cloud-mu 3.3.2 → 3.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/cloud-mu.gemspec +3 -3
- data/cookbooks/mu-tools/attributes/default.rb +7 -0
- data/cookbooks/mu-tools/libraries/helper.rb +86 -2
- data/cookbooks/mu-tools/recipes/apply_security.rb +25 -9
- data/cookbooks/mu-tools/recipes/aws_api.rb +4 -0
- data/cookbooks/mu-tools/recipes/google_api.rb +4 -0
- data/cookbooks/mu-tools/recipes/rsyslog.rb +8 -1
- data/cookbooks/mu-tools/resources/disk.rb +33 -12
- data/cookbooks/mu-tools/resources/mommacat_request.rb +1 -2
- data/cookbooks/mu-tools/templates/centos-8/sshd_config.erb +215 -0
- data/extras/clean-stock-amis +10 -2
- data/extras/generate-stock-images +6 -3
- data/extras/image-generators/AWS/centos7.yaml +19 -16
- data/extras/image-generators/AWS/{rhel7.yaml → rhel71.yaml} +0 -0
- data/extras/image-generators/AWS/{win2k12.yaml → win2k12r2.yaml} +0 -0
- data/modules/mommacat.ru +2 -2
- data/modules/mu/cloud/wrappers.rb +16 -7
- data/modules/mu/config/ref.rb +1 -1
- data/modules/mu/defaults/AWS.yaml +96 -96
- data/modules/mu/mommacat.rb +10 -2
- data/modules/mu/mommacat/search.rb +11 -2
- data/modules/mu/mommacat/storage.rb +30 -15
- data/modules/mu/providers/aws.rb +43 -23
- data/modules/mu/providers/aws/database.rb +9 -6
- data/modules/mu/providers/aws/function.rb +8 -5
- data/modules/mu/providers/aws/job.rb +29 -26
- data/modules/mu/providers/aws/role.rb +38 -32
- data/modules/mu/providers/aws/server.rb +58 -51
- data/modules/mu/providers/aws/vpc.rb +3 -0
- data/modules/mu/providers/google.rb +1 -1
- data/modules/mu/providers/google/role.rb +1 -0
- metadata +10 -9
@@ -85,7 +85,7 @@ module MU
|
|
85
85
|
MU::Cloud.fetchUserdata(
|
86
86
|
platform: @config["platform"],
|
87
87
|
cloud: "AWS",
|
88
|
-
credentials: @
|
88
|
+
credentials: @credentials,
|
89
89
|
template_variables: {
|
90
90
|
"deployKey" => Base64.urlsafe_encode64(@deploy.public_key),
|
91
91
|
"deploySSHKey" => @deploy.ssh_public_key,
|
@@ -243,7 +243,7 @@ module MU
|
|
243
243
|
MU::Cloud::AWS.createStandardTags(
|
244
244
|
instance.instance_id,
|
245
245
|
region: @config['region'],
|
246
|
-
credentials: @
|
246
|
+
credentials: @credentials,
|
247
247
|
optional: @config['optional_tags'],
|
248
248
|
nametag: @mu_name,
|
249
249
|
othertags: @config['tags']
|
@@ -258,7 +258,7 @@ module MU
|
|
258
258
|
parent_thread_id = Thread.current.object_id
|
259
259
|
Thread.new {
|
260
260
|
MU.dupGlobals(parent_thread_id)
|
261
|
-
MU::Cloud::AWS::Server.cleanup(noop: false, ignoremaster: false, region: @config['region'], credentials: @
|
261
|
+
MU::Cloud::AWS::Server.cleanup(noop: false, ignoremaster: false, region: @config['region'], credentials: @credentials, flags: { "skipsnapshots" => true } )
|
262
262
|
}
|
263
263
|
end
|
264
264
|
end
|
@@ -307,7 +307,7 @@ module MU
|
|
307
307
|
instance_descriptor[:user_data] = Base64.encode64(@userdata)
|
308
308
|
end
|
309
309
|
|
310
|
-
MU::Cloud::AWS::Server.waitForAMI(@config["image_id"], region: @config['region'], credentials: @
|
310
|
+
MU::Cloud::AWS::Server.waitForAMI(@config["image_id"], region: @config['region'], credentials: @credentials)
|
311
311
|
|
312
312
|
instance_descriptor[:block_device_mappings] = MU::Cloud::AWS::Server.configureBlockDevices(image_id: @config["image_id"], storage: @config['storage'], region: @config['region'], credentials: @credentials)
|
313
313
|
|
@@ -332,7 +332,7 @@ module MU
|
|
332
332
|
|
333
333
|
begin
|
334
334
|
MU.retrier([Aws::EC2::Errors::InvalidGroupNotFound, Aws::EC2::Errors::InvalidSubnetIDNotFound, Aws::EC2::Errors::InvalidParameterValue], loop_if: loop_if, loop_msg: "Waiting for run_instances to return #{@mu_name}") {
|
335
|
-
resp = MU::Cloud::AWS.ec2(region: @config['region'], credentials: @
|
335
|
+
resp = MU::Cloud::AWS.ec2(region: @config['region'], credentials: @credentials).run_instances(instance_descriptor)
|
336
336
|
}
|
337
337
|
rescue Aws::EC2::Errors::InvalidRequest => e
|
338
338
|
MU.log e.message, MU::ERR, details: instance_descriptor
|
@@ -351,12 +351,12 @@ module MU
|
|
351
351
|
if hard
|
352
352
|
groupname = nil
|
353
353
|
if !@config['basis'].nil?
|
354
|
-
resp = MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @
|
354
|
+
resp = MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @credentials).describe_auto_scaling_instances(
|
355
355
|
instance_ids: [@cloud_id]
|
356
356
|
)
|
357
357
|
groupname = resp.auto_scaling_instances.first.auto_scaling_group_name
|
358
358
|
MU.log "Pausing Autoscale processes in #{groupname}", MU::NOTICE
|
359
|
-
MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @
|
359
|
+
MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @credentials).suspend_processes(
|
360
360
|
auto_scaling_group_name: groupname,
|
361
361
|
scaling_processes: [
|
362
362
|
"Terminate",
|
@@ -365,22 +365,22 @@ module MU
|
|
365
365
|
end
|
366
366
|
begin
|
367
367
|
MU.log "Stopping #{@mu_name} (#{@cloud_id})", MU::NOTICE
|
368
|
-
MU::Cloud::AWS.ec2(region: @config['region'], credentials: @
|
368
|
+
MU::Cloud::AWS.ec2(region: @config['region'], credentials: @credentials).stop_instances(
|
369
369
|
instance_ids: [@cloud_id]
|
370
370
|
)
|
371
|
-
MU::Cloud::AWS.ec2(region: @config['region'], credentials: @
|
371
|
+
MU::Cloud::AWS.ec2(region: @config['region'], credentials: @credentials).wait_until(:instance_stopped, instance_ids: [@cloud_id]) do |waiter|
|
372
372
|
waiter.before_attempt do
|
373
373
|
MU.log "Waiting for #{@mu_name} to stop for hard reboot"
|
374
374
|
end
|
375
375
|
end
|
376
376
|
MU.log "Starting #{@mu_name} (#{@cloud_id})"
|
377
|
-
MU::Cloud::AWS.ec2(region: @config['region'], credentials: @
|
377
|
+
MU::Cloud::AWS.ec2(region: @config['region'], credentials: @credentials).start_instances(
|
378
378
|
instance_ids: [@cloud_id]
|
379
379
|
)
|
380
380
|
ensure
|
381
381
|
if !groupname.nil?
|
382
382
|
MU.log "Resuming Autoscale processes in #{groupname}", MU::NOTICE
|
383
|
-
MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @
|
383
|
+
MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @credentials).resume_processes(
|
384
384
|
auto_scaling_group_name: groupname,
|
385
385
|
scaling_processes: [
|
386
386
|
"Terminate",
|
@@ -390,7 +390,7 @@ module MU
|
|
390
390
|
end
|
391
391
|
else
|
392
392
|
MU.log "Rebooting #{@mu_name} (#{@cloud_id})"
|
393
|
-
MU::Cloud::AWS.ec2(region: @config['region'], credentials: @
|
393
|
+
MU::Cloud::AWS.ec2(region: @config['region'], credentials: @credentials).reboot_instances(
|
394
394
|
instance_ids: [@cloud_id]
|
395
395
|
)
|
396
396
|
end
|
@@ -405,7 +405,7 @@ module MU
|
|
405
405
|
return nil if @config.nil? or @deploy.nil?
|
406
406
|
|
407
407
|
nat_ssh_key = nat_ssh_user = nat_ssh_host = nil
|
408
|
-
if !@config["vpc"].nil? and !MU::Cloud.resourceClass("AWS", "VPC").haveRouteToInstance?(cloud_desc, region: @config['region'], credentials: @
|
408
|
+
if !@config["vpc"].nil? and !MU::Cloud.resourceClass("AWS", "VPC").haveRouteToInstance?(cloud_desc, region: @config['region'], credentials: @credentials)
|
409
409
|
if !@nat.nil?
|
410
410
|
if @nat.is_a?(Struct) && @nat.nat_gateway_id && @nat.nat_gateway_id.start_with?("nat-")
|
411
411
|
raise MuError, "Configured to use NAT Gateway, but I have no route to instance. Either use Bastion, or configure VPC peering"
|
@@ -458,7 +458,7 @@ module MU
|
|
458
458
|
MU::Cloud::AWS.createStandardTags(
|
459
459
|
@cloud_id,
|
460
460
|
region: @config['region'],
|
461
|
-
credentials: @
|
461
|
+
credentials: @credentials,
|
462
462
|
optional: @config['optional_tags'],
|
463
463
|
nametag: @mu_name,
|
464
464
|
othertags: @config['tags']
|
@@ -495,7 +495,7 @@ module MU
|
|
495
495
|
|
496
496
|
if !@config['src_dst_check'] and !@config["vpc"].nil?
|
497
497
|
MU.log "Disabling source_dest_check #{@mu_name} (making it NAT-worthy)"
|
498
|
-
MU::Cloud::AWS.ec2(region: @config['region'], credentials: @
|
498
|
+
MU::Cloud::AWS.ec2(region: @config['region'], credentials: @credentials).modify_instance_attribute(
|
499
499
|
instance_id: @cloud_id,
|
500
500
|
source_dest_check: { value: false }
|
501
501
|
)
|
@@ -503,7 +503,7 @@ module MU
|
|
503
503
|
|
504
504
|
# Set console termination protection. Autoscale nodes won't set this
|
505
505
|
# by default.
|
506
|
-
MU::Cloud::AWS.ec2(region: @config['region'], credentials: @
|
506
|
+
MU::Cloud::AWS.ec2(region: @config['region'], credentials: @credentials).modify_instance_attribute(
|
507
507
|
instance_id: @cloud_id,
|
508
508
|
disable_api_termination: { value: true}
|
509
509
|
)
|
@@ -574,7 +574,7 @@ module MU
|
|
574
574
|
regions.each { |r|
|
575
575
|
searches.each { |search|
|
576
576
|
search_threads << Thread.new(search) { |params|
|
577
|
-
MU.retrier([
|
577
|
+
MU.retrier([], wait: 5, max: 5, ignoreme: [Aws::EC2::Errors::InvalidInstanceIDNotFound]) {
|
578
578
|
MU::Cloud::AWS.ec2(region: r, credentials: args[:credentials]).describe_instances(params).reservations.each { |resp|
|
579
579
|
next if resp.nil? or resp.instances.nil?
|
580
580
|
resp.instances.each { |i|
|
@@ -604,7 +604,7 @@ module MU
|
|
604
604
|
def toKitten(**_args)
|
605
605
|
bok = {
|
606
606
|
"cloud" => "AWS",
|
607
|
-
"credentials" => @
|
607
|
+
"credentials" => @credentials,
|
608
608
|
"cloud_id" => @cloud_id,
|
609
609
|
"region" => @config['region']
|
610
610
|
}
|
@@ -883,7 +883,7 @@ module MU
|
|
883
883
|
# Canonical Amazon Resource Number for this resource
|
884
884
|
# @return [String]
|
885
885
|
def arn
|
886
|
-
"arn:"+(MU::Cloud::AWS.isGovCloud?(@config["region"]) ? "aws-us-gov" : "aws")+":ec2:"+@config['region']+":"+MU::Cloud::AWS.credToAcct(@
|
886
|
+
"arn:"+(MU::Cloud::AWS.isGovCloud?(@config["region"]) ? "aws-us-gov" : "aws")+":ec2:"+@config['region']+":"+MU::Cloud::AWS.credToAcct(@credentials)+":instance/"+@cloud_id
|
887
887
|
end
|
888
888
|
|
889
889
|
@cloud_desc_cache = nil
|
@@ -896,7 +896,7 @@ module MU
|
|
896
896
|
retries = 0
|
897
897
|
if !@cloud_id.nil?
|
898
898
|
begin
|
899
|
-
resp = MU::Cloud::AWS.ec2(region: @config['region'], credentials: @
|
899
|
+
resp = MU::Cloud::AWS.ec2(region: @config['region'], credentials: @credentials).describe_instances(instance_ids: [@cloud_id])
|
900
900
|
if resp and resp.reservations and resp.reservations.first and
|
901
901
|
resp.reservations.first.instances and
|
902
902
|
resp.reservations.first.instances.first
|
@@ -943,7 +943,7 @@ module MU
|
|
943
943
|
# Our deploydata gets corrupted often with server pools, this will cause us to use the wrong IP to identify a node
|
944
944
|
# which will cause us to create certificates, DNS records and other artifacts with incorrect information which will cause our deploy to fail.
|
945
945
|
# The cloud_id is always correct so lets use 'cloud_desc' to get the correct IPs
|
946
|
-
if MU::Cloud.resourceClass("AWS", "VPC").haveRouteToInstance?(cloud_desc, region: @config['region'], credentials: @
|
946
|
+
if MU::Cloud.resourceClass("AWS", "VPC").haveRouteToInstance?(cloud_desc, region: @config['region'], credentials: @credentials) or @deploydata["public_ip_address"].nil?
|
947
947
|
@config['canonical_ip'] = cloud_desc.private_ip_address
|
948
948
|
@deploydata["private_ip_address"] = cloud_desc.private_ip_address
|
949
949
|
return cloud_desc.private_ip_address
|
@@ -1170,7 +1170,7 @@ module MU
|
|
1170
1170
|
retries = 0
|
1171
1171
|
MU.log "Waiting for Windows instance password to be set by Amazon and flagged as available from the API. Note- if you're using a source AMI that already has its password set, this may fail. You'll want to set use_cloud_provider_windows_password to false if this is the case.", MU::NOTICE
|
1172
1172
|
begin
|
1173
|
-
MU::Cloud::AWS.ec2(region: @config['region'], credentials: @
|
1173
|
+
MU::Cloud::AWS.ec2(region: @config['region'], credentials: @credentials).wait_until(:password_data_available, instance_id: @cloud_id) do |waiter|
|
1174
1174
|
waiter.max_attempts = 60
|
1175
1175
|
waiter.before_attempt do |attempts|
|
1176
1176
|
MU.log "Waiting for Windows password data to be available for node #{@mu_name}", MU::NOTICE if attempts % 5 == 0
|
@@ -1190,7 +1190,7 @@ module MU
|
|
1190
1190
|
end
|
1191
1191
|
end
|
1192
1192
|
|
1193
|
-
resp = MU::Cloud::AWS.ec2(region: @config['region'], credentials: @
|
1193
|
+
resp = MU::Cloud::AWS.ec2(region: @config['region'], credentials: @credentials).get_password_data(instance_id: @cloud_id)
|
1194
1194
|
encrypted_password = resp.password_data
|
1195
1195
|
|
1196
1196
|
# Note: This is already implemented in the decrypt_windows_password API call
|
@@ -1275,19 +1275,19 @@ module MU
|
|
1275
1275
|
def addVolume(dev, size, type: "gp2", delete_on_termination: false)
|
1276
1276
|
|
1277
1277
|
if setDeleteOntermination(dev, delete_on_termination)
|
1278
|
-
MU.log "A volume #{
|
1278
|
+
MU.log "A volume #{dev} already attached to #{self}, skipping", MU::NOTICE
|
1279
1279
|
return
|
1280
1280
|
end
|
1281
1281
|
|
1282
1282
|
MU.log "Creating #{size}GB #{type} volume on #{dev} for #{@cloud_id}"
|
1283
|
-
creation = MU::Cloud::AWS.ec2(region: @config['region'], credentials: @
|
1283
|
+
creation = MU::Cloud::AWS.ec2(region: @config['region'], credentials: @credentials).create_volume(
|
1284
1284
|
availability_zone: cloud_desc.placement.availability_zone,
|
1285
1285
|
size: size,
|
1286
1286
|
volume_type: type
|
1287
1287
|
)
|
1288
1288
|
|
1289
1289
|
MU.retrier(wait: 3, loop_if: Proc.new {
|
1290
|
-
creation = MU::Cloud::AWS.ec2(region: @config['region'], credentials: @
|
1290
|
+
creation = MU::Cloud::AWS.ec2(region: @config['region'], credentials: @credentials).describe_volumes(volume_ids: [creation.volume_id]).volumes.first
|
1291
1291
|
if !["creating", "available"].include?(creation.state)
|
1292
1292
|
raise MuError, "Saw state '#{creation.state}' while creating #{size}GB #{type} volume on #{dev} for #{@cloud_id}"
|
1293
1293
|
end
|
@@ -1299,22 +1299,25 @@ module MU
|
|
1299
1299
|
MU::Cloud::AWS.createStandardTags(
|
1300
1300
|
creation.volume_id,
|
1301
1301
|
region: @config['region'],
|
1302
|
-
credentials: @
|
1302
|
+
credentials: @credentials,
|
1303
1303
|
optional: @config['optional_tags'],
|
1304
1304
|
nametag: @mu_name+"-"+dev.upcase,
|
1305
1305
|
othertags: @config['tags']
|
1306
1306
|
)
|
1307
1307
|
end
|
1308
1308
|
|
1309
|
-
|
1310
|
-
|
1311
|
-
|
1312
|
-
|
1313
|
-
|
1309
|
+
MU.log "Attaching #{creation.volume_id} as #{dev} to #{@cloud_id} in #{@config['region']} (credentials #{@credentials})"
|
1310
|
+
attachment = nil
|
1311
|
+
MU.retrier([Aws::EC2::Errors::IncorrectState], wait: 15, max: 4) {
|
1312
|
+
attachment = MU::Cloud::AWS.ec2(region: @config['region'], credentials: @credentials).attach_volume(
|
1313
|
+
device: dev,
|
1314
|
+
instance_id: @cloud_id,
|
1315
|
+
volume_id: creation.volume_id
|
1316
|
+
)
|
1317
|
+
}
|
1314
1318
|
|
1315
1319
|
begin
|
1316
|
-
|
1317
|
-
attachment = MU::Cloud::AWS.ec2(region: @config['region'], credentials: @config['credentials']).describe_volumes(volume_ids: [attachment.volume_id]).volumes.first.attachments.first
|
1320
|
+
attachment = MU::Cloud::AWS.ec2(region: @config['region'], credentials: @credentials).describe_volumes(volume_ids: [attachment.volume_id]).volumes.first.attachments.first
|
1318
1321
|
if !["attaching", "attached"].include?(attachment.state)
|
1319
1322
|
raise MuError, "Saw state '#{creation.state}' while creating #{size}GB #{type} volume on #{dev} for #{@cloud_id}"
|
1320
1323
|
end
|
@@ -1334,7 +1337,7 @@ module MU
|
|
1334
1337
|
return true
|
1335
1338
|
end
|
1336
1339
|
begin
|
1337
|
-
MU::Cloud::AWS.ec2(region: @config['region'], credentials: @
|
1340
|
+
MU::Cloud::AWS.ec2(region: @config['region'], credentials: @credentials).describe_instances(
|
1338
1341
|
instance_ids: [@cloud_id]
|
1339
1342
|
).reservations.each { |resp|
|
1340
1343
|
if !resp.nil? and !resp.instances.nil?
|
@@ -2085,7 +2088,7 @@ module MU
|
|
2085
2088
|
def haveElasticIP?
|
2086
2089
|
if !cloud_desc.public_ip_address.nil?
|
2087
2090
|
begin
|
2088
|
-
resp = MU::Cloud::AWS.ec2(region: @config['region'], credentials: @
|
2091
|
+
resp = MU::Cloud::AWS.ec2(region: @config['region'], credentials: @credentials).describe_addresses(public_ips: [cloud_desc.public_ip_address])
|
2089
2092
|
if resp.addresses.size > 0 and resp.addresses.first.instance_id == @cloud_id
|
2090
2093
|
return true
|
2091
2094
|
end
|
@@ -2110,7 +2113,7 @@ module MU
|
|
2110
2113
|
subnet = @vpc.getSubnet(cloud_id: cloud_desc.subnet_id)
|
2111
2114
|
|
2112
2115
|
_nat_ssh_key, _nat_ssh_user, nat_ssh_host, _canonical_ip, _ssh_user, _ssh_key_name = getSSHConfig
|
2113
|
-
if subnet.private? and !nat_ssh_host and !MU::Cloud.resourceClass("AWS", "VPC").haveRouteToInstance?(cloud_desc, region: @config['region'], credentials: @
|
2116
|
+
if subnet.private? and !nat_ssh_host and !MU::Cloud.resourceClass("AWS", "VPC").haveRouteToInstance?(cloud_desc, region: @config['region'], credentials: @credentials)
|
2114
2117
|
raise MuError, "#{@mu_name} is in a private subnet (#{subnet}), but has no bastion host configured, and I have no other route to it"
|
2115
2118
|
end
|
2116
2119
|
|
@@ -2127,17 +2130,17 @@ module MU
|
|
2127
2130
|
next
|
2128
2131
|
end
|
2129
2132
|
MU.log "Adding network interface on subnet #{s.cloud_id} for #{@mu_name}"
|
2130
|
-
iface = MU::Cloud::AWS.ec2(region: @config['region'], credentials: @
|
2133
|
+
iface = MU::Cloud::AWS.ec2(region: @config['region'], credentials: @credentials).create_network_interface(subnet_id: s.cloud_id).network_interface
|
2131
2134
|
MU::Cloud::AWS.createStandardTags(
|
2132
2135
|
iface.network_interface_id,
|
2133
2136
|
region: @config['region'],
|
2134
|
-
credentials: @
|
2137
|
+
credentials: @credentials,
|
2135
2138
|
optional: @config['optional_tags'],
|
2136
2139
|
nametag: @mu_name+"-ETH"+device_index.to_s,
|
2137
2140
|
othertags: @config['tags']
|
2138
2141
|
)
|
2139
2142
|
|
2140
|
-
MU::Cloud::AWS.ec2(region: @config['region'], credentials: @
|
2143
|
+
MU::Cloud::AWS.ec2(region: @config['region'], credentials: @credentials).attach_network_interface(
|
2141
2144
|
network_interface_id: iface.network_interface_id,
|
2142
2145
|
instance_id: cloud_desc.instance_id,
|
2143
2146
|
device_index: device_index
|
@@ -2156,7 +2159,7 @@ module MU
|
|
2156
2159
|
cloud_desc.network_interfaces.each { |int|
|
2157
2160
|
if int.private_ip_address == cloud_desc.private_ip_address and int.private_ip_addresses.size < (@config['add_private_ips'] + 1)
|
2158
2161
|
MU.log "Adding #{@config['add_private_ips']} extra private IP addresses to #{cloud_desc.instance_id}"
|
2159
|
-
MU::Cloud::AWS.ec2(region: @config['region'], credentials: @
|
2162
|
+
MU::Cloud::AWS.ec2(region: @config['region'], credentials: @credentials).assign_private_ip_addresses(
|
2160
2163
|
network_interface_id: int.network_interface_id,
|
2161
2164
|
secondary_private_ip_address_count: @config['add_private_ips'],
|
2162
2165
|
allow_reassignment: false
|
@@ -2167,14 +2170,14 @@ module MU
|
|
2167
2170
|
end
|
2168
2171
|
|
2169
2172
|
def tagVolumes
|
2170
|
-
volumes = MU::Cloud::AWS.ec2(region: @config['region'], credentials: @
|
2173
|
+
volumes = MU::Cloud::AWS.ec2(region: @config['region'], credentials: @credentials).describe_volumes(filters: [name: "attachment.instance-id", values: [@cloud_id]])
|
2171
2174
|
volumes.each { |vol|
|
2172
2175
|
vol.volumes.each { |volume|
|
2173
2176
|
volume.attachments.each { |attachment|
|
2174
2177
|
MU::Cloud::AWS.createStandardTags(
|
2175
2178
|
attachment.volume_id,
|
2176
2179
|
region: @config['region'],
|
2177
|
-
credentials: @
|
2180
|
+
credentials: @credentials,
|
2178
2181
|
optional: @config['optional_tags'],
|
2179
2182
|
nametag: ["/dev/sda", "/dev/sda1"].include?(attachment.device) ? "ROOT-"+@mu_name : @mu_name+"-"+attachment.device.upcase,
|
2180
2183
|
othertags: @config['tags']
|
@@ -2204,7 +2207,7 @@ module MU
|
|
2204
2207
|
if alarm["enable_notifications"]
|
2205
2208
|
# XXX vile, this should be a sibling resource generated by the
|
2206
2209
|
# parser
|
2207
|
-
topic_arn = MU::Cloud.resourceClass("AWS", "Notification").createTopic(alarm["notification_group"], region: @config["region"], credentials: @
|
2210
|
+
topic_arn = MU::Cloud.resourceClass("AWS", "Notification").createTopic(alarm["notification_group"], region: @config["region"], credentials: @credentials)
|
2208
2211
|
MU::Cloud.resourceClass("AWS", "Notification").subscribe(topic_arn, alarm["notification_endpoint"], alarm["notification_type"], region: @config["region"], credentials: @config["credentials"])
|
2209
2212
|
alarm["alarm_actions"] = [topic_arn]
|
2210
2213
|
alarm["ok_actions"] = [topic_arn]
|
@@ -2227,7 +2230,7 @@ module MU
|
|
2227
2230
|
threshold: alarm["threshold"],
|
2228
2231
|
comparison_operator: alarm["comparison_operator"],
|
2229
2232
|
region: @config["region"],
|
2230
|
-
credentials: @
|
2233
|
+
credentials: @credentials
|
2231
2234
|
)
|
2232
2235
|
}
|
2233
2236
|
end
|
@@ -2237,7 +2240,10 @@ module MU
|
|
2237
2240
|
|
2238
2241
|
def getIAMProfile
|
2239
2242
|
arn = if @config['generate_iam_role']
|
2240
|
-
role = @deploy.findLitterMate(name: @config['name'], type: "roles")
|
2243
|
+
role = @deploy.findLitterMate(name: @config['name'], type: "roles", debug: true)
|
2244
|
+
if !role
|
2245
|
+
raise MuError, "Failed to find a role matching #{@config['name']}"
|
2246
|
+
end
|
2241
2247
|
s3_objs = ["#{@deploy.deploy_id}-secret", "#{role.mu_name}.pfx", "#{role.mu_name}.crt", "#{role.mu_name}.key", "#{role.mu_name}-winrm.crt", "#{role.mu_name}-winrm.key"].map { |file|
|
2242
2248
|
'arn:'+(MU::Cloud::AWS.isGovCloud?(@config['region']) ? "aws-us-gov" : "aws")+':s3:::'+MU::Cloud::AWS.adminBucketName(@credentials)+'/'+file
|
2243
2249
|
}
|
@@ -2272,8 +2278,8 @@ module MU
|
|
2272
2278
|
if vol[:device_name] == device
|
2273
2279
|
if vol[:ebs][:delete_on_termination] != delete_on_termination
|
2274
2280
|
vol[:ebs][:delete_on_termination] = delete_on_termination
|
2275
|
-
MU.log "Setting delete_on_termination flag to #{delete_on_termination.to_s} on #{@mu_name}'s #{
|
2276
|
-
MU::Cloud::AWS.ec2(region: @config['region'], credentials: @
|
2281
|
+
MU.log "Setting delete_on_termination flag to #{delete_on_termination.to_s} on #{@mu_name}'s #{device}"
|
2282
|
+
MU::Cloud::AWS.ec2(region: @config['region'], credentials: @credentials).modify_instance_attribute(
|
2277
2283
|
instance_id: @cloud_id,
|
2278
2284
|
block_device_mappings: mappings
|
2279
2285
|
)
|
@@ -2319,14 +2325,15 @@ module MU
|
|
2319
2325
|
make_public: img_cfg['public'],
|
2320
2326
|
region: @config['region'],
|
2321
2327
|
tags: @config['tags'],
|
2322
|
-
credentials: @
|
2328
|
+
credentials: @credentials
|
2323
2329
|
)
|
2330
|
+
|
2324
2331
|
@deploy.notify("images", @config['name'], ami_ids)
|
2325
2332
|
@config['image_created'] = true
|
2326
2333
|
if img_cfg['image_then_destroy']
|
2327
|
-
MU::Cloud::AWS::Server.waitForAMI(ami_ids[@config['region']], region: @config['region'], credentials: @
|
2334
|
+
MU::Cloud::AWS::Server.waitForAMI(ami_ids[@config['region']], region: @config['region'], credentials: @credentials)
|
2328
2335
|
MU.log "AMI #{ami_ids[@config['region']]} ready, removing source node #{@mu_name}"
|
2329
|
-
MU::Cloud::AWS::Server.terminateInstance(id: @cloud_id, region: @config['region'], deploy_id: @deploy.deploy_id, mu_name: @mu_name, credentials: @
|
2336
|
+
MU::Cloud::AWS::Server.terminateInstance(id: @cloud_id, region: @config['region'], deploy_id: @deploy.deploy_id, mu_name: @mu_name, credentials: @credentials)
|
2330
2337
|
destroy
|
2331
2338
|
end
|
2332
2339
|
end
|
@@ -1330,6 +1330,9 @@ module MU
|
|
1330
1330
|
def peerWith(peer)
|
1331
1331
|
peer_ref = MU::Config::Ref.get(peer['vpc'])
|
1332
1332
|
peer_obj = peer_ref.kitten
|
1333
|
+
if !peer_obj
|
1334
|
+
raise MuError.new "#{@mu_name}: Failed to locate my peer VPC", details: peer_ref.to_h
|
1335
|
+
end
|
1333
1336
|
peer_id = peer_ref.kitten.cloud_id
|
1334
1337
|
if peer_id == @cloud_id
|
1335
1338
|
MU.log "#{@mu_name} attempted to peer with itself (#{@cloud_id})", MU::ERR, details: peer
|
@@ -236,7 +236,7 @@ module MU
|
|
236
236
|
# @param sibling_only [Boolean]
|
237
237
|
# @return [MU::Config::Habitat,nil]
|
238
238
|
def self.projectLookup(name, deploy = MU.mommacat, raise_on_fail: true, sibling_only: false)
|
239
|
-
project_obj = deploy.findLitterMate(type: "habitats", name: name) if deploy
|
239
|
+
project_obj = deploy.findLitterMate(type: "habitats", name: name) if deploy and caller.grep(/`findLitterMate'/).empty? # XXX the dumbest
|
240
240
|
|
241
241
|
if !project_obj and !sibling_only
|
242
242
|
resp = MU::MommaCat.findStray(
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cloud-mu
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- John Stange
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date: 2020-10-
|
14
|
+
date: 2020-10-22 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: addressable
|
@@ -28,19 +28,19 @@ dependencies:
|
|
28
28
|
- !ruby/object:Gem::Version
|
29
29
|
version: '2.5'
|
30
30
|
- !ruby/object:Gem::Dependency
|
31
|
-
name: aws-sdk
|
31
|
+
name: aws-sdk
|
32
32
|
requirement: !ruby/object:Gem::Requirement
|
33
33
|
requirements:
|
34
|
-
- - "
|
34
|
+
- - "~>"
|
35
35
|
- !ruby/object:Gem::Version
|
36
|
-
version: '3'
|
36
|
+
version: '3.0'
|
37
37
|
type: :runtime
|
38
38
|
prerelease: false
|
39
39
|
version_requirements: !ruby/object:Gem::Requirement
|
40
40
|
requirements:
|
41
|
-
- - "
|
41
|
+
- - "~>"
|
42
42
|
- !ruby/object:Gem::Version
|
43
|
-
version: '3'
|
43
|
+
version: '3.0'
|
44
44
|
- !ruby/object:Gem::Dependency
|
45
45
|
name: azure_sdk
|
46
46
|
requirement: !ruby/object:Gem::Requirement
|
@@ -841,6 +841,7 @@ files:
|
|
841
841
|
- cookbooks/mu-tools/templates/amazon/sshd_config.erb
|
842
842
|
- cookbooks/mu-tools/templates/centos-6/sshd_config.erb
|
843
843
|
- cookbooks/mu-tools/templates/centos-7/sshd_config.erb
|
844
|
+
- cookbooks/mu-tools/templates/centos-8/sshd_config.erb
|
844
845
|
- cookbooks/mu-tools/templates/default/0-mu-log-client.conf.erb
|
845
846
|
- cookbooks/mu-tools/templates/default/conf.maldet.erb
|
846
847
|
- cookbooks/mu-tools/templates/default/etc_hosts.erb
|
@@ -920,8 +921,8 @@ files:
|
|
920
921
|
- extras/image-generators/AWS/centos6.yaml
|
921
922
|
- extras/image-generators/AWS/centos7-govcloud.yaml
|
922
923
|
- extras/image-generators/AWS/centos7.yaml
|
923
|
-
- extras/image-generators/AWS/
|
924
|
-
- extras/image-generators/AWS/
|
924
|
+
- extras/image-generators/AWS/rhel71.yaml
|
925
|
+
- extras/image-generators/AWS/win2k12r2.yaml
|
925
926
|
- extras/image-generators/AWS/win2k16.yaml
|
926
927
|
- extras/image-generators/AWS/win2k19.yaml
|
927
928
|
- extras/image-generators/Google/centos6.yaml
|