cloud-mu 3.2.0 → 3.5.0

data/modules/mu/config/schema_helpers.rb

@@ -185,15 +185,24 @@ module MU
               "type" => "string",
               "enum" => MU::Cloud.resource_types.values.map { |v| v[:cfg_name] }
             },
-            "phase" => {
+            "my_phase" => {
+              "type" => "string",
+              "description" => "Which part of our creation process should be waiting?",
+              "enum" => ["create", "groom"]
+            },
+            "their_phase" => {
               "type" => "string",
               "description" => "Which part of the creation process of the resource we depend on should we wait for before starting our own creation? Defaults are usually sensible, but sometimes you want, say, a Server to wait on another Server to be completely ready (through its groom phase) before starting up.",
               "enum" => ["create", "groom"]
             },
+            "phase" => {
+              "type" => "string",
+              "description" => "Alias for {their_phase}",
+              "enum" => ["create", "groom"]
+            },
             "no_create_wait" => {
               "type" => "boolean",
-              "default" => false,
-              "description" => "By default, it's assumed that we want to wait on our parents' creation phase, in addition to whatever is declared in this stanza. Setting this flag will bypass waiting on our parent resource's creation, so that our create or groom phase can instead depend only on the parent's groom phase. "
+              "description" => "DEPRECATED- setting +true+ is the same as setting {my_phase} to +groom+; setting to +false+ is the same as setting {my_phase} to +create+. If both +no_create_wait+ and {my_phase} are specified, {my_phase} takes precedence."
             }
           }
         }

data/modules/mu/config/server.rb

@@ -386,8 +386,7 @@ module MU
           },
           "associate_public_ip" => {
               "type" => "boolean",
-              "default" => false,
-              "description" => "Associate public IP address?"
+              "description" => "Whether to associate a public IP address with this server. Default behavior is to align with resident VPC/subnet, which to say +true+ if the subnet is publicly routable, +false+ if not. For non-VPC instances (AWS Classic), we default to +true+."
           },
           "userdata_script" => userdata_primitive,
           "windows_admin_username" => {
@@ -546,7 +545,7 @@ module MU
           "additionalProperties" => false,
           "description" => "Create individual server instances.",
           "properties" => {
-              "dns_records" => MU::Config::DNSZone.records_primitive(need_target: false, default_type: "A", need_zone: true),
+              "dns_records" => MU::Config::DNSZone.records_primitive(need_target: false, default_type: "A", need_zone: true, embedded_type: "server"),
               "bastion" => {
                 "type" => "boolean",
                 "default" => false,
@@ -649,15 +648,22 @@ module MU
             server["vpc"]["subnet_pref"] = "public"
           end
 
+          if server["associate_public_ip"].nil?
+            server["associate_public_ip"] = server["vpc"]["subnet_pref"] == "public" ? true : false
+
+          end
+
           if !server["vpc"]["subnet_name"].nil? and configurator.nat_routes.has_key?(server["vpc"]["subnet_name"]) and !configurator.nat_routes[server["vpc"]["subnet_name"]].empty?
-            MU::Config.addDependency(server, configurator.nat_routes[server["vpc"]["subnet_name"]], "server", phase: "groom", no_create_wait: true)
+            MU::Config.addDependency(server, configurator.nat_routes[server["vpc"]["subnet_name"]], "server", their_phase: "groom", my_phase: "groom")
           elsif !server["vpc"]["name"].nil?
             siblingvpc = configurator.haveLitterMate?(server["vpc"]["name"], "vpcs")
             if siblingvpc and siblingvpc['bastion'] and
                server['name'] != siblingvpc['bastion']['name']
-              MU::Config.addDependency(server, siblingvpc['bastion']['name'], "server", phase: "groom", no_create_wait: true)
+              MU::Config.addDependency(server, siblingvpc['bastion']['name'], "server", their_phase: "groom", my_phase: "groom")
             end
           end
+        else
+          server["associate_public_ip"] ||= false
         end
 
         ok

data/modules/mu/config/server_pool.rb

@@ -186,7 +186,7 @@ module MU
 
         if !pool["vpc"].nil?
           if !pool["vpc"]["subnet_name"].nil? and configurator.nat_routes.has_key?(pool["vpc"]["subnet_name"])
-            MU::Config.addDependency(pool, configurator.nat_routes[pool["vpc"]["subnet_name"]], "server", phase: "groom", no_create_wait: true)
+            MU::Config.addDependency(pool, configurator.nat_routes[pool["vpc"]["subnet_name"]], "server", their_phase: "groom", my_phase: "groom")
           end
         end
 # TODO make sure this is handled... somewhere
@@ -199,7 +199,7 @@ module MU
 #          }
 #        end
         if pool["basis"] and pool["basis"]["server"]
-          MU::Config.addDependency(pool, pool["basis"]["server"], "server", phase: "groom")
+          MU::Config.addDependency(pool, pool["basis"]["server"], "server", their_phase: "groom")
         end
         if !pool['static_ip'].nil? and !pool['ip'].nil?
           ok = false

data/modules/mu/config/vpc.rb

@@ -417,6 +417,7 @@ module MU
         using_default_cidr = false
         if !vpc['ip_block']
           if configurator.updating and configurator.existing_deploy and
+             configurator.existing_deploy.original_config and
              configurator.existing_deploy.original_config['vpcs']
             configurator.existing_deploy.original_config['vpcs'].each { |v|
               if v['name'].to_s == vpc['name'].to_s
@@ -539,7 +540,7 @@ module MU
             end
           end
 
-          # Feeling that, generate a generic bastion/NAT host to do the job.
+          # Failing that, generate a generic bastion/NAT host to do the job.
           # Clouds that don't have some kind of native NAT gateway can also
           # leverage this host to honor "gateway" => "#NAT" situations.
           if !can_peer and !already_peered and have_public and vpc["create_bastion"]
@@ -562,13 +563,13 @@ module MU
               "name" => vpc["name"],
               "subnet_pref" => "public"
             }
-            MU::Config.addDependency(vpc, bastion['name'], "server", no_create_wait: true)
-            vpc["bastion"] = MU::Config::Ref.get(
-              name: bastion['name'],
-              cloud: vpc['cloud'],
-              credentials: vpc['credentials'],
-              type: "servers"
-            )
+#            MU::Config.addDependency(vpc, bastion['name'], "server", my_phase: "groom")
+#            vpc["bastion"] = MU::Config::Ref.get(
+#              name: bastion['name'],
+#              cloud: vpc['cloud'],
+#              credentials: vpc['credentials'],
+#              type: "servers"
+#            )
 
             ok = false if !configurator.insertKitten(bastion, "servers", true)
           end
@@ -614,11 +615,11 @@ module MU
                     append_me = { "vpc" => peer["vpc"].dup }
                     append_me['vpc']['name'] = sib['name']
                     append << append_me
-                    MU::Config.addDependency(vpc, sib['name'], "vpc", phase: "groom", no_create_wait: true)
+                    MU::Config.addDependency(vpc, sib['name'], "vpc", their_phase: "create", my_phase: "groom")
                   end
                   delete << peer
                 else
-                  MU::Config.addDependency(vpc, peer['vpc']['name'], "vpc", phase: "groom", no_create_wait: true)
+                  MU::Config.addDependency(vpc, peer['vpc']['name'], "vpc", their_phase: "create", my_phase: "groom")
                 end
                 delete << peer if sib['name'] == vpc['name']
               }

data/modules/mu/defaults/AWS.yaml

@@ -1,56 +1,56 @@
 ---
-rhel71: &4
-  us-east-1: ami-0f05fce24aa75ba9f
-  ap-northeast-1: ami-0c0ec19eb19055763
-  ap-northeast-2: ami-0717ac5c67c99f745
-  ap-south-1: ami-03454a4bef3ec6a9a
-  ap-southeast-1: ami-0f3aa03320c0f6524
-  ap-southeast-2: ami-0aa5e6888260cdb3c
-  ca-central-1: ami-03e72964d7646b689
-  eu-central-1: ami-02df259ca785eff54
-  eu-north-1: ami-05253c445bdf7777d
-  eu-west-1: ami-0c21c559f6d0f2401
-  eu-west-2: ami-057c8d4259087594f
-  eu-west-3: ami-05a428dc7a7f4ba46
-  sa-east-1: ami-0a1d1cf6a89a2db56
-  us-east-2: ami-02f6682c7816b3cfc
-  us-west-1: ami-04898e596c06e802b
-  us-west-2: ami-02db5457189a8a8c2
-centos6: &3
-  us-east-1: ami-0ccdc671f12147a1d
-  us-east-2: ami-00d0e8bc2f05ab949
-  ap-northeast-1: ami-0726801ceef87f5f8
-  ap-northeast-2: ami-05fa4afc4a0493b0a
-  ap-south-1: ami-0d6e4f3b6592b3139
-  ap-southeast-1: ami-0c988e3dc80b14653
-  ap-southeast-2: ami-02ac856fd094675ef
-  ca-central-1: ami-0ce7e343953af2292
-  eu-central-1: ami-0ce8317423cea27b8
-  eu-north-1: ami-0a923b493d5fc9743
-  eu-west-1: ami-06e0f02328921c865
-  eu-west-2: ami-07ae118c8814df140
-  eu-west-3: ami-03c1017cd1ccc6e9d
-  sa-east-1: ami-05212ae133b9c3ba1
-  us-west-1: ami-0b05ec54412b9f8b0
-  us-west-2: ami-0447e036b102b2ca0
+rhel71: &5
+  us-east-1: ami-0c834836b3bd45e2f
+  ap-northeast-1: ami-036bb589253fe929e
+  ap-northeast-2: ami-0e39b4957dbc7e14d
+  ap-south-1: ami-0cd0554d9a05dddc9
+  ap-southeast-1: ami-0bae2684e9ed09b8b
+  ap-southeast-2: ami-0711ccf93abe3989b
+  ca-central-1: ami-0d75d90f73e417c25
+  eu-central-1: ami-0cae3cb53b9bbd783
+  eu-north-1: ami-0cd30fe8547a809f7
+  eu-west-1: ami-01441cca97c35eb0e
+  eu-west-2: ami-051aaf1b532b3e6bc
+  eu-west-3: ami-09a7af6793a3e8d09
+  sa-east-1: ami-0c4064cfe711311d5
+  us-east-2: ami-0124fd8917f59f8ce
+  us-west-1: ami-00457c55541605cb4
+  us-west-2: ami-02211d4e254a9e10f
+centos6: &4
+  us-east-1: ami-0ac9258984ed4bb4a
+  us-east-2: ami-09888b2b4484f774a
+  us-west-1: ami-04e7e499cdb873bfa
+  us-west-2: ami-0fcd16e6cf3c4b100
+  ap-northeast-1: ami-098052d1926fd4297
+  ap-northeast-2: ami-0319e58869a7b5bf2
+  ap-south-1: ami-0d19f7ad27c77cbf6
+  ap-southeast-1: ami-04b6b2013a296075c
+  ap-southeast-2: ami-07f02efb410df7e1d
+  ca-central-1: ami-0e7cc87df5666a78c
+  eu-central-1: ami-0cc33b333c7b7acd6
+  eu-north-1: ami-0bc09b1d6b4f351ea
+  eu-west-1: ami-08a7f444dba463099
+  eu-west-2: ami-0e84e5ba9694be11b
+  eu-west-3: ami-08e28291804571999
+  sa-east-1: ami-0b447e11308862517
 centos7:
-  us-east-1: ami-067256ca1497c924d
-  ap-northeast-1: ami-07c1e51354fdfd362
-  ap-northeast-2: ami-042b761c93d6df2f1
-  ap-south-1: ami-02e879f52322e7c98
-  ap-southeast-1: ami-0487e9f84d0ffde89
-  ap-southeast-2: ami-0e854dab39fd6a427
-  ca-central-1: ami-05a27d311b585a70b
-  eu-central-1: ami-0e396d00c787b4f47
-  eu-north-1: ami-087763a2ba60b2bfe
-  eu-west-1: ami-04e3bd9335a14e635
-  eu-west-2: ami-0efd34a8d1fc2b104
-  eu-west-3: ami-08d0bcbc780448cf8
-  sa-east-1: ami-0284f4a0968263cf0
-  us-east-2: ami-0292786917d1e3015
-  us-west-1: ami-0ba622529dcdff2bb
-  us-west-2: ami-079a309ca6261d7f6
-ubuntu16: &2
+  us-east-1: ami-08d24209f345a21ab
+  ap-northeast-1: ami-001cfcb3548768288
+  ap-northeast-2: ami-0a2f6ec79ed710bf7
+  ap-south-1: ami-05e0c30fc8b2a21a2
+  ap-southeast-1: ami-0b28f5573dd4aa62a
+  ap-southeast-2: ami-026419375863852b7
+  ca-central-1: ami-01e799689fa5c1f31
+  eu-central-1: ami-0ded33da6c28082d8
+  eu-north-1: ami-02c7692e69b06afc5
+  eu-west-1: ami-086619450a959a101
+  eu-west-2: ami-05db24096d56207f6
+  eu-west-3: ami-03ea610526da7c2f3
+  sa-east-1: ami-0029cb6ee83a799ca
+  us-east-2: ami-065847253b2d4acab
+  us-west-1: ami-0ea3494c08412920e
+  us-west-2: ami-055ce4c70b0ceabcb
+ubuntu16: &3
   us-east-1: ami-bcdc16c6
   us-west-1: ami-1b17257b
   us-west-2: ami-19e92861
@@ -73,56 +73,56 @@ ubuntu14:
   ap-southeast-1: ami-2855964b
   ap-southeast-2: ami-d19fc4b2
 win2k12r2: &1
-  us-east-1: ami-003aea65bc2e7136a
-  us-east-2: ami-0163293e39ba504c2
-  ca-central-1: ami-055689dd92f29d2aa
-  us-west-2: ami-0ce87dda2c9244e57
-  us-west-1: ami-00d9cf64bd2fafa44
-  eu-west-1: ami-026d7427b9fadad40
-  eu-west-2: ami-036a22c0780551794
-  eu-west-3: ami-05e3d9b79bdc10861
-  eu-north-1: ami-063eb48504c7d73f1
-  sa-east-1: ami-0a8c1829a5e650bc5
-  eu-central-1: ami-0ea20cef52335b008
-  ap-northeast-1: ami-08db2dc67228dbb90
-  ap-south-1: ami-012241411db3f09c3
-  ap-northeast-2: ami-0368c224de1d20502
-  ap-southeast-1: ami-028ef74e1edc3943a
-  ap-southeast-2: ami-09e03eab1b1bc151b
-win2k16: &5
-  us-east-1: ami-02801a2c8dcbfb883
-  us-east-2: ami-0ca4f779a2a58a7ea
-  ca-central-1: ami-05d3854d9d6e9bcc5
-  us-west-2: ami-091f4a88ce32d28b6
-  eu-west-1: ami-0b938c9b23ed7d18c
-  us-west-1: ami-0fd744c3fbe8260f2
-  eu-west-2: ami-071a89b959c5eda27
-  eu-west-3: ami-0b206e3dbda9ff9eb
-  eu-central-1: ami-0dd9bdad31dd0d3ce
-  sa-east-1: ami-0d69b8d6c0f9a7bae
-  ap-northeast-1: ami-02eb4a6f519bc3190
-  ap-south-1: ami-0666fd543ac8b5501
-  ap-northeast-2: ami-01277c81f9b91cf77
-  ap-southeast-2: ami-0426a246f9b0ccadd
-  ap-southeast-1: ami-07ecb0d55c2eb7247
-  eu-north-1: ami-047811530583b6d08
+  us-east-1: ami-0d28b9a40ed446e35
+  us-east-2: ami-010d247b7ee850d55
+  ca-central-1: ami-0c223858875f62d11
+  us-west-2: ami-01d188c5c06078fee
+  us-west-1: ami-0dbcc051c49ec24ec
+  eu-west-1: ami-080c7b4d6e32bf9f3
+  eu-west-2: ami-01b1edb5894a54bcc
+  eu-west-3: ami-09445cdc7a2acb1c0
+  eu-north-1: ami-0093cc63496e435df
+  sa-east-1: ami-04d015c8b371ba7b3
+  eu-central-1: ami-04d6144bcbb029141
+  ap-northeast-1: ami-07fad72f121aa157c
+  ap-south-1: ami-0b3241fd09b1ce87f
+  ap-northeast-2: ami-0ba7cd822e36dc0df
+  ap-southeast-1: ami-0648522a4cb50953c
+  ap-southeast-2: ami-0fc0bd73cd61a970f
+win2k16: &2
+  us-east-1: ami-018151f8c8339a093
+  us-east-2: ami-09e045936c7d9ecd5
+  ca-central-1: ami-0a16abf0f1c35667a
+  us-west-2: ami-00d4216f80a82894d
+  eu-west-1: ami-07afc1525928ccad7
+  us-west-1: ami-0d2f7d4198b79a625
+  eu-west-2: ami-04eb62f17efc84a37
+  eu-west-3: ami-0b4affcd5848cf50c
+  eu-central-1: ami-0a92ae047ebc7a3da
+  sa-east-1: ami-0cc9a87c95fb37832
+  ap-northeast-1: ami-014c730050acef11d
+  ap-south-1: ami-0c3c8739263aa4844
+  ap-northeast-2: ami-0018a05eb15503b5e
+  ap-southeast-2: ami-0b50bfbb507285a89
+  ap-southeast-1: ami-073c677bcf225774a
+  eu-north-1: ami-09bb6d618593f2e7f
 win2k19:
-  us-east-1: ami-00820419bf212df7e
-  us-east-2: ami-0a7916b90aa4629d5
-  ca-central-1: ami-0d704529661e19185
-  us-west-2: ami-0ee6a198d7ac35eb1
-  eu-west-2: ami-0f6ac1634bd7add92
-  us-west-1: ami-039e3816b4cac1e27
-  eu-west-1: ami-03a771d99091199b7
-  eu-central-1: ami-03b648d5b45f51a4f
-  eu-west-3: ami-068839907c18c3a6e
-  eu-north-1: ami-0db851ee76f7deefb
-  sa-east-1: ami-0c2cc60c62159f87c
-  ap-northeast-2: ami-06bdf8ae9ae9add92
-  ap-northeast-1: ami-02306d959c7f175b9
-  ap-southeast-1: ami-0d5b4a3d73e0f471f
-  ap-southeast-2: ami-00fa88caff4f64937
-  ap-south-1: ami-0b44feae4bb9f497a
+  us-east-1: ami-09c18c34c341f2b6a
+  us-east-2: ami-030371d5ee8881350
+  ca-central-1: ami-018e5bf45c30fa58f
+  us-west-2: ami-07d1e5c4f906877e1
+  eu-west-2: ami-0b9d95fef44aa7c11
+  us-west-1: ami-0e7e082d6fa1769f3
+  eu-west-1: ami-05573fafa080144b6
+  eu-central-1: ami-0122b027c265988ea
+  eu-west-3: ami-0ba7c0a3dc4148b6a
+  eu-north-1: ami-03d8c3307f72f9847
+  sa-east-1: ami-0d0f66c3e0dfc09ee
+  ap-northeast-2: ami-07eff56de9293ab16
+  ap-northeast-1: ami-020fb790a3bed4cda
+  ap-southeast-1: ami-0b5d036d6d711a4c8
+  ap-southeast-2: ami-0fff96935fef7bf60
+  ap-south-1: ami-030ec249497f66a33
 amazon:
   us-east-1: ami-b73b63a0
   us-east-2: ami-58277d3d
@@ -137,9 +137,9 @@ amazon:
   ap-southeast-1: ami-b953f2da
   ap-southeast-2: ami-db704cb8
 win2k12: *1
-windows: *5
-ubuntu: *2
-centos: *3
-rhel7: *4
-rhel: *4
-linux: *3
+windows: *2
+ubuntu: *3
+centos: *4
+rhel7: *5
+rhel: *5
+linux: *4

data/modules/mu/deploy.rb

@@ -269,6 +269,7 @@ module MU
           cloudclass = MU::Cloud.cloudClass(cloud)
           cloudclass.initDeploy(@mommacat)
         }
+        @mommacat.writeDeploySecret
 
         # Kick off threads to create each of our new servers.
         @my_threads << Thread.new {
@@ -312,6 +313,17 @@ module MU
 
         @mommacat.save!
 
+        # XXX Functions have a special behavior where we re-invoke their groom
+        # methods one more time at the end, so we can guarantee their
+        # environments are fully populated with all sibling resource idents
+        # regardless of dependency order. This is, obviously, a disgusting
+        # hack, and we should revisit our dependency language in the next big
+        # release.
+        if !@main_config["functions"].nil? and
+            @main_config["functions"].size > 0
+          createResources(@main_config["functions"], "groom")
+        end
+
       rescue StandardError => e
         MU.log e.class.name, MU::ERR, details: caller
 
@@ -426,10 +438,10 @@ module MU
           MU.log "Failed to generate AWS cost-calculation URL. Skipping.", MU::WARN, details: "Deployment uses a feature not available in CloudFormation layer.", verbosity: MU::Logger::NORMAL
         ensure
           MU.setLogging(@verbosity)
-          MU.log "Deployment #{MU.deploy_id} \"#{MU.handle}\" complete", details: deployment, verbosity: @verbosity
+          MU.log "Deployment #{MU.deploy_id} \"#{MU.handle}\" #{@updating ? "updated" : "complete"}", details: deployment, verbosity: @verbosity
         end
       else
-        MU.log "Deployment #{MU.deploy_id} \"#{MU.handle}\" complete", details: deployment, verbosity: @verbosity
+        MU.log "Deployment #{MU.deploy_id} \"#{MU.handle}\" #{@updating ? "updated" : "complete"}", details: deployment, verbosity: @verbosity
       end
 
 
@@ -439,7 +451,7 @@ module MU
         }
       end
 
-      @mommacat.sendAdminSlack("Deploy completed succesfully", msg: MU.summary.join("\n"))
+      @mommacat.sendAdminSlack("Deploy #{MU.deploy_id} \"#{MU.handle}\" #{@updating ? "updated" : "complete"}", msg: MU.summary.join("\n"))
     end
 
     private
@@ -524,8 +536,9 @@ MESSAGE_END
     #########################################################################
     def addDependentThread(parent, child)
       @dependency_semaphore.synchronize {
-        @dependency_threads[child] = Array.new if !@dependency_threads[child]
+        @dependency_threads[child] ||= []
         @dependency_threads[child] << parent
+        @dependency_threads[child].uniq!
         MU.log "Thread #{child} will wait on #{parent}", MU::DEBUG, details: @dependency_threads[child]
       }
     end
@@ -556,6 +569,7 @@ MESSAGE_END
 
         MU.log "Setting dependencies for #{name}", MU::DEBUG, details: resource["dependencies"]
         if !resource["dependencies"].nil? then
+
           resource["dependencies"].each { |dependency|
             parent_class = MU::Cloud.loadBaseType(dependency['type'])
 
@@ -565,31 +579,41 @@ MESSAGE_END
             parent = parent_type+"_"+dependency["name"]+"_create"
             addDependentThread(parent, "#{name}_groom")
 
+            # if we've explicitly declared each end of the dependency, roll
+            # with that and don't meddle further
+            if dependency["my_phase"] and dependency["their_phase"]
+              parent = parent_type+"_"+dependency["name"]+"_"+dependency["their_phase"]
+              addDependentThread(parent, name+"_"+dependency["my_phase"])
+              next
+            end
+
             # should our creation thread also wait on our parent's create?
-            if !dependency["no_create_wait"] and
+            if dependency["my_phase"] == "create" and
                (resource["#MU_CLOUDCLASS"].waits_on_parent_completion or
-               dependency['phase'] == "create" or
-               parent_class.deps_wait_on_my_creation)
+                parent_class.deps_wait_on_my_creation
+               )
               addDependentThread(parent, "#{name}_create")
             end
 
 
             # how about our groom thread waiting on our parents' grooms?
-            if (dependency['phase'] == "groom" or resource["#MU_CLOUDCLASS"].waits_on_parent_completion) and parent_class.instance_methods(false).include?(:groom)
+            if (dependency['their_phase'] == "groom" or resource["#MU_CLOUDCLASS"].waits_on_parent_completion) and parent_class.instance_methods(false).include?(:groom)
               parent = parent_type+"_"+dependency["name"]+"_groom"
               addDependentThread(parent, "#{name}_groom")
-              if !dependency["no_create_wait"] and (
+              if dependency["my_phase"] == "groom" and 
+                 (dependency['their_phase'] == "create" or
+                  (!dependency['their_phase'] and
                    parent_class.deps_wait_on_my_creation or
-                   resource["#MU_CLOUDCLASS"].waits_on_parent_completion or
-                   dependency['phase'] == "groom"
+                   resource["#MU_CLOUDCLASS"].waits_on_parent_completion)
                  )
                 addDependentThread(parent, "#{name}_create")
               end
             end
           }
         end
-        MU.log "Thread dependencies #{res_type}[#{name}]", MU::DEBUG, details: { "create" => @dependency_threads["#{name}_create"], "groom" => @dependency_threads["#{name}_groom"] }
-        @dependency_threads["#{name}_groom"]=["#{name}_create", "mu_groom_container"]
+        @dependency_threads["#{name}_groom"].concat(["#{name}_create", "mu_groom_container"])
+        @dependency_threads["#{name}_groom"].uniq!
+        MU.log "Thread dependencies #{res_type}[#{name}]", MU::DEBUG, details: { "create" => @dependency_threads["#{name}_create"], "groom" => @dependency_threads["#{name}_groom"] } if res_type == "role" and resource['name'] == "dynamostream-to-es"
       }
     end
 
@@ -623,7 +647,7 @@ MESSAGE_END
             begin
               if myservice['#MUOBJECT'].nil?
                 if @mommacat
-                  ext_obj = @mommacat.findLitterMate(type: myservice["#MU_CLOUDCLASS"].cfg_plural, name: myservice['name'], credentials: myservice['credentials'], created_only: true, return_all: false)
+                  ext_obj = @mommacat.findLitterMate(type: myservice["#MU_CLOUDCLASS"].cfg_plural, name: myservice['name'], credentials: myservice['credentials'], created_only: true, return_all: false, ignore_missing: !@updating)
                   if @updating and ext_obj
                     ext_obj.config!(myservice)
                   end
@@ -733,7 +757,9 @@ MESSAGE_END
           sleep 10+Random.rand(20)
           retry
         end
+
       end
+
     end
 
   end #class