RubyGems - cloud-mu - Versions diffs - 3.2.0 → 3.5.0 - Mend

cloud-mu 3.2.0 → 3.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (156) hide show

checksums.yaml +4 -4
data/Dockerfile +1 -1
data/ansible/roles/mu-nat/tasks/main.yml +3 -0
data/bin/mu-adopt +12 -1
data/bin/mu-aws-setup +41 -7
data/bin/mu-azure-setup +34 -0
data/bin/mu-configure +214 -119
data/bin/mu-gcp-setup +37 -2
data/bin/mu-load-config.rb +2 -1
data/bin/mu-node-manage +3 -0
data/bin/mu-refresh-ssl +67 -0
data/bin/mu-run-tests +28 -6
data/bin/mu-self-update +30 -10
data/bin/mu-upload-chef-artifacts +30 -26
data/cloud-mu.gemspec +10 -8
data/cookbooks/mu-master/attributes/default.rb +5 -1
data/cookbooks/mu-master/metadata.rb +2 -2
data/cookbooks/mu-master/recipes/default.rb +81 -26
data/cookbooks/mu-master/recipes/init.rb +197 -62
data/cookbooks/mu-master/recipes/update_nagios_only.rb +1 -1
data/cookbooks/mu-master/recipes/vault.rb +78 -77
data/cookbooks/mu-master/templates/default/mods/rewrite.conf.erb +1 -0
data/cookbooks/mu-master/templates/default/nagios.conf.erb +103 -0
data/cookbooks/mu-master/templates/default/web_app.conf.erb +14 -30
data/cookbooks/mu-tools/attributes/default.rb +12 -0
data/cookbooks/mu-tools/files/centos-6/CentOS-Base.repo +47 -0
data/cookbooks/mu-tools/libraries/helper.rb +98 -4
data/cookbooks/mu-tools/libraries/monkey.rb +1 -1
data/cookbooks/mu-tools/recipes/apply_security.rb +31 -9
data/cookbooks/mu-tools/recipes/aws_api.rb +8 -2
data/cookbooks/mu-tools/recipes/base_repositories.rb +1 -1
data/cookbooks/mu-tools/recipes/gcloud.rb +2 -9
data/cookbooks/mu-tools/recipes/google_api.rb +7 -0
data/cookbooks/mu-tools/recipes/rsyslog.rb +8 -1
data/cookbooks/mu-tools/resources/disk.rb +113 -42
data/cookbooks/mu-tools/resources/mommacat_request.rb +1 -2
data/cookbooks/mu-tools/templates/centos-8/sshd_config.erb +215 -0
data/extras/Gemfile.lock.bootstrap +394 -0
data/extras/bucketstubs/error.html +0 -0
data/extras/bucketstubs/index.html +0 -0
data/extras/clean-stock-amis +11 -3
data/extras/generate-stock-images +6 -3
data/extras/git_rpm/build.sh +20 -0
data/extras/git_rpm/mugit.spec +53 -0
data/extras/image-generators/AWS/centos7.yaml +19 -16
data/extras/image-generators/AWS/{rhel7.yaml → rhel71.yaml} +0 -0
data/extras/image-generators/AWS/{win2k12.yaml → win2k12r2.yaml} +0 -0
data/extras/image-generators/VMWare/centos8.yaml +15 -0
data/extras/openssl_rpm/build.sh +19 -0
data/extras/openssl_rpm/mussl.spec +46 -0
data/extras/python_rpm/muthon.spec +14 -4
data/extras/ruby_rpm/muby.spec +9 -5
data/extras/sqlite_rpm/build.sh +19 -0
data/extras/sqlite_rpm/muqlite.spec +47 -0
data/install/installer +7 -5
data/modules/mommacat.ru +2 -2
data/modules/mu.rb +14 -7
data/modules/mu/adoption.rb +5 -5
data/modules/mu/cleanup.rb +47 -25
data/modules/mu/cloud.rb +29 -1
data/modules/mu/cloud/dnszone.rb +0 -2
data/modules/mu/cloud/machine_images.rb +1 -1
data/modules/mu/cloud/providers.rb +6 -1
data/modules/mu/cloud/resource_base.rb +16 -7
data/modules/mu/cloud/ssh_sessions.rb +5 -1
data/modules/mu/cloud/wrappers.rb +20 -7
data/modules/mu/config.rb +28 -12
data/modules/mu/config/bucket.rb +31 -2
data/modules/mu/config/cache_cluster.rb +1 -1
data/modules/mu/config/cdn.rb +100 -0
data/modules/mu/config/container_cluster.rb +1 -1
data/modules/mu/config/database.rb +3 -3
data/modules/mu/config/dnszone.rb +4 -3
data/modules/mu/config/endpoint.rb +1 -0
data/modules/mu/config/firewall_rule.rb +1 -1
data/modules/mu/config/function.rb +16 -7
data/modules/mu/config/job.rb +89 -0
data/modules/mu/config/notifier.rb +7 -18
data/modules/mu/config/ref.rb +55 -9
data/modules/mu/config/schema_helpers.rb +12 -3
data/modules/mu/config/server.rb +11 -5
data/modules/mu/config/server_pool.rb +2 -2
data/modules/mu/config/vpc.rb +11 -10
data/modules/mu/defaults/AWS.yaml +106 -106
data/modules/mu/deploy.rb +40 -14
data/modules/mu/groomers/chef.rb +2 -2
data/modules/mu/master.rb +70 -3
data/modules/mu/mommacat.rb +28 -9
data/modules/mu/mommacat/daemon.rb +13 -7
data/modules/mu/mommacat/naming.rb +2 -2
data/modules/mu/mommacat/search.rb +16 -5
data/modules/mu/mommacat/storage.rb +67 -32
data/modules/mu/providers/aws.rb +298 -85
data/modules/mu/providers/aws/alarm.rb +5 -5
data/modules/mu/providers/aws/bucket.rb +284 -50
data/modules/mu/providers/aws/cache_cluster.rb +26 -26
data/modules/mu/providers/aws/cdn.rb +782 -0
data/modules/mu/providers/aws/collection.rb +16 -16
data/modules/mu/providers/aws/container_cluster.rb +84 -64
data/modules/mu/providers/aws/database.rb +59 -55
data/modules/mu/providers/aws/dnszone.rb +29 -12
data/modules/mu/providers/aws/endpoint.rb +535 -50
data/modules/mu/providers/aws/firewall_rule.rb +32 -26
data/modules/mu/providers/aws/folder.rb +1 -1
data/modules/mu/providers/aws/function.rb +300 -134
data/modules/mu/providers/aws/group.rb +16 -14
data/modules/mu/providers/aws/habitat.rb +4 -4
data/modules/mu/providers/aws/job.rb +469 -0
data/modules/mu/providers/aws/loadbalancer.rb +67 -45
data/modules/mu/providers/aws/log.rb +17 -17
data/modules/mu/providers/aws/msg_queue.rb +22 -13
data/modules/mu/providers/aws/nosqldb.rb +99 -8
data/modules/mu/providers/aws/notifier.rb +137 -65
data/modules/mu/providers/aws/role.rb +119 -83
data/modules/mu/providers/aws/search_domain.rb +166 -30
data/modules/mu/providers/aws/server.rb +209 -118
data/modules/mu/providers/aws/server_pool.rb +95 -130
data/modules/mu/providers/aws/storage_pool.rb +19 -11
data/modules/mu/providers/aws/user.rb +5 -5
data/modules/mu/providers/aws/userdata/linux.erb +5 -4
data/modules/mu/providers/aws/vpc.rb +109 -54
data/modules/mu/providers/aws/vpc_subnet.rb +43 -39
data/modules/mu/providers/azure.rb +78 -12
data/modules/mu/providers/azure/server.rb +20 -4
data/modules/mu/providers/cloudformation/server.rb +1 -1
data/modules/mu/providers/google.rb +21 -5
data/modules/mu/providers/google/bucket.rb +1 -1
data/modules/mu/providers/google/container_cluster.rb +1 -1
data/modules/mu/providers/google/database.rb +1 -1
data/modules/mu/providers/google/firewall_rule.rb +1 -1
data/modules/mu/providers/google/folder.rb +7 -3
data/modules/mu/providers/google/function.rb +66 -31
data/modules/mu/providers/google/group.rb +1 -1
data/modules/mu/providers/google/habitat.rb +1 -1
data/modules/mu/providers/google/loadbalancer.rb +1 -1
data/modules/mu/providers/google/role.rb +6 -3
data/modules/mu/providers/google/server.rb +1 -1
data/modules/mu/providers/google/server_pool.rb +1 -1
data/modules/mu/providers/google/user.rb +1 -1
data/modules/mu/providers/google/vpc.rb +28 -3
data/modules/tests/aws-jobs-functions.yaml +46 -0
data/modules/tests/aws-servers-with-handrolled-iam.yaml +37 -0
data/modules/tests/centos6.yaml +4 -0
data/modules/tests/centos7.yaml +4 -0
data/modules/tests/ecs.yaml +2 -2
data/modules/tests/eks.yaml +1 -1
data/modules/tests/functions/node-function/lambda_function.js +10 -0
data/modules/tests/functions/python-function/lambda_function.py +12 -0
data/modules/tests/k8s.yaml +1 -1
data/modules/tests/microservice_app.yaml +288 -0
data/modules/tests/rds.yaml +5 -5
data/modules/tests/regrooms/rds.yaml +5 -5
data/modules/tests/server-with-scrub-muisms.yaml +1 -1
data/modules/tests/super_complex_bok.yml +2 -2
data/modules/tests/super_simple_bok.yml +2 -2
metadata +42 -17

data/modules/mu/providers/aws/server_pool.rb CHANGED Viewed

@@ -27,7 +27,7 @@ module MU
         # Called automatically by {MU::Deploy#createResources}
         def create
-          MU.setVar("curRegion", @config['region']) if !@config['region'].nil?
+          MU.setVar("curRegion", @region) if !@region.nil?
           createUpdateLaunchConfig
@@ -37,7 +37,7 @@ module MU
           zones_to_try = @config["zones"]
           begin
-            asg = MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).create_auto_scaling_group(asg_options)
+            asg = MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).create_auto_scaling_group(asg_options)
           rescue Aws::AutoScaling::Errors::ValidationError => e
             if zones_to_try != nil and zones_to_try.size > 0
               MU.log "#{e.message}, retrying with individual AZs", MU::WARN
@@ -52,7 +52,7 @@ module MU
           if zones_to_try != nil and zones_to_try.size < @config["zones"].size
             zones_to_try.each { |zone|
               begin
-                MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).update_auto_scaling_group(
+                MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).update_auto_scaling_group(
                     auto_scaling_group_name: @mu_name,
                     availability_zones: [zone]
                 )
@@ -70,11 +70,11 @@ module MU
           attempts = 0
           begin
             sleep 5
-            desc = MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).describe_auto_scaling_groups(auto_scaling_group_names: [@mu_name]).auto_scaling_groups.first
+            desc = MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).describe_auto_scaling_groups(auto_scaling_group_names: [@mu_name]).auto_scaling_groups.first
             MU.log "Looking for #{desc.min_size} instances in #{@mu_name}, found #{desc.instances.size}", MU::DEBUG
             attempts = attempts + 1
             if attempts > 25 and desc.instances.size == 0
-              MU.log "No instances spun up after #{5*attempts} seconds, something's wrong with Autoscale group #{@mu_name}", MU::ERR, details: MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).describe_scaling_activities(auto_scaling_group_name: @mu_name).activities
+              MU.log "No instances spun up after #{5*attempts} seconds, something's wrong with Autoscale group #{@mu_name}", MU::ERR, details: MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).describe_scaling_activities(auto_scaling_group_name: @mu_name).activities
               raise MuError, "No instances spun up after #{5*attempts} seconds, something's wrong with Autoscale group #{@mu_name}"
             end
           end while desc.instances.size < desc.min_size
@@ -131,7 +131,7 @@ module MU
               t.join
             }
             MU.log "Setting min_size to #{@config['min_size']} and max_size to #{@config['max_size']}"
-            MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).update_auto_scaling_group(
+            MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).update_auto_scaling_group(
               auto_scaling_group_name: @mu_name,
               min_size: @config['min_size'],
               max_size: @config['max_size']
@@ -151,7 +151,7 @@ module MU
         def setScaleInProtection(need_instances = @config['min_size'])
           live_instances = []
           begin
-            desc = MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).describe_auto_scaling_groups(auto_scaling_group_names: [@mu_name]).auto_scaling_groups.first
+            desc = MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).describe_auto_scaling_groups(auto_scaling_group_names: [@mu_name]).auto_scaling_groups.first
             live_instances = desc.instances.map { |i| i.instance_id }
             already_set = 0
@@ -163,7 +163,7 @@ module MU
             elsif already_set > need_instances
               unset_me = live_instances.sample(already_set - need_instances)
               MU.log "Disabling scale-in protection for #{unset_me.size.to_s} instances in #{@mu_name}", MU::NOTICE, details: unset_me
-              MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).set_instance_protection(
+              MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).set_instance_protection(
                 auto_scaling_group_name: @mu_name,
                 instance_ids: unset_me,
                 protected_from_scale_in: false
@@ -172,7 +172,7 @@ module MU
               live_instances = live_instances.sample(need_instances)
               MU.log "Enabling scale-in protection for #{@config['scale_in_protection']} instances in #{@mu_name}", details: live_instances
               begin
-                MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).set_instance_protection(
+                MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).set_instance_protection(
                   auto_scaling_group_name: @mu_name,
                   instance_ids: live_instances,
                   protected_from_scale_in: true
@@ -193,10 +193,10 @@ module MU
         # @return [Array<MU::Cloud::Server>]
         def listNodes
           nodes = []
-          me = MU::Cloud::AWS::ServerPool.find(cloud_id: cloud_id)
-          if me and me.first and me.first.instances
-            me.first.instances.each { |instance|
-              found = MU::MommaCat.findStray("AWS", "server", cloud_id: instance.instance_id, region: @config["region"], dummy_ok: true)
+          me = MU::Cloud::AWS::ServerPool.find(cloud_id: cloud_id).values.first
+          if me and me.instances
+            me.instances.each { |instance|
+              found = MU::MommaCat.findStray("AWS", "server", cloud_id: instance.instance_id, region: @region, dummy_ok: true)
               nodes.concat(found)
             }
           end
@@ -210,7 +210,7 @@ module MU
             arn = if @config['notifications']['topic'].match(/^arn:/)
               @config['notifications']['topic']
             else
-              "arn:#{MU::Cloud::AWS.isGovCloud?(@config['region']) ? "aws-us-gov" : "aws"}:sns:#{@config['region']}:#{MU::Cloud::AWS.credToAcct(@config['credentials'])}:#{@config['notifications']['topic']}"
+              "arn:#{MU::Cloud::AWS.isGovCloud?(@region) ? "aws-us-gov" : "aws"}:sns:#{@region}:#{MU::Cloud::AWS.credToAcct(@credentials)}:#{@config['notifications']['topic']}"
             end
             eventmap = {
               "launch" => "autoscaling:EC2_INSTANCE_LAUNCH",
@@ -219,7 +219,7 @@ module MU
               "failed_terminate" => "autoscaling:EC2_INSTANCE_TERMINATE_ERROR"
             }
             MU.log "Sending simple notifications (#{@config['notifications']['events'].join(", ")}) to #{arn}"
-            MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).put_notification_configuration(
+            MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).put_notification_configuration(
               auto_scaling_group_name: @mu_name,
               topic_arn: arn,
               notification_types: @config['notifications']['events'].map { |e|
@@ -229,7 +229,7 @@ module MU
           end
           if @config['schedule']
-            ext_actions = MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).describe_scheduled_actions(
+            ext_actions = MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).describe_scheduled_actions(
               auto_scaling_group_name: @mu_name
             ).scheduled_update_group_actions
@@ -250,7 +250,7 @@ module MU
                 if s['action_name'] == ext.scheduled_action_name
                   if !MU.hashCmp(MU.structToHash(ext), sched_config, missing_is_default: true)
                     MU.log "Removing scheduled action #{s['action_name']} from AutoScale group #{@mu_name}"
-                    MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).delete_scheduled_action(
+                    MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).delete_scheduled_action(
                       auto_scaling_group_name: @mu_name,
                       scheduled_action_name: s['action_name']
                     )
@@ -262,7 +262,7 @@ module MU
               }
               if !action_already_correct
                 MU.log "Adding scheduled action to AutoScale group #{@mu_name}", MU::NOTICE, details: sched_config
-                MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).put_scheduled_update_group_action(
+                MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).put_scheduled_update_group_action(
                   sched_config
                 )
               end
@@ -290,30 +290,29 @@ module MU
           if need_tag_update
             MU.log "Updating ServerPool #{@mu_name} with new tags", MU::NOTICE, details: tag_conf[:tags]
-            MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).create_or_update_tags(tag_conf)
+            MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).create_or_update_tags(tag_conf)
             current.instances.each { |instance|
               tag_conf[:tags].each { |t|
-                MU::Cloud::AWS.createTag(instance.instance_id, t[:key], t[:value], region: @config['region'], credentials: @config['credentials'])
+                MU::Cloud::AWS.createTag(instance.instance_id, t[:key], t[:value], region: @region, credentials: @credentials)
               }
             }
           end
 # XXX actually compare for changes instead of just blindly updating
-#pp current
-#pp asg_options
           asg_options.delete(:tags)
           asg_options[:min_size] = @config["min_size"]
           asg_options[:max_size] = @config["max_size"]
           asg_options[:new_instances_protected_from_scale_in] = (@config['scale_in_protection'] == "all")
           if asg_options[:target_group_arns]
-            MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).attach_load_balancer_target_groups(
+            MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).attach_load_balancer_target_groups(
               auto_scaling_group_name: @mu_name,
               target_group_arns: asg_options[:target_group_arns]
             )
             asg_options.delete(:target_group_arns)
           end
-          MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).update_auto_scaling_group(asg_options)
+          MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).update_auto_scaling_group(asg_options)
           if @config['scale_in_protection']
             if @config['scale_in_protection'] == "all"
@@ -327,7 +326,7 @@ module MU
             setScaleInProtection(0)
           end
-          ext_pols = MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).describe_policies(
+          ext_pols = MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).describe_policies(
             auto_scaling_group_name: @mu_name
           ).scaling_policies
           if @config["scaling_policies"] and @config["scaling_policies"].size > 0
@@ -339,7 +338,7 @@ module MU
             ext_pols.each { |ext|
               if !legit_policies.include?(ext.policy_name)
                 MU.log "Scaling policy #{ext.policy_name} is not named in scaling_policies, removing from #{@mu_name}", MU::NOTICE, details: ext
-                MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).delete_policy(
+                MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).delete_policy(
                   auto_scaling_group_name: @mu_name,
                   policy_name: ext.policy_name
                 )
@@ -400,7 +399,7 @@ module MU
               ext_pols.each { |ext|
                 if ext.policy_name == policy_name
                   if !MU.hashCmp(MU.structToHash(ext), policy_params, missing_is_default: true)
-                    MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).delete_policy(
+                    MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).delete_policy(
                       auto_scaling_group_name: @mu_name,
                       policy_name: policy_name
                     )
@@ -412,7 +411,7 @@ module MU
               }
               if !policy_already_correct
                 MU.log "Putting scaling policy #{policy_name} for #{@mu_name}", MU::NOTICE, details: policy_params
-                MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).put_scaling_policy(policy_params)
+                MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).put_scaling_policy(policy_params)
               end
             }
@@ -425,7 +424,8 @@ module MU
         # @return [OpenStruct]
         def cloud_desc(use_cache: true)
           return @cloud_desc_cache if @cloud_desc_cache and use_cache
-          @cloud_desc_cache = MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).describe_auto_scaling_groups(
+          return nil if !@cloud_id
+          @cloud_desc_cache = MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).describe_auto_scaling_groups(
             auto_scaling_group_names: [@mu_name]
           ).auto_scaling_groups.first
           @cloud_desc_cache
@@ -489,9 +489,9 @@ module MU
       def toKitten(**_args)
         bok = {
           "cloud" => "AWS",
-          "credentials" => @config['credentials'],
+          "credentials" => @credentials,
           "cloud_id" => @cloud_id,
-          "region" => @config['region']
+          "region" => @region
         }
         if !cloud_desc
@@ -516,7 +516,7 @@ module MU
         bok['max_size'] = cloud_desc.max_size
         if cloud_desc.launch_configuration_name
-          launch = MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @credentials).describe_launch_configurations(
+          launch = MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).describe_launch_configurations(
             launch_configuration_names: [cloud_desc.launch_configuration_name]
           ).launch_configurations.first
           bok['basis'] = {
@@ -531,14 +531,25 @@ module MU
         if cloud_desc.vpc_zone_identifier and
            !cloud_desc.vpc_zone_identifier.empty?
           nets = cloud_desc.vpc_zone_identifier.split(/,/)
-          resp = MU::Cloud::AWS.ec2(region: @config['region'], credentials: @credentials).describe_subnets(subnet_ids: nets).subnets.first
-          bok['vpc'] = MU::Config::Ref.get(
-            id: resp.vpc_id,
-            cloud: "AWS",
-            credentials: @credentials,
-            type: "vpcs",
-            subnets: nets.map { |s| { "subnet_id" => s } }
-          )
+          begin
+            resp = MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).describe_subnets(subnet_ids: nets).subnets.first
+            bok['vpc'] = MU::Config::Ref.get(
+              id: resp.vpc_id,
+              cloud: "AWS",
+              credentials: @credentials,
+              type: "vpcs",
+              subnets: nets.map { |s| { "subnet_id" => s } }
+            )
+          rescue Aws::EC2::Errors::InvalidSubnetIDNotFound => e
+            if e.message.match(/The subnet ID '(subnet-[a-f0-9]+)' does not exist/)
+              nets.delete(Regexp.last_match[1])
+              if nets.empty?
+                MU.log "Autoscale Group #{@cloud_id} was configured for a VPC, but the configuration held no valid subnets", MU::WARN, details: cloud_desc.vpc_zone_identifier.split(/,/)
+              end
+            else
+              raise e
+            end
+          end
         end
 #        MU.log @cloud_id, MU::NOTICE, details: cloud_desc
@@ -897,41 +908,13 @@ module MU
                 MU.log "Cannot mix iam_policies with generate_iam_role set to false", MU::ERR
                 ok = false
               end
-            else
-              s3_objs = ['arn:'+(MU::Cloud::AWS.isGovCloud?(pool['region']) ? "aws-us-gov" : "aws")+':s3:::'+MU::Cloud::AWS.adminBucketName(pool['credentials'])+'/Mu_CA.pem']
-              role = {
-                "name" => pool["name"],
-                "cloud" => "AWS",
-                "strip_path" => pool["role_strip_path"],
-                "can_assume" => [
-                  {
-                    "entity_id" => "ec2.amazonaws.com",
-                    "entity_type" => "service"
-                  }
-                ],
-                "policies" => [
-                  {
-                    "name" => "MuSecrets",
-                    "permissions" => ["s3:GetObject"],
-                    "targets" => s3_objs.map { |f| { "identifier" => f } }
-                  }
-                ]
-              }
-              if launch['iam_policies']
-                role['iam_policies'] = launch['iam_policies'].dup
-              end
-              if pool['canned_iam_policies']
-                role['import'] = pool['canned_iam_policies'].dup
-              end
-              if pool['iam_role']
-# XXX maybe break this down into policies and add those?
-              end
-              role['credentials'] = pool['credentials'] if pool['credentials']
-              configurator.insertKitten(role, "roles")
-              MU::Config.addDependency(pool, pool['name'], "role")
             end
+            ["generate_iam_role", "iam_role", "canned_iam_policies", "iam_policies"].each { |key|
+              pool[key] = launch[key] if !launch[key].nil?
+            }
+            MU::Cloud.resourceClass("AWS", "Server").generateStandardRole(pool, configurator)
             launch["ami_id"] ||= launch["image_id"]
             if launch["server"].nil? and launch["instance_id"].nil? and launch["ami_id"].nil?
               img_id = MU::Cloud.getStockImage("AWS", platform: pool['platform'], region: pool['region'])
@@ -944,7 +927,7 @@ module MU
               end
             end
             if launch["server"] != nil
-              MU::Config.addDependency(pool, launch["server"], "server", phase: "groom")
+              MU::Config.addDependency(pool, launch["server"], "server", their_phase: "groom")
 # XXX I dunno, maybe toss an error if this isn't done already
 #              servers.each { |server|
 #                if server["name"] == launch["server"]
@@ -1050,7 +1033,7 @@ module MU
         # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
         # @param region [String]: The cloud provider region
         # @return [void]
-        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
+        def self.cleanup(noop: false, deploy_id: MU.deploy_id, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
           MU.log "AWS::ServerPool.cleanup: need to support flags['known']", MU::DEBUG, details: flags
           filters = [{name: "key", values: ["MU-ID"]}]
@@ -1073,7 +1056,7 @@ module MU
             if asg.key == "MU-MASTER-IP" and asg.value != MU.mu_public_ip and !ignoremaster
               no_purge << asg.resource_id
             end
-            if asg.key == "MU-ID" and asg.value == MU.deploy_id
+            if asg.key == "MU-ID" and asg.value == deploy_id
               maybe_purge << asg.resource_id
             end
           }
@@ -1144,20 +1127,20 @@ module MU
             @config['basis']['launch_config']["ami_id"] = MU::Cloud.resourceClass("AWS", "Server").createImage(
               name: @mu_name,
               instance_id: @config['basis']['launch_config']["instance_id"],
-              credentials: @config['credentials'],
-              region: @config['region']
-            )[@config['region']]
+              credentials: @credentials,
+              region: @region
+            )[@region]
           end
-          MU::Cloud.resourceClass("AWS", "Server").waitForAMI(@config['basis']['launch_config']["ami_id"], credentials: @config['credentials'])
+          MU::Cloud.resourceClass("AWS", "Server").waitForAMI(@config['basis']['launch_config']["ami_id"].to_s, credentials: @credentials)
-          oldlaunch = MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).describe_launch_configurations(
+          oldlaunch = MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).describe_launch_configurations(
             launch_configuration_names: [@mu_name]
           ).launch_configurations.first
           userdata = MU::Cloud.fetchUserdata(
             platform: @config["platform"],
             cloud: "AWS",
-            credentials: @config['credentials'],
+            credentials: @credentials,
             template_variables: {
               "deployKey" => Base64.urlsafe_encode64(@deploy.public_key),
               "deploySSHKey" => @deploy.ssh_public_key,
@@ -1210,16 +1193,6 @@ module MU
           storage.concat(MU::Cloud.resourceClass("AWS", "Server").ephemeral_mappings)
-          if @config['basis']['launch_config']['generate_iam_role']
-            role = @deploy.findLitterMate(name: @config['name'], type: "roles")
-            if role
-              s3_objs = ["#{@deploy.deploy_id}-secret", "#{role.mu_name}.pfx", "#{role.mu_name}.crt", "#{role.mu_name}.key", "#{role.mu_name}-winrm.crt", "#{role.mu_name}-winrm.key"].map { |file|
-                'arn:'+(MU::Cloud::AWS.isGovCloud?(@config['region']) ? "aws-us-gov" : "aws")+':s3:::'+MU::Cloud::AWS.adminBucketName(@credentials)+'/'+file
-              }
-              role.cloudobj.injectPolicyTargets("MuSecrets", s3_objs)
-            end
-          end
           if !oldlaunch.nil?
             olduserdata = Base64.decode64(oldlaunch.user_data)
             if userdata == olduserdata and
@@ -1236,7 +1209,7 @@ module MU
             # Put our Autoscale group onto a temporary launch config
             begin
-              MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).create_launch_configuration(
+              MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).create_launch_configuration(
                 launch_configuration_name: @mu_name+"-TMP",
                 user_data: Base64.encode64(olduserdata),
                 image_id: oldlaunch.image_id,
@@ -1259,12 +1232,12 @@ module MU
             end
-            MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).update_auto_scaling_group(
+            MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).update_auto_scaling_group(
               auto_scaling_group_name: @mu_name,
               launch_configuration_name: @mu_name+"-TMP"
             )
             # ...now back to an identical one with the "real" name
-            MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).delete_launch_configuration(
+            MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).delete_launch_configuration(
               launch_configuration_name: @mu_name
             )
           end
@@ -1297,30 +1270,30 @@ module MU
             end
           }
           rolename = nil
           ['generate_iam_role', 'iam_policies', 'canned_iam_policies', 'iam_role'].each { |field|
-            @config['basis']['launch_config'][field] ||= @config[field]
+            if !@config['basis']['launch_config'].nil?
+              @config[field] = @config['basis']['launch_config'][field]
+            else
+              @config['basis']['launch_config'][field] = @config[field]
+            end
           }
-          if @config['basis']['launch_config']['generate_iam_role']
-            role = @deploy.findLitterMate(name: @config['name'], type: "roles")
-            @config['iam_role'] = role.mu_name
-            launch_options[:iam_instance_profile] = role.cloudobj.createInstanceProfile
-          elsif @config['basis']['launch_config']['iam_role'].nil?
-            raise MuError, "#{@mu_name} has generate_iam_role set to false, but no iam_role assigned."
-          else
-            launch_options[:iam_instance_profile] = @config['basis']['launch_config']['iam_role']
-          end
-          @config['iam_role'] = rolename ? rolename : launch_options[:iam_instance_profile]
+          @config['iam_role'] = @config['basis']['launch_config']['iam_role'] = launch_options[:iam_instance_profile] = MU::Cloud.resourceClass("AWS", "Server").getIAMProfile(
+            @config['name'],
+            @deploy,
+            generated: @config['basis']['launch_config']['generate_iam_role'],
+            role_name: @config['basis']['launch_config']['iam_role'],
+            region: @region,
+            credentials: @credentials
+          ).values.first
           lc_attempts = 0
           begin
-            MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).create_launch_configuration(launch_options)
+            MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).create_launch_configuration(launch_options)
           rescue Aws::AutoScaling::Errors::ValidationError => e
             if lc_attempts > 3
-              MU.log "Got error while creating #{@mu_name} Launch Config#{@config['credentials'] ? " with credentials #{@config['credentials']}" : ""}: #{e.message}, retrying in 10s", MU::WARN, details: launch_options.reject { |k,_v | k == :user_data }
+              MU.log "Got error while creating #{@mu_name} Launch Config#{@credentials ? " with credentials #{@credentials}" : ""}: #{e.message}, retrying in 10s", MU::WARN, details: launch_options.reject { |k,_v | k == :user_data }
             end
             sleep 5
             lc_attempts += 1
@@ -1329,11 +1302,11 @@ module MU
           if !oldlaunch.nil?
             # Tell the ASG to use the new one, and nuke the old one
-            MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).update_auto_scaling_group(
+            MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).update_auto_scaling_group(
               auto_scaling_group_name: @mu_name,
               launch_configuration_name: @mu_name
             )
-            MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).delete_launch_configuration(
+            MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).delete_launch_configuration(
               launch_configuration_name: @mu_name+"-TMP"
             )
             MU.log "Launch Configuration #{@mu_name} replaced"
@@ -1403,20 +1376,12 @@ module MU
                     # XXX probably have to query API to get the DNS name of this one
                 }
               elsif lb["concurrent_load_balancer"]
-                raise MuError, "No loadbalancers exist! I need one named #{lb['concurrent_load_balancer']}" if !@deploy.deployment["loadbalancers"]
-                found = false
-                @deploy.deployment["loadbalancers"].each_pair { |lb_name, deployed_lb|
-                  if lb_name == lb['concurrent_load_balancer']
-                    lbs << deployed_lb["awsname"] # XXX check for classic
-                    if deployed_lb.has_key?("targetgroups")
-                      deployed_lb["targetgroups"].values.each { |tg_arn|
-                        tg_arns << tg_arn
-                      }
-                    end
-                    found = true
-                  end
-                }
-                raise MuError, "I need a loadbalancer named #{lb['concurrent_load_balancer']}, but none seems to have been created!" if !found
+                lb = @deploy.findLitterMate(name: lb['concurrent_load_balancer'], type: "loadbalancers")
+                raise MuError, "No loadbalancers exist! I need one named #{lb['concurrent_load_balancer']}" if !lb
+                lbs << lb.mu_name
+                if lb.targetgroups
+                  tg_arns = lb.targetgroups.values.map { |tg| tg.target_group_arn }
+                end
               end
             }
             if tg_arns.size > 0
@@ -1481,8 +1446,8 @@ module MU
           # Do the dance of specifying individual zones if we haven't asked to
           # use particular VPC subnets.
           if @config['zones'].nil? and asg_options[:vpc_zone_identifier].nil?
-            @config["zones"] = MU::Cloud::AWS.listAZs(region: @config['region'])
-            MU.log "Using zones from #{@config['region']}", MU::DEBUG, details: @config['zones']
+            @config["zones"] = MU::Cloud::AWS.listAZs(region: @region)
+            MU.log "Using zones from #{@region}", MU::DEBUG, details: @config['zones']
           end
           asg_options[:availability_zones] = @config["zones"] if @config["zones"] != nil
           asg_options