   s.add_runtime_dependency 'ruby-graphviz', "~> 1.2"
   s.add_runtime_dependency 'rubocop', '~> 0.58'
-  s.add_runtime_dependency 'rubyzip', "~> 2.0"
+  s.add_runtime_dependency 'rubyzip', "~> 2.3"
   s.add_runtime_dependency 'simple-password-gen', "~> 0.1"
   s.add_runtime_dependency 'slack-notifier', "~> 2.3"
   s.add_runtime_dependency 'solve', '~> 4.0'
   s.add_runtime_dependency 'thin', "~> 1.7"
+  s.add_runtime_dependency 'winrm', "~> 2.3", ">= 2.3.4"
   s.add_runtime_dependency 'yard', "~> 0.9"
 end

data/cookbooks/mu-activedirectory/resources/domain.rb

@@ -19,7 +19,7 @@ attribute :domain_admin_password, :kind_of => String, :required => true
 attribute :restore_mode_password, :kind_of => String, :required => true
 attribute :site_name, :kind_of => String, :default => node['ad']['site_name'], :required => false
 attribute :computer_name, :kind_of => String, :default => node['ad']['computer_name']
-attribute :ntds_static_port, :kind_of => Fixnum, :default => node['ad']['ntds_static_port']
-attribute :ntfrs_static_port, :kind_of => Fixnum, :default => node['ad']['ntfrs_static_port']
-attribute :dfsr_static_port, :kind_of => Fixnum, :default => node['ad']['dfsr_static_port']
-attribute :netlogon_static_port, :kind_of => Fixnum, :default => node['ad']['netlogon_static_port']
+attribute :ntds_static_port, :kind_of => Integer, :default => node['ad']['ntds_static_port']
+attribute :ntfrs_static_port, :kind_of => Integer, :default => node['ad']['ntfrs_static_port']
+attribute :dfsr_static_port, :kind_of => Integer, :default => node['ad']['dfsr_static_port']
+attribute :netlogon_static_port, :kind_of => Integer, :default => node['ad']['netlogon_static_port']

data/cookbooks/mu-activedirectory/resources/domain_controller.rb

@@ -19,7 +19,7 @@ attribute :domain_admin_password, :kind_of => String, :required => true
 attribute :restore_mode_password, :kind_of => String, :required => true
 attribute :site_name, :kind_of => String, :default => node['ad']['site_name'], :required => false
 attribute :computer_name, :kind_of => String, :default => node['ad']['computer_name']
-attribute :ntds_static_port, :kind_of => Fixnum, :default => node['ad']['ntds_static_port']
-attribute :ntfrs_static_port, :kind_of => Fixnum, :default => node['ad']['ntfrs_static_port']
-attribute :dfsr_static_port, :kind_of => Fixnum, :default => node['ad']['dfsr_static_port']
-attribute :netlogon_static_port, :kind_of => Fixnum, :default => node['ad']['netlogon_static_port']
+attribute :ntds_static_port, :kind_of => Integer, :default => node['ad']['ntds_static_port']
+attribute :ntfrs_static_port, :kind_of => Integer, :default => node['ad']['ntfrs_static_port']
+attribute :dfsr_static_port, :kind_of => Integer, :default => node['ad']['dfsr_static_port']
+attribute :netlogon_static_port, :kind_of => Integer, :default => node['ad']['netlogon_static_port']

data/cookbooks/mu-tools/libraries/helper.rb

@@ -236,7 +236,7 @@ module Mutools
       response = nil
       begin
         secret = get_deploy_secret
-        if secret.nil?
+        if secret.nil? or secret.empty?
           raise "Failed to fetch deploy secret, and I can't communicate with Momma Cat without it"
         end
 

data/cookbooks/mu-tools/recipes/apply_security.rb

@@ -252,21 +252,21 @@ if !node['application_attributes']['skip_recipes'].include?('apply_security')
       #		end
       # 6.3 Configure PAM
       # 6.3.2 Set Password Creation Requirement Parameters Using pam_cracklib
-      template "/etc/pam.d/password-auth-local" do
-        source "etc_pamd_password-auth.erb"
-        mode 0644
-      end
-      link "/etc/pam.d/password-auth" do
-        to "/etc/pam.d/password-auth-local"
-      end
+#      template "/etc/pam.d/password-auth-local" do
+#        source "etc_pamd_password-auth.erb"
+#        mode 0644
+#      end
+#      link "/etc/pam.d/password-auth" do
+#        to "/etc/pam.d/password-auth-local"
+#      end
       #6.3.3 Set Lockout for Failed Password Attempts
-      template "/etc/pam.d/system-auth-local" do
-        source "etc_pamd_system-auth.erb"
-        mode 0644
-      end
-      link "/etc/pam.d/system-auth" do
-        to "/etc/pam.d/system-auth-local"
-      end
+#      template "/etc/pam.d/system-auth-local" do
+#        source "etc_pamd_system-auth.erb"
+#        mode 0644
+#      end
+#      link "/etc/pam.d/system-auth" do
+#        to "/etc/pam.d/system-auth-local"
+#      end
   
       #SV-50303r1_rule/SV-50304r1_rule
       execute "chown root:root /etc/shadow"

data/cookbooks/mu-tools/recipes/aws_api.rb

@@ -21,3 +21,12 @@ chef_gem "aws-sdk-core" do
   version "2.11.24"
   action :install
 end
+
+if platform_family?("rhel") or platform_family?("amazon")
+  if node['platform_version'].to_i == 6
+    package "python34-pip"
+    execute "/usr/bin/pip3 install awscli" do
+      not_if "test -x /usr/bin/aws"
+    end
+  end
+end

data/cookbooks/mu-tools/recipes/eks.rb

@@ -160,8 +160,8 @@ Environment='KUBELET_EXTRA_ARGS=$KUBELET_EXTRA_ARGS'
 
   opento.uniq.each { |src|
     [:tcp, :udp, :icmp].each { |proto|
-      execute "iptables -I INPUT -p #{proto} -s #{src}" do
-        not_if "iptables -L -n | tr -s ' ' | grep -- '#{proto} -- #{src.sub(/\/32$/, "")}' > /dev/null"
+      execute "iptables -w 30 -I INPUT -p #{proto} -s #{src}" do
+        not_if "iptables -w 30 -L -n | tr -s ' ' | grep -- '#{proto} -- #{src.sub(/\/32$/, "")}' > /dev/null"
       end
     }
   }

data/cookbooks/mu-tools/recipes/selinux.rb

@@ -4,7 +4,8 @@
 #
 # Copyright:: 2019, The Authors, All Rights Reserved.
 
-if !node['application_attributes']['skip_recipes'].include?('selinux')
+if !node['application_attributes']['skip_recipes'].include?('selinux') and
+   (platform_family?("rhel") or platform_family?("amazon"))
 
   selinux_state "SELinux Enforcing" do
     action :enforcing

data/cookbooks/mu-tools/recipes/windows-client.rb

@@ -26,20 +26,22 @@ if !node['application_attributes']['skip_recipes'].include?('windows-client')
 
       sshd_password = windows_vault[node['windows_sshd_password_field']]
 
+      admin_user = node['windows_admin_username'] || "Administrator"
+
       windows_version = node['platform_version'].to_i
       
       public_keys = Array.new
 
-      if windows_version == 10
+      if windows_version >= 10
         Chef::Log.info "version #{windows_version}, using openssh"
 
         include_recipe 'chocolatey'
 
         openssh_path = 'C:\Program Files\OpenSSH-Win64'
 
-        ssh_program_data = "#{ENV['ProgramData']}/ssh"
+        ssh_program_data = "#{ENV['ProgramData']}\\ssh"
 
-        ssh_dir = "C:/Users/Administrator/.ssh"
+        ssh_dir = "C:/Users/#{admin_user}/.ssh"
 
         authorized_keys = "#{ssh_dir}/authorized_keys"
 
@@ -86,7 +88,8 @@ if !node['application_attributes']['skip_recipes'].include?('windows-client')
           path ssh_program_data
           owner sshd_user
           rights :full_control, sshd_user
-          rights :full_control, 'Administrator'
+          rights :full_control, admin_user
+          notifies :run, 'ruby[find files to change ownership of]', :immediately
           notifies :run, 'powershell_script[Generate Host Key]', :immediately
         end
 
@@ -97,22 +100,22 @@ if !node['application_attributes']['skip_recipes'].include?('windows-client')
           notifies :create, "template[#{ssh_program_data}/sshd_config]", :immediately
         end
 
-        template "#{ssh_program_data}/sshd_config" do
+        directory "set file ownership" do
           action :nothing
+          path ssh_program_data
           owner sshd_user
-          source "sshd_config.erb"
           mode '0600'
-          cookbook "mu-tools"
-          notifies :run, 'ruby[find files to change ownership of]', :immediately
+          rights :full_control, sshd_user
+          deny_rights :full_control, admin_user
         end
 
-        directory "set file ownership" do
+        template "#{ssh_program_data}/sshd_config" do
           action :nothing
-          path ssh_program_data
           owner sshd_user
+          source "sshd_config.erb"
           mode '0600'
-          rights :full_control, sshd_user
-          deny_rights :full_control, 'Administrator'
+          cookbook "mu-tools"
+          notifies :run, 'ruby[find files to change ownership of]', :immediately
         end
 
         windows_service 'sshd' do
@@ -120,26 +123,26 @@ if !node['application_attributes']['skip_recipes'].include?('windows-client')
         end
 
         group 'sshusers' do
-          members [sshd_user, 'Administrator']
+          members [sshd_user, admin_user]
         end
 
         ruby 'find files to change ownership of' do
           action :nothing
           code <<-EOH
-            files = Dir.entries ssh_program_data
+            files = Dir.entries '#{ssh_program_data}'
             puts files
           EOH
         end
 
-        log 'files in ssh' do
-          message files.join
-          level :info
-        end
-
+#        log 'files in ssh' do
+#          message files.join
+#          level :info
+#        end
+#
         files.each do |file|
           file "#{ssh_program_data}#{file}" do
             owner sshd_user
-            deny_rights :full_control, 'Administrator'
+            deny_rights :full_control, admin_user
           end
         end
 
@@ -150,7 +153,7 @@ if !node['application_attributes']['skip_recipes'].include?('windows-client')
         end
 
         file authorized_keys do
-          owner 'Administrator'
+          owner admin_user
           content public_key
         end
 
@@ -184,153 +187,149 @@ if !node['application_attributes']['skip_recipes'].include?('windows-client')
 #        end
 #      }
 
-        reboot "Cygwin LSA" do
-          action :nothing
-          reason "Enabling Cygwin LSA support"
-        end
-
-        powershell_script "Configuring Cygwin LSA support" do
-          code <<-EOH
-            Invoke-Expression '& #{cygwindir}/bin/bash.exe --login -c "echo yes | /bin/cyglsa-config"'
-          EOH
-          not_if {
-            lsa_found = false
-            if registry_key_exists?("HKLM\\SYSTEM\\CurrentControlSet\\Control\\Lsa")
-              registry_get_values("HKLM\\SYSTEM\\CurrentControlSet\\Control\\Lsa").each { |val|
-                if val[:name] == "Authentication Packages"
-                  lsa_found = true if val[:data].grep(/cyglsa64\.dll/)
-                  break
-                end
-              }
-            end
-            lsa_found
-          }
-          notifies :reboot_now, "reboot[Cygwin LSA]", :immediately
-        end
-
-        powershell_script "enable Cygwin sshd" do
-          code <<-EOH
-            Invoke-Expression -Debug '& #{cygwindir}/bin/bash.exe --login -c "ssh-host-config -y -c ntsec -w ''#{sshd_password}'' -u #{sshd_user}"'
-            Invoke-Expression -Debug '& #{cygwindir}/bin/bash.exe --login -c "sed -i.bak ''s/#.*StrictModes.*yes/StrictModes no/'' /etc/sshd_config"'
-            Invoke-Expression -Debug '& #{cygwindir}/bin/bash.exe --login -c "sed -i.bak ''s/#.*PasswordAuthentication.*yes/PasswordAuthentication no/'' /etc/sshd_config"'
-            Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "chown #{sshd_user} /var/empty /var/log/sshd.log /etc/ssh*; chmod 755 /var/empty"'
-          EOH
-          sensitive true
-          not_if %Q{Get-Service "sshd"}
-        end
-        powershell_script "set unix-style Cygwin sshd permissions" do
-          code <<-EOH
-            if((Get-WmiObject win32_computersystem).partofdomain){
-              Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "mkpasswd -d > /etc/passwd"'
-              Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "mkgroup -l -d > /etc/group"'
-            } else {
-              Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "mkpasswd -l > /etc/passwd"'
-              Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "mkgroup -l > /etc/group"'
-            }
-            Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "chown #{sshd_user} /var/empty /var/log/sshd.log /etc/ssh*; chmod 755 /var/empty"'
-          EOH
-        end
-
-        include_recipe 'mu-activedirectory'
-
-        ::Chef::Recipe.send(:include, Chef::Mixin::PowershellOut)
-
-        template "c:/bin/cygwin/etc/sshd_config" do
-          source "sshd_config.erb"
-          mode 0644
-          cookbook "mu-tools"
-          ignore_failure true
-        end
-
-        ec2config_user= windows_vault[node['windows_ec2config_username_field']]
-        ec2config_password = windows_vault[node['windows_ec2config_password_field']]
-        login_dom = "."
-
-        if in_domain?
-
-          ad_vault = chef_vault_item(node['ad']['domain_admin_vault'], node['ad']['domain_admin_item'])
-          login_dom = node['ad']['netbios_name']
-
-          windows_users node['ad']['computer_name'] do
-            username ad_vault[node['ad']['domain_admin_username_field']]
-            password ad_vault[node['ad']['domain_admin_password_field']]
-            domain_name node['ad']['domain_name']
-            netbios_name node['ad']['netbios_name']
-            dc_ips node['ad']['dc_ips']
-            ssh_user sshd_user
-            ssh_password sshd_password
-            ec2config_user ec2config_user
-            ec2config_password ec2config_password
-          end
-
-          aws_windows "ec2" do
-            username ec2config_user
-            service_username "#{node['ad']['netbios_name']}\\#{ec2config_user}"
-            password ec2config_password
-          end
-
-          scheduled_tasks "tasks" do
-            username ad_vault[node['ad']['domain_admin_username_field']]
-            password ad_vault[node['ad']['domain_admin_password_field']]
-          end
-
-          sshd_service "sshd" do
-            service_username "#{node['ad']['netbios_name']}\\#{sshd_user}"
-            username sshd_user
-            password sshd_password
-          end
-
-          begin
-            resources('service[sshd]')
-          escue Chef::Exceptions::ResourceNotFound
-            service "sshd" do
-              action [:enable, :start]
-              sensitive true
-            end
-          end
-        else
-          windows_users node['hostname'] do
-            username node['windows_admin_username']
-            password windows_vault[node['windows_auth_password_field']]
-            ssh_user sshd_user
-            ssh_password sshd_password
-            ec2config_user ec2config_user
-            ec2config_password ec2config_password
-          end
-
-          aws_windows "ec2" do
-            username ec2config_user
-            service_username ".\\#{ec2config_user}"
-            password ec2config_password
-          end
-
-          scheduled_tasks "tasks" do
-            username node['windows_admin_username']
-            password windows_vault[node['windows_auth_password_field']]
-          end
+#        reboot "Cygwin LSA" do
+#          action :nothing
+#          reason "Enabling Cygwin LSA support"
+#        end
+#
+#        powershell_script "Configuring Cygwin LSA support" do
+#          code <<-EOH
+#            Invoke-Expression '& #{cygwindir}/bin/bash.exe --login -c "echo yes | /bin/cyglsa-config"'
+#          EOH
+#          not_if {
+#            lsa_found = false
+#            if registry_key_exists?("HKLM\\SYSTEM\\CurrentControlSet\\Control\\Lsa")
+#              registry_get_values("HKLM\\SYSTEM\\CurrentControlSet\\Control\\Lsa").each { |val|
+#                if val[:name] == "Authentication Packages"
+#                  lsa_found = true if val[:data].grep(/cyglsa64\.dll/)
+#                  break
+#                end
+#              }
+#            end
+#            lsa_found
+#          }
+#          notifies :reboot_now, "reboot[Cygwin LSA]", :immediately
+#        end
+#
+#        powershell_script "enable Cygwin sshd" do
+#          code <<-EOH
+#            Invoke-Expression -Debug '& #{cygwindir}/bin/bash.exe --login -c "ssh-host-config -y -c ntsec -w ''#{sshd_password}'' -u #{sshd_user}"'
+#            Invoke-Expression -Debug '& #{cygwindir}/bin/bash.exe --login -c "sed -i.bak ''s/#.*StrictModes.*yes/StrictModes no/'' /etc/sshd_config"'
+#            Invoke-Expression -Debug '& #{cygwindir}/bin/bash.exe --login -c "sed -i.bak ''s/#.*PasswordAuthentication.*yes/PasswordAuthentication no/'' /etc/sshd_config"'
+#            Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "chown #{sshd_user} /var/empty /var/log/sshd.log /etc/ssh*; chmod 755 /var/empty"'
+#          EOH
+#          sensitive true
+#          not_if %Q{Get-Service "sshd"}
+#        end
+#        powershell_script "set unix-style Cygwin sshd permissions" do
+#          code <<-EOH
+#            if((Get-WmiObject win32_computersystem).partofdomain){
+#              Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "mkpasswd -d > /etc/passwd"'
+#              Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "mkgroup -l -d > /etc/group"'
+#            } else {
+#              Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "mkpasswd -l > /etc/passwd"'
+#              Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "mkgroup -l > /etc/group"'
+#            }
+#            Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "chown #{sshd_user} /var/empty /var/log/sshd.log /etc/ssh*; chmod 755 /var/empty"'
+#          EOH
+#        end
+#
+#        include_recipe 'mu-activedirectory'
+#
+#        ::Chef::Recipe.send(:include, Chef::Mixin::PowershellOut)
+#
+#        template "c:/bin/cygwin/etc/sshd_config" do
+#          source "sshd_config.erb"
+#          mode 0644
+#          cookbook "mu-tools"
+#          ignore_failure true
+#        end
+#
+#        ec2config_user= windows_vault[node['windows_ec2config_username_field']]
+#        ec2config_password = windows_vault[node['windows_ec2config_password_field']]
+#        login_dom = "."
+#
+#        if in_domain?
+#
+#          ad_vault = chef_vault_item(node['ad']['domain_admin_vault'], node['ad']['domain_admin_item'])
+#          login_dom = node['ad']['netbios_name']
+#
+#          windows_users node['ad']['computer_name'] do
+#            username ad_vault[node['ad']['domain_admin_username_field']]
+#            password ad_vault[node['ad']['domain_admin_password_field']]
+#            domain_name node['ad']['domain_name']
+#            netbios_name node['ad']['netbios_name']
+#            dc_ips node['ad']['dc_ips']
+#            ssh_user sshd_user
+#            ssh_password sshd_password
+#            ec2config_user ec2config_user
+#            ec2config_password ec2config_password
+#          end
+#
+#          aws_windows "ec2" do
+#            username ec2config_user
+#            service_username "#{node['ad']['netbios_name']}\\#{ec2config_user}"
+#            password ec2config_password
+#          end
+#
+#          scheduled_tasks "tasks" do
+#            username ad_vault[node['ad']['domain_admin_username_field']]
+#            password ad_vault[node['ad']['domain_admin_password_field']]
+#          end
+#
+#          sshd_service "sshd" do
+#            service_username "#{node['ad']['netbios_name']}\\#{sshd_user}"
+#            username sshd_user
+#            password sshd_password
+#          end
+#
+#          begin
+#            resources('service[sshd]')
+#          escue Chef::Exceptions::ResourceNotFound
+#            service "sshd" do
+#              action [:enable, :start]
+#              sensitive true
+#            end
+#          end
+#        else
+#          windows_users node['hostname'] do
+#            username node['windows_admin_username']
+#            password windows_vault[node['windows_auth_password_field']]
+#            ssh_user sshd_user
+#            ssh_password sshd_password
+#            ec2config_user ec2config_user
+#            ec2config_password ec2config_password
+#          end
+#
+#          aws_windows "ec2" do
+#            username ec2config_user
+#            service_username ".\\#{ec2config_user}"
+#            password ec2config_password
+#          end
+#
+#          scheduled_tasks "tasks" do
+#            username node['windows_admin_username']
+#            password windows_vault[node['windows_auth_password_field']]
+#          end
+#
+#          sshd_service "sshd" do
+#            username sshd_user
+#            service_username ".\\#{sshd_user}"
+#            password sshd_password
+#        end
+#        begin
+#          resources('service[sshd]')
+#        rescue Chef::Exceptions::ResourceNotFound
+#          service "Cygwin sshd as '#{sshd_user}'" do
+#						service_name "sshd"
+#            action [:enable, :start]
+#            sensitive true
+#          end
+#        end
 
-          sshd_service "sshd" do
-            username sshd_user
-            service_username ".\\#{sshd_user}"
-            password sshd_password
-        end
-        begin
-          resources('service[sshd]')
-        rescue Chef::Exceptions::ResourceNotFound
-          service "Cygwin sshd as '#{sshd_user}'" do
-						service_name "sshd"
-            action [:enable, :start]
-            sensitive true
-          end
-        end
-      end
     end
 
     else
       Chef::Log.info("mu-tools::windows-client: Unsupported platform #{node['platform']}")
   end
 end
-# Copyright:: Copyright (c) 2014 eGlobalTech, Inc., all rights reserved
-#
-# Cookbook Name:: mu-tools
-# Recipe:: windows-client