cloud-mu 3.1.5 → 3.3.2

data/modules/mu/mommacat/daemon.rb

@@ -33,7 +33,7 @@ module MU
       my_key = OpenSSL::PKey::RSA.new(@private_key)
 
       begin
-        if my_key.private_decrypt(ciphertext).force_encoding("UTF-8") == @deploy_secret.force_encoding("UTF-8")
+        if my_key.private_decrypt(ciphertext).force_encoding("UTF-8").chomp == @deploy_secret.force_encoding("UTF-8").chomp
           MU.log "Matched ciphertext for #{MU.deploy_id}", MU::INFO
           return true
         else
@@ -165,11 +165,11 @@ module MU
         if e.class.name != "MU::Cloud::AWS::Server::BootstrapTempFail" and !File.exist?(deploy_dir+"/.cleanup."+cloud_id) and !File.exist?(deploy_dir+"/.cleanup")
           MU.log "Grooming FAILED for #{kitten.mu_name} (#{e.inspect})", MU::ERR, details: e.backtrace
           sendAdminSlack("Grooming FAILED for `#{kitten.mu_name}` with `#{e.message}` :crying_cat_face:", msg: e.backtrace.join("\n"))
-         sendAdminMail("Grooming FAILED for #{kitten.mu_name} on #{MU.appname} \"#{MU.handle}\" (#{MU.deploy_id})",
-           msg: e.inspect,
-           data: e.backtrace,
-           debug: true
-         )
+          sendAdminMail("Grooming FAILED for #{kitten.mu_name} on #{MU.appname} \"#{MU.handle}\" (#{MU.deploy_id})",
+            msg: e.inspect,
+            data: e.backtrace,
+            debug: true
+          )
           raise e if reraise_fail
         else
           MU.log "Grooming of #{kitten.mu_name} interrupted by cleanup or planned reboot"
@@ -288,8 +288,8 @@ module MU
 
     # Path to the PID file used by the Momma Cat daemon
     # @return [String]
-    def self.daemonPidFile
-      base = (Process.uid == 0 and !MU.localOnly) ? "/var" : MU.dataDir
+    def self.daemonPidFile(root = false)
+      base = ((Process.uid == 0 or root) and !MU.localOnly) ? "/var" : MU.dataDir
       "#{base}/run/mommacat.pid"
     end
 
@@ -306,8 +306,14 @@ module MU
           Dir.mkdir(dir)
         end
       }
-      return 0 if status
+      if (Process.uid != 0 and
+           (!$MU_CFG['overridden_keys'] or !$MU_CFG['overridden_keys'].include?("mommacat_port")) and
+            status(true)
+         ) or status
+        return 0
+      end
     
+      File.unlink(daemonPidFile) if File.exists?(daemonPidFile)
       MU.log "Starting Momma Cat on port #{MU.mommaCatPort}, logging to #{daemonLogFile}, PID file #{daemonPidFile}"
       origdir = Dir.getwd
       Dir.chdir(MU.myRoot+"/modules")
@@ -342,22 +348,25 @@ module MU
       return $?.exitstatus
     end
 
+    @@notified_on_pid = {}
+
     # Return true if the Momma Cat daemon appears to be running
     # @return [Boolean]
-    def self.status
+    def self.status(root = false)
       if MU.inGem? and MU.muCfg['disable_mommacat']
         return true
       end
-      if File.exist?(daemonPidFile)
-        pid = File.read(daemonPidFile).chomp.to_i
+      if File.exist?(daemonPidFile(root))
+        pid = File.read(daemonPidFile(root)).chomp.to_i
         begin
           Process.getpgid(pid)
-          MU.log "Momma Cat running with pid #{pid.to_s}"
+          MU.log "Momma Cat running with pid #{pid.to_s}", (@@notified_on_pid[pid] ? MU::DEBUG : MU::INFO) # shush
+          @@notified_on_pid[pid] = true
           return true
         rescue Errno::ESRCH
         end
       end
-      MU.log "Momma Cat daemon not running", MU::NOTICE, details: daemonPidFile
+      MU.log "Momma Cat daemon not running", MU::NOTICE, details: daemonPidFile(root)
       false
     end
     

data/modules/mu/mommacat/naming.rb

@@ -19,6 +19,112 @@ module MU
   # the normal synchronous deploy sequence invoked by *mu-deploy*.
   class MommaCat
 
+    # Lookup table to translate the word "habitat" back to its
+    # provider-specific jargon
+    HABITAT_SYNONYMS = {
+      "AWS" => "account",
+      "CloudFormation" => "account",
+      "Google" => "project",
+      "Azure" => "subscription",
+      "VMWare" => "sddc"
+    }
+
+    # Given a cloud provider's native descriptor for a resource, make some
+    # reasonable guesses about what the thing's name should be.
+    def self.guessName(desc, resourceclass, cloud_id: nil, tag_value: nil)
+      if desc.respond_to?(:tags) and
+         desc.tags.is_a?(Array) and
+         desc.tags.first.respond_to?(:key) and
+         desc.tags.map { |t| t.key }.include?("Name")
+        desc.tags.select { |t| t.key == "Name" }.first.value
+      else
+        try = nil
+        # Various GCP fields
+        [:display_name, :name, (resourceclass.cfg_name+"_name").to_sym].each { |field|
+          if desc.respond_to?(field) and desc.send(field).is_a?(String)
+            try = desc.send(field)
+            break
+          end
+
+        }
+        try ||= if !tag_value.nil?
+            tag_value
+          else
+            cloud_id
+          end
+        try
+      end
+
+    end
+
+    # Given a piece of a BoK resource descriptor Hash, come up with shorthand
+    # strings to give it a name for human readers. If nothing reasonable can be
+    # extracted, returns nil.
+    # @param obj [Hash]
+    # @param array_of [String]
+    # @param habitat_translate [String]
+    # @return [Array<String,nil>]
+    def self.getChunkName(obj, array_of = nil, habitat_translate: nil)
+      return [nil, nil] if obj.nil?
+      if [String, Integer, Boolean].include?(obj.class)
+        return [obj, nil]
+      end
+      obj_type = array_of || obj['type']
+      obj_name = obj['name'] || obj['id'] || obj['mu_name'] || obj['cloud_id']
+
+      name_string = if obj_name
+        if obj_type
+          "#{obj_type}[#{obj_name}]"
+        else
+          obj_name.dup
+        end
+      else
+        found_it = nil
+        using = nil
+        ["entity", "role"].each { |subtype|
+          if obj[subtype] and obj[subtype].is_a?(Hash)
+            found_it = if obj[subtype]["id"]
+              obj[subtype]['id'].dup
+            elsif obj[subtype]["type"] and obj[subtype]["name"]
+              "#{obj[subtype]['type']}[#{obj[subtype]['name']}]"
+            end
+            break
+          end
+        }
+        found_it
+      end
+      if name_string
+        name_string.gsub!(/\[.+?\](\[.+?\]$)/, '\1')
+        if habitat_translate and HABITAT_SYNONYMS[habitat_translate]
+          name_string.sub!(/^habitats?\[(.+?)\]/i, HABITAT_SYNONYMS[habitat_translate]+'[\1]')
+        end
+      end
+
+      location_list = []
+
+      location = if obj['project']
+        obj['project']
+      elsif obj['habitat'] and (obj['habitat']['id'] or obj['habitat']['name'])
+        obj['habitat']['name'] || obj['habitat']['id']
+      else
+        hab_str = nil
+        ['projects', 'habitats'].each { |key|
+
+          if obj[key] and obj[key].is_a?(Array)
+            location_list = obj[key].sort.map { |p|
+              (p["name"] || p["id"]).gsub(/^.*?[^\/]+\/([^\/]+)$/, '\1')
+            }
+            hab_str = location_list.join(", ")
+            name_string.gsub!(/^.*?[^\/]+\/([^\/]+)$/, '\1') if name_string
+            break
+          end
+        }
+        hab_str
+      end
+
+      [name_string, location, location_list]
+    end
+
     # Generate a three-character string which can be used to unique-ify the
     # names of resources which might potentially collide, e.g. Windows local
     # hostnames, Amazon Elastic Load Balancers, or server pool instances.
@@ -190,17 +296,18 @@ module MU
     # SSH config entries, etc.
     # @param server [MU::Cloud::Server]: The {MU::Cloud::Server} we'll be setting up.
     # @param sync_wait [Boolean]: Whether to wait for DNS to fully synchronize before returning.
-    def self.nameKitten(server, sync_wait: false)
+    def self.nameKitten(server, sync_wait: false, no_dns: false)
       node, config, _deploydata = server.describe
 
       mu_zone = nil
       # XXX GCP!
-      if MU::Cloud::AWS.hosted? and !MU::Cloud::AWS.isGovCloud?
+      if !no_dns and MU::Cloud::AWS.hosted? and !MU::Cloud::AWS.isGovCloud?
         zones = MU::Cloud::DNSZone.find(cloud_id: "platform-mu")
         mu_zone = zones.values.first if !zones.nil?
       end
+
       if !mu_zone.nil?
-        MU::Cloud::DNSZone.genericMuDNSEntry(name: node, target: server.canonicalIP, cloudclass: MU::Cloud::Server, sync_wait: sync_wait)
+        MU::Cloud::DNSZone.genericMuDNSEntry(name: node.gsub(/[^a-z0-9!"\#$%&'\(\)\*\+,\-\/:;<=>\?@\[\]\^_`{\|}~\.]/, '-').gsub(/--|^-/, ''), target: server.canonicalIP, cloudclass: MU::Cloud::Server, sync_wait: sync_wait)
       else
         MU::Master.addInstanceToEtcHosts(server.canonicalIP, node)
       end

data/modules/mu/mommacat/search.rb

@@ -0,0 +1,497 @@
+# Copyright:: Copyright (c) 2020 eGlobalTech, Inc., all rights reserved
+#
+# Licensed under the BSD-3 license (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the root of the project or at
+#
+#     http://egt-labs.com/mu/LICENSE.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module MU
+
+  # MommaCat is in charge of managing metadata about resources we've created,
+  # as well as orchestrating amongst them and bootstrapping nodes outside of
+  # the normal synchronous deploy sequence invoked by *mu-deploy*.
+  class MommaCat
+
+    @@desc_semaphore = Mutex.new
+
+    # A search which returned multiple matches, but is not allowed to
+    class MultipleMatches < MuError
+      def initialize(message = nil)
+        super(message, silent: true)
+      end
+    end
+
+    # Locate a resource that's either a member of another deployment, or of no
+    # deployment at all, and return a {MU::Cloud} object for it.
+    # @param cloud [String]: The Cloud provider to use.
+    # @param type [String]: The resource type. Can be the full class name, symbolic name, or Basket of Kittens configuration shorthand for the resource type.
+    # @param deploy_id [String]: The identifier of an outside deploy to search.
+    # @param name [String]: The name of the resource as defined in its 'name' Basket of Kittens field, typically used in conjunction with deploy_id.
+    # @param mu_name [String]: The fully-resolved and deployed name of the resource, typically used in conjunction with deploy_id.
+    # @param cloud_id [String]: A cloud provider identifier for this resource.
+    # @param region [String]: The cloud provider region
+    # @param tag_key [String]: A cloud provider tag to help identify the resource, used in conjunction with tag_value.
+    # @param tag_value [String]: A cloud provider tag to help identify the resource, used in conjunction with tag_key.
+    # @param allow_multi [Boolean]: Permit an array of matching resources to be returned (if applicable) instead of just one.
+    # @param dummy_ok [Boolean]: Permit return of a faked {MU::Cloud} object if we don't have enough information to identify a real live one.
+    # @return [Array<MU::Cloud>]
+    def self.findStray(cloud, type,
+        dummy_ok: false,
+        no_deploy_search: false,
+        allow_multi: false,
+        deploy_id: nil,
+        name: nil,
+        mu_name: nil,
+        cloud_id: nil,
+        credentials: nil,
+        region: nil,
+        tag_key: nil,
+        tag_value: nil,
+        calling_deploy: MU.mommacat,
+        habitats: [],
+        **flags
+      ) 
+      _shortclass, _cfg_name, type, _classname, _attrs = MU::Cloud.getResourceNames(type, true)
+
+      cloudclass = MU::Cloud.cloudClass(cloud)
+      return nil if cloudclass.virtual?
+
+      if (tag_key and !tag_value) or (!tag_key and tag_value)
+        raise MuError, "Can't call findStray with only one of tag_key and tag_value set, must be both or neither"
+      end
+
+      credlist = credentials ? [credentials] : cloudclass.listCredentials
+
+      # Help ourselves by making more refined parameters out of mu_name, if
+      # they weren't passed explicitly
+      if mu_name
+        # We can extract a deploy_id from mu_name if we don't have one already
+        deploy_id ||= mu_name.sub(/^(\w+-\w+-\d{10}-[A-Z]{2})-/, '\1')
+        if !tag_key and !tag_value
+          tag_key = "Name"
+          tag_value = mu_name
+        end
+      end
+
+      # See if the thing we're looking for is a member of the deploy that's
+      # asking after it.
+      if !deploy_id.nil? and !calling_deploy.nil? and
+          calling_deploy.deploy_id == deploy_id and (!name.nil? or !mu_name.nil?)
+        kitten = calling_deploy.findLitterMate(type: type, name: name, mu_name: mu_name, cloud_id: cloud_id, credentials: credentials)
+        return [kitten] if !kitten.nil?
+      end
+
+      # See if we have it in deployment metadata generally
+      kittens = {}
+      if !no_deploy_search and (deploy_id or name or mu_name or cloud_id)
+        kittens = search_my_deploys(type, deploy_id: deploy_id, name: name, mu_name: mu_name, cloud_id: cloud_id, credentials: credentials)
+        return kittens.values if kittens.size == 1
+
+        # We can't refine any further by asking the cloud provider...
+        if kittens.size > 1 and !allow_multi and
+           !cloud_id and !tag_key and !tag_value
+          raise MultipleMatches, "Multiple matches in MU::MommaCat.findStray where none allowed from #{cloud}, #{type}, name: #{name}, mu_name: #{mu_name}, cloud_id: #{cloud_id}, credentials: #{credentials}, habitats: #{habitats} (#{caller(1..1)})"
+        end
+      end
+
+      if !cloud_id and !(tag_key and tag_value) and (name or mu_name or deploy_id)
+        return kittens.values
+      end
+      matches = []
+
+      credlist.each { |creds|
+#            next if region and region.is_a?(Array) and !region.empty? and !region.include?(r)
+        cloud_descs = search_cloud_provider(type, cloud, habitats, region, cloud_id: cloud_id, tag_key: tag_key, tag_value: tag_value, credentials: creds, flags: flags)
+
+        cloud_descs.each_pair.each { |p, regions|
+          regions.each_pair.each { |r, results|
+            results.each_pair { |kitten_cloud_id, descriptor|
+              # We already have a MU::Cloud object for this guy, use it
+              if kittens.has_key?(kitten_cloud_id)
+                matches << kittens[kitten_cloud_id]
+              elsif dummy_ok and kittens.empty?
+# XXX this is why this was threaded
+                matches << generate_dummy_object(type, cloud, name, mu_name, kitten_cloud_id, descriptor, r, p, tag_value, calling_deploy, creds)
+              end
+            }
+          }
+        }
+      }
+
+      matches
+    end
+
+    @object_load_fails = false
+
+    # Return the resource object of another member of this deployment
+    # @param type [String,Symbol]: The type of resource
+    # @param name [String]: The name of the resource as defined in its 'name' Basket of Kittens field
+    # @param mu_name [String]: The fully-resolved and deployed name of the resource
+    # @param cloud_id [String]: The cloud provider's unique identifier for this resource
+    # @param created_only [Boolean]: Only return the littermate if its cloud_id method returns a value
+    # @param return_all [Boolean]: Return a Hash of matching objects indexed by their mu_name, instead of a single match. Only valid for resource types where has_multiples is true.
+    # @return [MU::Cloud]
+    def findLitterMate(type: nil, name: nil, mu_name: nil, cloud_id: nil, created_only: false, return_all: false, credentials: nil, habitat: nil, ignore_missing: false, debug: false, **flags)
+      _shortclass, _cfg_name, type, _classname, attrs = MU::Cloud.getResourceNames(type)
+
+      # If we specified a habitat, which we may also have done by its shorthand
+      # sibling name, or a Ref. Convert to something we can use.
+      habitat = resolve_habitat(habitat, credentials: credentials)
+
+      nofilter = (mu_name.nil? and cloud_id.nil? and credentials.nil?)
+
+      does_match = Proc.new { |obj|
+
+        (!created_only or !obj.cloud_id.nil?) and (nofilter or (
+          (mu_name and obj.mu_name and mu_name.to_s == obj.mu_name) or
+          (cloud_id and obj.cloud_id and cloud_id.to_s == obj.cloud_id.to_s) or
+          (credentials and obj.credentials and credentials.to_s == obj.credentials.to_s) and
+          !(
+            (mu_name and obj.mu_name and mu_name.to_s != obj.mu_name) or
+            (cloud_id and obj.cloud_id and cloud_id.to_s != obj.cloud_id.to_s) or
+            (credentials and obj.credentials and credentials.to_s != obj.credentials.to_s)
+          )
+        ))
+      }
+
+      @kitten_semaphore.synchronize {
+
+        if !@kittens.has_key?(type)
+          return nil if !@original_config or @original_config[type].nil? or @original_config[type].empty?
+          begin
+            loadObjects(false)
+          rescue ThreadError => e
+            if e.message !~ /deadlock/
+              raise e
+            end
+          end
+          if @object_load_fails or !@kittens[type]
+            if !ignore_missing
+              MU.log "#{@deploy_id}'s original config has #{@original_config[type].size == 1 ? "a" : @original_config[type].size.to_s} #{type}, but loadObjects could not populate anything from deployment metadata", MU::ERR if !@object_load_fails
+              @object_load_fails = true
+            end
+            return nil
+          end
+        end
+        matches = {}
+        @kittens[type].each { |habitat_group, sib_classes|
+          next if habitat and habitat_group and habitat_group != habitat
+          sib_classes.each_pair { |sib_class, cloud_objs|
+
+            if attrs[:has_multiples]
+              next if !name.nil? and name != sib_class or cloud_objs.empty?
+              if !name.nil?
+                if return_all
+                  matches.merge!(cloud_objs.clone)
+                  next
+                elsif cloud_objs.size == 1 and does_match.call(cloud_objs.values.first)
+                  return cloud_objs.values.first
+                end
+              end
+              
+              cloud_objs.each_value { |obj|
+                if does_match.call(obj)
+                  if return_all
+                    matches.merge!(cloud_objs.clone)
+                  else
+                    return obj.clone
+                  end
+                end
+              }
+            # has_multiples is false, "cloud_objs" is actually a singular object
+            elsif (name.nil? and does_match.call(cloud_objs)) or [sib_class, cloud_objs.virtual_name(name)].include?(name.to_s)
+              matches[cloud_objs.config['name']] = cloud_objs.clone
+            end
+          }
+        }
+
+        return matches if return_all and matches.size >= 1
+
+        return matches.values.first if matches.size == 1
+
+      }
+
+      return nil
+    end
+
+
+    private
+
+    def resolve_habitat(habitat, credentials: nil, debug: false)
+      return nil if habitat.nil?
+      if habitat.is_a?(MU::Config::Ref) and habitat.id
+        return habitat.id
+      else
+        realhabitat = findLitterMate(type: "habitat", name: habitat, credentials: credentials)
+        if realhabitat and realhabitat.mu_name
+          return realhabitat.cloud_id
+        elsif debug
+          MU.log "Failed to resolve habitat name #{habitat}", MU::WARN
+        end
+      end
+    end
+
+    def self.generate_dummy_object(type, cloud, name, mu_name, cloud_id, desc, region, habitat, tag_value, calling_deploy, credentials)
+      resourceclass = MU::Cloud.resourceClass(cloud, type)
+
+      use_name = if (name.nil? or name.empty?)
+        if !mu_name.nil?
+          mu_name
+        else
+          guessName(desc, resourceclass, cloud_id: cloud_id, tag_value: tag_value)
+        end
+      else
+        name
+      end
+
+      if use_name.nil?
+        return
+      end
+
+      cfg = {
+        "name" => use_name,
+        "cloud" => cloud,
+        "credentials" => credentials
+      }
+      if !region.nil? and !resourceclass.isGlobal? 
+        cfg["region"] = region
+      end
+
+      if resourceclass.canLiveIn.include?(:Habitat) and habitat
+        cfg["project"] = habitat
+      end
+
+      # If we can at least find the config from the deploy this will
+      # belong with, use that, even if it's an ungroomed resource.
+      if !calling_deploy.nil? and
+         !calling_deploy.original_config.nil? and
+         !calling_deploy.original_config[type+"s"].nil?
+        calling_deploy.original_config[type+"s"].each { |s|
+          if s["name"] == use_name
+            cfg = s.dup
+            break
+          end
+        }
+
+        return resourceclass.new(mommacat: calling_deploy, kitten_cfg: cfg, cloud_id: cloud_id)
+      else
+        if !@@dummy_cache[type] or !@@dummy_cache[type][cfg.to_s]
+          newobj = resourceclass.new(mu_name: use_name, kitten_cfg: cfg, cloud_id: cloud_id, from_cloud_desc: desc)
+          @@desc_semaphore.synchronize {
+            @@dummy_cache[type] ||= {}
+            @@dummy_cache[type][cfg.to_s] = newobj
+          }
+        end
+        return @@dummy_cache[type][cfg.to_s]
+      end
+    end
+    private_class_method :generate_dummy_object
+
+    def self.search_cloud_provider(type, cloud, habitats, region, cloud_id: nil, tag_key: nil, tag_value: nil, credentials: nil, flags: nil)
+      cloudclass = MU::Cloud.cloudClass(cloud)
+      resourceclass = MU::Cloud.resourceClass(cloud, type)
+
+      # Decide what regions we'll search, if applicable for this resource
+      # type.
+      regions = if resourceclass.isGlobal?
+        [nil]
+      else
+        if region
+          if region.is_a?(Array) and !region.empty?
+            region
+          else
+            [region]
+          end
+        else
+          cloudclass.listRegions(credentials: credentials)
+        end
+      end
+
+      # Decide what habitats (accounts/projects/subscriptions) we'll
+      # search, if applicable for this resource type.
+      habitats ||= []
+      if habitats.empty?
+        if resourceclass.canLiveIn.include?(nil)
+          habitats << nil
+        end
+        if resourceclass.canLiveIn.include?(:Habitat)
+          habitats.concat(cloudclass.listHabitats(credentials, use_cache: false))
+        end
+      end
+      habitats << nil if habitats.empty?
+      habitats.uniq!
+
+      cloud_descs = {}
+
+      thread_waiter = Proc.new { |threads, threshold|
+        begin
+          threads.each { |t| t.join(0.1) }
+          threads.reject! { |t| t.nil? or !t.alive? or !t.status }
+          sleep 1 if threads.size > threshold
+        end while threads.size > threshold
+      }
+
+      habitat_threads = []
+      found_the_thing = false
+      habitats.each { |hab|
+        break if found_the_thing
+        thread_waiter.call(habitat_threads, 5)
+
+        habitat_threads << Thread.new(hab) { |habitat|
+          cloud_descs[habitat] = {}
+          region_threads = []
+          regions.each { |reg|
+            break if found_the_thing
+            region_threads << Thread.new(reg) { |r|
+              found = resourceclass.find(cloud_id: cloud_id, region: r, tag_key: tag_key, tag_value: tag_value, credentials: credentials, habitat: habitat, flags: flags)
+
+              if found
+                @@desc_semaphore.synchronize {
+                  cloud_descs[habitat][r] = found
+                }
+              end
+              # Stop if you found the thing by a specific cloud_id
+              if cloud_id and found and !found.empty?
+                found_the_thing = true
+              end
+            }
+          }
+          thread_waiter.call(region_threads, 0)
+        }
+      }
+      thread_waiter.call(habitat_threads, 0)
+
+      cloud_descs
+    end
+    private_class_method :search_cloud_provider
+
+    def self.search_my_deploys(type, deploy_id: nil, name: nil, mu_name: nil, cloud_id: nil, credentials: nil)
+      kittens = {}
+      _shortclass, _cfg_name, type, _classname, attrs = MU::Cloud.getResourceNames(type, true)
+
+      # Check our in-memory cache of live deploys before resorting to
+      # metadata
+      littercache = nil
+      # Sometimes we're called inside a locked thread, sometimes not. Deal
+      # with locking gracefully.
+      begin
+        @@litter_semaphore.synchronize {
+          littercache = @@litters.dup
+        }
+      rescue ThreadError => e
+        raise e if !e.message.match(/recursive locking/)
+        littercache = @@litters.dup
+      end
+
+      # First, see what we have in deploys that already happen to be loaded in
+      # memory.
+      littercache.each_pair { |cur_deploy, momma|
+        next if deploy_id and deploy_id != cur_deploy
+
+        @@deploy_struct_semaphore.synchronize {
+          @deploy_cache[deploy_id] = {
+            "mtime" => Time.now,
+            "data" => momma.deployment
+          }
+        }
+
+        straykitten = momma.findLitterMate(type: type, cloud_id: cloud_id, name: name, mu_name: mu_name, credentials: credentials, created_only: true)
+        if straykitten
+          MU.log "Found matching kitten #{straykitten.mu_name} in-memory - #{sprintf("%.2fs", (Time.now-start))}", MU::DEBUG
+          # Peace out if we found the exact resource we want
+          if cloud_id and straykitten.cloud_id.to_s == cloud_id.to_s
+            return { straykitten.cloud_id => straykitten }
+          elsif mu_name and straykitten.mu_name == mu_name
+            return { straykitten.cloud_id => straykitten }
+          else
+            kittens[straykitten.cloud_id] ||= straykitten
+          end
+        end
+      }
+
+      # Now go rifle metadata from any other deploys we have on disk, if they
+      # weren't already there in memory.
+      cacheDeployMetadata(deploy_id) # freshen up @@deploy_cache
+      mu_descs = {}
+      if deploy_id.nil?
+        @@deploy_cache.each_key { |deploy|
+          next if littercache[deploy]
+          next if !@@deploy_cache[deploy].has_key?('data')
+          next if !@@deploy_cache[deploy]['data'].has_key?(type)
+          if !name.nil?
+            next if @@deploy_cache[deploy]['data'][type][name].nil?
+            mu_descs[deploy] ||= []
+            mu_descs[deploy] << @@deploy_cache[deploy]['data'][type][name].dup
+          else
+            mu_descs[deploy] ||= []
+            mu_descs[deploy].concat(@@deploy_cache[deploy]['data'][type].values)
+          end
+        }
+      elsif !@@deploy_cache[deploy_id].nil?
+        if !@@deploy_cache[deploy_id]['data'].nil? and
+            !@@deploy_cache[deploy_id]['data'][type].nil?
+          if !name.nil? and !@@deploy_cache[deploy_id]['data'][type][name].nil?
+            mu_descs[deploy_id] ||= []
+            mu_descs[deploy_id] << @@deploy_cache[deploy_id]['data'][type][name].dup
+          else
+            mu_descs[deploy_id] = @@deploy_cache[deploy_id]['data'][type].values
+          end
+        end
+      end
+
+      mu_descs.each_pair { |deploy, matches|
+        next if matches.nil? or matches.size == 0
+        momma = MU::MommaCat.getLitter(deploy)
+
+        # If we found exactly one match in this deploy, use its metadata to
+        # guess at resource names we weren't told.
+        straykitten = if matches.size > 1 and cloud_id
+          momma.findLitterMate(type: type, cloud_id: cloud_id, credentials: credentials, created_only: true)
+        elsif matches.size == 1 and (!attrs[:has_multiples] or matches.first.size == 1) and name.nil? and mu_name.nil?
+          actual_data = attrs[:has_multiples] ? matches.first.values.first : matches.first
+          if cloud_id.nil?
+            momma.findLitterMate(type: type, name: (actual_data["name"] || actual_data["MU_NODE_CLASS"]), cloud_id: actual_data["cloud_id"], credentials: credentials)
+          else
+            momma.findLitterMate(type: type, name: (actual_data["name"] || actual_data["MU_NODE_CLASS"]), cloud_id: cloud_id, credentials: credentials)
+          end
+        else
+          # There's more than one of this type of resource in the target
+          # deploy, so see if findLitterMate can narrow it down for us
+          momma.findLitterMate(type: type, name: name, mu_name: mu_name, cloud_id: cloud_id, credentials: credentials)
+        end
+
+        next if straykitten.nil?
+        straykitten.intoDeploy(momma)
+
+        if straykitten.cloud_id.nil?
+          MU.log "findStray: kitten #{straykitten.mu_name} came back with nil cloud_id", MU::WARN
+          next
+        end
+        next if cloud_id and straykitten.cloud_id.to_s != cloud_id.to_s
+
+        # Peace out if we found the exact resource we want
+        if (cloud_id and straykitten.cloud_id.to_s == cloud_id.to_s) or
+           (mu_descs.size == 1 and matches.size == 1) or
+           (credentials and straykitten.credentials == credentials)
+# XXX strictly speaking this last check is only valid if findStray is searching
+# exactly one set of credentials
+
+          return { straykitten.cloud_id => straykitten }
+        end
+
+        kittens[straykitten.cloud_id] ||= straykitten
+      }
+
+      kittens
+    end
+    private_class_method :search_my_deploys
+
+  end #class
+end #module