cloud-mu 3.4.0 → 3.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ansible/roles/mu-nat/tasks/main.yml +3 -0
- data/bin/mu-aws-setup +41 -7
- data/bin/mu-azure-setup +34 -0
- data/bin/mu-configure +214 -119
- data/bin/mu-gcp-setup +37 -2
- data/bin/mu-node-manage +3 -0
- data/bin/mu-refresh-ssl +67 -0
- data/bin/mu-run-tests +14 -4
- data/bin/mu-self-update +30 -10
- data/bin/mu-upload-chef-artifacts +30 -26
- data/cloud-mu.gemspec +8 -6
- data/cookbooks/mu-master/attributes/default.rb +5 -1
- data/cookbooks/mu-master/metadata.rb +2 -2
- data/cookbooks/mu-master/recipes/default.rb +81 -26
- data/cookbooks/mu-master/recipes/init.rb +197 -62
- data/cookbooks/mu-master/recipes/update_nagios_only.rb +1 -1
- data/cookbooks/mu-master/recipes/vault.rb +78 -77
- data/cookbooks/mu-master/templates/default/mods/rewrite.conf.erb +1 -0
- data/cookbooks/mu-master/templates/default/nagios.conf.erb +103 -0
- data/cookbooks/mu-master/templates/default/web_app.conf.erb +14 -30
- data/cookbooks/mu-tools/attributes/default.rb +5 -0
- data/cookbooks/mu-tools/files/centos-6/CentOS-Base.repo +47 -0
- data/cookbooks/mu-tools/libraries/helper.rb +12 -2
- data/cookbooks/mu-tools/libraries/monkey.rb +1 -1
- data/cookbooks/mu-tools/recipes/apply_security.rb +6 -0
- data/cookbooks/mu-tools/recipes/aws_api.rb +6 -4
- data/cookbooks/mu-tools/recipes/base_repositories.rb +1 -1
- data/cookbooks/mu-tools/recipes/gcloud.rb +2 -9
- data/cookbooks/mu-tools/recipes/google_api.rb +5 -2
- data/cookbooks/mu-tools/resources/disk.rb +108 -58
- data/extras/Gemfile.lock.bootstrap +394 -0
- data/extras/bucketstubs/error.html +0 -0
- data/extras/bucketstubs/index.html +0 -0
- data/extras/clean-stock-amis +9 -9
- data/extras/git_rpm/build.sh +20 -0
- data/extras/git_rpm/mugit.spec +53 -0
- data/extras/image-generators/VMWare/centos8.yaml +15 -0
- data/extras/openssl_rpm/build.sh +19 -0
- data/extras/openssl_rpm/mussl.spec +46 -0
- data/extras/python_rpm/muthon.spec +14 -4
- data/extras/ruby_rpm/muby.spec +9 -5
- data/extras/sqlite_rpm/build.sh +19 -0
- data/extras/sqlite_rpm/muqlite.spec +47 -0
- data/install/installer +7 -5
- data/modules/mu.rb +12 -5
- data/modules/mu/cloud/machine_images.rb +1 -1
- data/modules/mu/cloud/providers.rb +6 -1
- data/modules/mu/cloud/resource_base.rb +1 -1
- data/modules/mu/cloud/ssh_sessions.rb +4 -0
- data/modules/mu/config.rb +28 -12
- data/modules/mu/config/database.rb +2 -2
- data/modules/mu/config/firewall_rule.rb +1 -1
- data/modules/mu/config/ref.rb +2 -2
- data/modules/mu/config/schema_helpers.rb +12 -3
- data/modules/mu/config/server.rb +10 -4
- data/modules/mu/config/server_pool.rb +2 -2
- data/modules/mu/config/vpc.rb +10 -10
- data/modules/mu/defaults/AWS.yaml +32 -32
- data/modules/mu/deploy.rb +23 -10
- data/modules/mu/groomers/chef.rb +2 -2
- data/modules/mu/master.rb +49 -3
- data/modules/mu/mommacat.rb +8 -5
- data/modules/mu/mommacat/naming.rb +2 -2
- data/modules/mu/mommacat/storage.rb +22 -27
- data/modules/mu/providers/aws.rb +142 -48
- data/modules/mu/providers/aws/alarm.rb +3 -3
- data/modules/mu/providers/aws/bucket.rb +19 -19
- data/modules/mu/providers/aws/cache_cluster.rb +22 -22
- data/modules/mu/providers/aws/cdn.rb +2 -2
- data/modules/mu/providers/aws/collection.rb +14 -14
- data/modules/mu/providers/aws/container_cluster.rb +27 -27
- data/modules/mu/providers/aws/database.rb +40 -39
- data/modules/mu/providers/aws/dnszone.rb +5 -5
- data/modules/mu/providers/aws/endpoint.rb +35 -35
- data/modules/mu/providers/aws/firewall_rule.rb +26 -23
- data/modules/mu/providers/aws/function.rb +28 -28
- data/modules/mu/providers/aws/group.rb +7 -7
- data/modules/mu/providers/aws/habitat.rb +2 -2
- data/modules/mu/providers/aws/job.rb +6 -6
- data/modules/mu/providers/aws/loadbalancer.rb +34 -34
- data/modules/mu/providers/aws/log.rb +14 -14
- data/modules/mu/providers/aws/msg_queue.rb +10 -10
- data/modules/mu/providers/aws/nosqldb.rb +8 -8
- data/modules/mu/providers/aws/notifier.rb +7 -7
- data/modules/mu/providers/aws/role.rb +17 -15
- data/modules/mu/providers/aws/search_domain.rb +10 -10
- data/modules/mu/providers/aws/server.rb +176 -95
- data/modules/mu/providers/aws/server_pool.rb +65 -105
- data/modules/mu/providers/aws/storage_pool.rb +17 -9
- data/modules/mu/providers/aws/user.rb +1 -1
- data/modules/mu/providers/aws/vpc.rb +103 -51
- data/modules/mu/providers/aws/vpc_subnet.rb +43 -39
- data/modules/mu/providers/azure.rb +78 -12
- data/modules/mu/providers/azure/server.rb +18 -3
- data/modules/mu/providers/cloudformation/server.rb +1 -1
- data/modules/mu/providers/google.rb +19 -4
- data/modules/mu/providers/google/folder.rb +6 -2
- data/modules/mu/providers/google/function.rb +65 -30
- data/modules/mu/providers/google/role.rb +1 -1
- data/modules/mu/providers/google/vpc.rb +27 -2
- data/modules/tests/aws-servers-with-handrolled-iam.yaml +37 -0
- data/modules/tests/k8s.yaml +1 -1
- metadata +24 -8
data/bin/mu-gcp-setup
CHANGED
@@ -44,6 +44,7 @@ Usage:
|
|
44
44
|
opt :logs, "Ensure the presence of an Cloud Storage bucket prefixed with 'Mu_Logs' for use with CloudTrails, syslog, etc.", :require => false, :default => false, :type => :boolean
|
45
45
|
# opt :dns, "Ensure the presence of a private DNS Zone called for internal amongst Mu resources.", :require => false, :default => false, :type => :boolean
|
46
46
|
opt :uploadlogs, "Push today's log files to the Cloud Storage bucket created by the -l option.", :require => false, :default => false, :type => :boolean
|
47
|
+
opt :optdisk, "Create a block volume for /opt and slide our installation onto it", :require => false, :default => false, :type => :boolean
|
47
48
|
end
|
48
49
|
|
49
50
|
if MU::Cloud::Google.hosted? and !$MU_CFG['google']
|
@@ -135,6 +136,38 @@ if $opts[:sg]
|
|
135
136
|
|
136
137
|
end
|
137
138
|
|
139
|
+
if $opts[:optdisk] and !File.open("/etc/mtab").read.match(/ \/opt[\s\/]/)
|
140
|
+
myname = MU::Cloud::Google.getGoogleMetaData("instance/name")
|
141
|
+
wd = Dir.getwd
|
142
|
+
Dir.chdir("/")
|
143
|
+
if File.exists?("/opt/opscode/bin/chef-server-ctl")
|
144
|
+
system("/opt/opscode/bin/chef-server-ctl stop")
|
145
|
+
end
|
146
|
+
if !File.exists?("/sbin/mkfs.xfs")
|
147
|
+
system("/usr/bin/yum -y install xfsprogs")
|
148
|
+
end
|
149
|
+
MU::Master.disk(myname+"-mu-opt", "/opt_tmp", 30)
|
150
|
+
uuid = MU::Master.diskUUID(myname+"-mu-opt")
|
151
|
+
if !uuid or uuid.empty?
|
152
|
+
MU.log "Failed to retrieve UUID of block device #{myname}-mu-opt", MU::ERR, details: MU::Cloud::AWS.realDevicePath(myname+"-mu-opt")
|
153
|
+
exit 1
|
154
|
+
end
|
155
|
+
MU.log "Moving contents of /opt to /opt_tmp", MU::NOTICE
|
156
|
+
system("/bin/mv /opt/* /opt_tmp/")
|
157
|
+
exit 1 if $?.exitstatus != 0
|
158
|
+
MU.log "Remounting /opt_tmp /opt", MU::NOTICE
|
159
|
+
system("/bin/umount /opt_tmp")
|
160
|
+
exit 1 if $?.exitstatus != 0
|
161
|
+
system("echo '#{uuid} /opt xfs defaults 0 0' >> /etc/fstab")
|
162
|
+
system("/bin/mount -a")
|
163
|
+
exit 1 if $?.exitstatus != 0
|
164
|
+
if File.exists?("/opt/opscode/bin/chef-server-ctl")
|
165
|
+
system("/opt/opscode/bin/chef-server-ctl start")
|
166
|
+
end
|
167
|
+
Dir.chdir(wd)
|
168
|
+
end
|
169
|
+
|
170
|
+
|
138
171
|
$bucketname = MU::Cloud::Google.adminBucketName
|
139
172
|
|
140
173
|
if $opts[:logs]
|
@@ -204,8 +237,10 @@ if $opts[:logs]
|
|
204
237
|
raise MuError, e.inspect
|
205
238
|
end
|
206
239
|
end
|
207
|
-
|
208
|
-
MU::
|
240
|
+
|
241
|
+
myname = MU::Cloud::Google.getGoogleMetaData("instance/name")
|
242
|
+
MU::Master.disk("/dev/"+myname+"-mu-logs", "/Mu_Logs", 50, "log_vol_ebs_key", "ram7")
|
243
|
+
|
209
244
|
}
|
210
245
|
|
211
246
|
end
|
data/bin/mu-node-manage
CHANGED
@@ -188,6 +188,9 @@ def reGroom(deploys = MU::MommaCat.listDeploys, nodes = [], vaults_only: false,
|
|
188
188
|
nodeclasses.each_pair { |nodeclass, servers|
|
189
189
|
servers.each_pair { |mu_name, server|
|
190
190
|
next if nodes.size > 0 and !nodes.include?(mu_name)
|
191
|
+
server.myFirewallRules.each { |fw|
|
192
|
+
fw.groom
|
193
|
+
}
|
191
194
|
count = count + 1
|
192
195
|
child = Process.fork {
|
193
196
|
begin
|
data/bin/mu-refresh-ssl
ADDED
@@ -0,0 +1,67 @@
|
|
1
|
+
#!/usr/local/ruby-current/bin/ruby
|
2
|
+
# Copyright:: Copyright (c) 2014 eGlobalTech, Inc., all rights reserved
|
3
|
+
#
|
4
|
+
# Licensed under the BSD-3 license (the "License");
|
5
|
+
# you may not use this file except in compliance with the License.
|
6
|
+
# You may obtain a copy of the License in the root of the project or at
|
7
|
+
#
|
8
|
+
# http://egt-labs.com/mu/LICENSE.html
|
9
|
+
#
|
10
|
+
# Unless required by applicable law or agreed to in writing, software
|
11
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
# See the License for the specific language governing permissions and
|
14
|
+
# limitations under the License.
|
15
|
+
|
16
|
+
if ARGV.size > 0
|
17
|
+
puts "#{$0}: Freshen the Mu Master's API and configuration documentation"
|
18
|
+
exit 1
|
19
|
+
end
|
20
|
+
|
21
|
+
require 'rubygems'
|
22
|
+
require 'bundler/setup'
|
23
|
+
require 'erb'
|
24
|
+
require 'tempfile'
|
25
|
+
require 'fileutils'
|
26
|
+
require File.realpath(File.expand_path(File.dirname(__FILE__)+"/mu-load-config.rb"))
|
27
|
+
require 'mu'
|
28
|
+
|
29
|
+
# XXX need special handling if Mu_CA.pem is expired
|
30
|
+
|
31
|
+
ca = %w{Mu_CA}
|
32
|
+
services = %w{rsyslog mommacat ldap consul vault}
|
33
|
+
chef_server = %w{Mu_CA mommacat}
|
34
|
+
|
35
|
+
certfiles = Dir.glob(MU.dataDir+"/ssl/*.pem")
|
36
|
+
certfiles.concat(Dir.glob(MU.dataDir+"/ssl/*.crt"))
|
37
|
+
|
38
|
+
now= Time.now
|
39
|
+
|
40
|
+
need_chef_ssl_run = false
|
41
|
+
need_chef_reconfigure = false
|
42
|
+
|
43
|
+
certfiles.each { |filename|
|
44
|
+
shortname = filename.gsub(/.*?\/|\.(pem|crt)$/, '')
|
45
|
+
cert = OpenSSL::X509::Certificate.new(File.read(filename))
|
46
|
+
if cert.not_after < now
|
47
|
+
need_chef_ssl_run = true if services.include?(shortname)
|
48
|
+
need_chef_reconfigure = true if chef_server.include?(shortname)
|
49
|
+
newpath = filename+"."+now.strftime("%Y%m%d%H").to_s
|
50
|
+
MU.log filename+" is expired, archiving to #{newpath} and regenerating", MU::WARN
|
51
|
+
File.rename(filename, newpath)
|
52
|
+
end
|
53
|
+
}
|
54
|
+
|
55
|
+
|
56
|
+
if need_chef_ssl_run
|
57
|
+
# XXX need to temporarily disable ssl checks in knife.rb and client.rb for this, maybe?
|
58
|
+
if !system("/opt/chef/bin/chef-client -o 'recipe[mu-master::ssl-certs]'")
|
59
|
+
MU.log "Got bad exit code trying to run recipe[mu-master::ssl-certs]'", MU::ERR
|
60
|
+
exit 1
|
61
|
+
end
|
62
|
+
end
|
63
|
+
|
64
|
+
if need_chef_reconfigure
|
65
|
+
system("CHEF_LICENSE=\"accept\" /opt/opscode/bin/chef-server-ctl reconfigure")
|
66
|
+
system("CHEF_LICENSE=\"accept\" /opt/opscode/bin/chef-server-ctl restart")
|
67
|
+
end
|
data/bin/mu-run-tests
CHANGED
@@ -37,13 +37,23 @@ Usage:
|
|
37
37
|
opt :max_retries, "Number of times to retry failed tests in --dryrun mode.", :require => false, :default => 2, :type => :integer
|
38
38
|
opt :full, "Actually run deploys, instead of --dryrun", :require => false, :default => false
|
39
39
|
opt :verbose, "Show more information while running", :require => false, :default => false
|
40
|
+
opt :clouds, "Select a subset of support cloud providers on which to test", :required => false, :type => :strings, :default => MU::Cloud.availableClouds.reject { |c| c == "CloudFormation" }
|
40
41
|
end
|
41
42
|
|
42
43
|
only = ARGV
|
43
44
|
|
44
45
|
files = Dir.glob("*.yaml", base: dir)
|
45
46
|
files.concat(Dir.glob("*.yml", base: dir))
|
46
|
-
|
47
|
+
valid_clouds = MU::Cloud.availableClouds.reject { |c| c == "CloudFormation" }
|
48
|
+
baseclouds = []
|
49
|
+
$opts[:clouds].each { |cloud|
|
50
|
+
if !valid_clouds.include?(cloud)
|
51
|
+
MU.log "'#{cloud}' isn't one of my available cloud providers", MU::ERR, details: valid_clouds
|
52
|
+
else
|
53
|
+
baseclouds << cloud
|
54
|
+
end
|
55
|
+
}
|
56
|
+
|
47
57
|
|
48
58
|
commands = {}
|
49
59
|
failures = []
|
@@ -96,7 +106,7 @@ files.each { |f|
|
|
96
106
|
conf_engine = MU::Config.new(f, cloud: cloud)
|
97
107
|
rescue StandardError => e
|
98
108
|
MU.log e.message+" parsing "+f+" with cloud "+cloud, MU::WARN, details: e.backtrace
|
99
|
-
failures << f+"
|
109
|
+
failures << f+" ["+commands[cmd]["cloud"]+"] - "+e.class.name+"\n\t"+e.message.gsub(/\n/, "\t\n")
|
100
110
|
next
|
101
111
|
end
|
102
112
|
parsed = MU::Config.stripConfig(conf_engine.config)
|
@@ -175,7 +185,7 @@ commands.keys.each { |cmd|
|
|
175
185
|
results[cmd_thr]["failed"] << "main"
|
176
186
|
end
|
177
187
|
|
178
|
-
if $opts[:full] and results[cmd_thr]["output"].match(/deploy - Deployment id: .*? \((.*?)\)/)
|
188
|
+
if $opts[:full] and results[cmd_thr]["output"].to_s.match(/deploy - Deployment id: .*? \((.*?)\)/)
|
179
189
|
deploy_id = Regexp.last_match[1]
|
180
190
|
adoptdir = Dir.mktmpdir(commands[cmd_thr]["file"].gsub(/[^a-z0-9]|yaml$/i, ""))
|
181
191
|
if commands[cmd_thr]["types"] and commands[cmd_thr]["types"].size > 0
|
@@ -227,6 +237,6 @@ results.keys.sort { |a, b|
|
|
227
237
|
}
|
228
238
|
|
229
239
|
if failures.size > 0
|
230
|
-
puts "\n#{failures.size.to_s.bold} failure#{failures.size == 1 ? "" : "s"} in
|
240
|
+
puts "\n#{failures.size.to_s.bold} failure#{failures.size == 1 ? "" : "s"} in:\n"+failures.uniq.map { |f| f.light_red }.join("\n")
|
231
241
|
exit 1
|
232
242
|
end
|
data/bin/mu-self-update
CHANGED
@@ -156,6 +156,15 @@ fi
|
|
156
156
|
git config branch.${branch}.remote origin
|
157
157
|
git config branch.${branch}.merge refs/heads/$branch
|
158
158
|
|
159
|
+
CHEF_CLIENT_VERSION=`grep '^CHEF_CLIENT_VERSION=' /opt/mu/lib/install/installer |cut -d\" -f2`
|
160
|
+
|
161
|
+
# Make sure any new bootstrappy stuff has been applied
|
162
|
+
chef-apply /opt/mu/lib/cookbooks/mu-master/recipes/init.rb
|
163
|
+
|
164
|
+
# Make sure bundler will use a recent git binary
|
165
|
+
if [ -d /usr/local/git-current ];then
|
166
|
+
export PATH="/usr/local/git-current/bin:${PATH}"
|
167
|
+
fi
|
159
168
|
|
160
169
|
if [ "`diff -r $MU_LIBDIR/cookbooks $MU_DATADIR/tmp/cookbook_changes.$$`" != "" ];then
|
161
170
|
rebuild_chef_artifacts=1
|
@@ -177,20 +186,31 @@ set -e
|
|
177
186
|
echo "${GREEN}Cleaning gems in ${BOLD}/usr/local/ruby-current${NORM}${GREEN}${NORM}"
|
178
187
|
cd $MU_LIBDIR/modules
|
179
188
|
/usr/local/ruby-current/bin/bundle update
|
189
|
+
set +e
|
180
190
|
/usr/local/ruby-current/bin/bundle clean --force
|
191
|
+
set -e
|
181
192
|
cd
|
182
193
|
|
183
|
-
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
|
194
|
+
DIST_VERSION=`rpm -qa \*-release\* | grep -Ei "redhat|^centos" | cut -d"-" -f3`
|
195
|
+
# IS_AMAZON=0
|
196
|
+
if [ "$DIST_VERSION" == "" ];then # funny package name in Amazon Linux
|
197
|
+
DIST_VERSION=6
|
198
|
+
# IS_AMAZON=1
|
199
|
+
elif [ "$DIST_VERSION" == "server" ];then # funny package name in RHEL6
|
200
|
+
DIST_VERSION="6"
|
201
|
+
else
|
202
|
+
DIST_VERSION="7"
|
203
|
+
fi
|
204
|
+
|
205
|
+
grep ^chef_license /etc/chef/client.rb || echo "chef_license 'accept'" >> /etc/chef/client.rb
|
206
|
+
|
207
|
+
if ! rpm -q chef;then
|
208
|
+
yes | rpm -ivh https://packages.chef.io/files/stable/chef/${CHEF_CLIENT_VERSION}/el/${DIST_VERSION}/chef-${CHEF_CLIENT_VERSION}-1.el${DIST_VERSION}.x86_64.rpm
|
209
|
+
else
|
210
|
+
cur_chef_ver="`rpm -q chef | cut -d\- -f2`"
|
211
|
+
if [ "${cur_chef_ver}" != "${CHEF_CLIENT_VERSION}" ];then
|
212
|
+
yes | rpm -Uvh https://packages.chef.io/files/stable/chef/${CHEF_CLIENT_VERSION}/el/${DIST_VERSION}/chef-${CHEF_CLIENT_VERSION}-1.el${DIST_VERSION}.x86_64.rpm
|
192
213
|
fi
|
193
|
-
rpm -Uvh https://packages.chef.io/files/stable/chef/14.13.11/el/${DIST_VERSION}/chef-14.13.11-1.el${DIST_VERSION}.x86_64.rpm
|
194
214
|
fi
|
195
215
|
|
196
216
|
/opt/chef/bin/chef-apply $MU_LIBDIR/cookbooks/mu-master/recipes/init.rb
|
@@ -30,6 +30,10 @@ if [ -z $MU_CHEF_CACHE ];then
|
|
30
30
|
fi
|
31
31
|
manifest="$MU_CHEF_CACHE/mu_manifest"
|
32
32
|
berksdir="$HOMEDIR/.berkshelf"
|
33
|
+
knife_cfg=""
|
34
|
+
if [ -f "$HOMEDIR/.chef/knife.rb" ];then
|
35
|
+
knife_cfg="-c $HOMEDIR/.chef/knife.rb"
|
36
|
+
fi
|
33
37
|
|
34
38
|
rm -rf "${berksdir}/" # Just... don't trust it to check cache correctly
|
35
39
|
|
@@ -190,7 +194,7 @@ add_berkshelf_cookbooks()
|
|
190
194
|
cd $repodir
|
191
195
|
set +e
|
192
196
|
for name in $berkshelf_cookbooks;do
|
193
|
-
$knife cookbook delete $name --yes -a
|
197
|
+
$knife cookbook $knife_cfg delete $name --yes -a
|
194
198
|
done
|
195
199
|
set -e
|
196
200
|
fi
|
@@ -361,24 +365,24 @@ fi
|
|
361
365
|
if [ "$nopurge" == "" -a "$all" == "1" ];then
|
362
366
|
if [ "$use_on_disk" == "1" -o "$all" == "1" ];then
|
363
367
|
if [ "$cookbooks_only" == "1" ];then
|
364
|
-
$knife cookbook bulk delete --purge '.+' --yes 2>/dev/null
|
368
|
+
$knife cookbook $knife_cfg bulk delete --purge '.+' --yes 2>/dev/null
|
365
369
|
/bin/rm -rf $MU_CHEF_CACHE/cookbooks $MU_CHEF_CACHE/site_cookbooks
|
366
370
|
elif [ "$bags_only" == "1" ];then
|
367
371
|
# Nowadays we have data bags that are persistent and node-related. Leave
|
368
372
|
# them be, and only delete our automatic ones.
|
369
373
|
for bag in nagios_users nagios_servers demo;do
|
370
|
-
$knife data bag delete $bag --yes 2>/dev/null
|
374
|
+
$knife data bag $knife_cfg delete $bag --yes 2>/dev/null
|
371
375
|
done
|
372
376
|
else
|
373
|
-
$knife cookbook bulk delete --purge '.+' --yes 2>/dev/null
|
377
|
+
$knife cookbook $knife_cfg bulk delete --purge '.+' --yes 2>/dev/null
|
374
378
|
/bin/rm -rf $MU_CHEF_CACHE/cookbooks $MU_CHEF_CACHE/site_cookbooks
|
375
379
|
/bin/rm -rf $MU_CHEF_CACHE/roles $MU_CHEF_CACHE/environments $MU_CHEF_CACHE/data_bags
|
376
|
-
$knife role bulk delete '.*' --yes 2>/dev/null
|
377
|
-
for env in `$knife environment list | grep -v '_default$'`;do
|
378
|
-
$knife environment delete $env --yes 2>/dev/null
|
380
|
+
$knife role $knife_cfg bulk delete '.*' --yes 2>/dev/null
|
381
|
+
for env in `$knife environment $knife_cfg list | grep -v '_default$'`;do
|
382
|
+
$knife environment $knife_cfg delete $env --yes 2>/dev/null
|
379
383
|
done
|
380
384
|
for bag in nagios_users nagios_servers demo;do
|
381
|
-
$knife data bag delete $bag --yes 2>/dev/null
|
385
|
+
$knife data bag $knife_cfg delete $bag --yes 2>/dev/null
|
382
386
|
done
|
383
387
|
fi
|
384
388
|
fi
|
@@ -411,16 +415,16 @@ for repo in $REPOS;do
|
|
411
415
|
set +e
|
412
416
|
if [ "$type" == "cookbooks" -o "$type" == "site_cookbooks" ];then
|
413
417
|
/bin/rm -rf $MU_CHEF_CACHE/$type/$name
|
414
|
-
$knife cookbook delete $name --yes --all
|
418
|
+
$knife cookbook $knife_cfg delete $name --yes --all
|
415
419
|
elif [ "$type" == "roles" -a "$cookbooks_only" == "" ];then
|
416
420
|
/bin/rm -rf $MU_CHEF_CACHE/$type/$name.json
|
417
|
-
$knife role delete $name --yes
|
421
|
+
$knife role $knife_cfg delete $name --yes
|
418
422
|
elif [ "$type" == "environments" -a "$cookbooks_only" == "" ];then
|
419
423
|
/bin/rm -rf $MU_CHEF_CACHE/$type/$name.json
|
420
|
-
$knife environment delete $name --yes
|
424
|
+
$knife environment $knife_cfg delete $name --yes
|
421
425
|
elif [ "$type" == "data_bags" -a "$cookbooks_only" == "" ];then
|
422
426
|
/bin/rm -rf $MU_CHEF_CACHE/$type/$name
|
423
|
-
$knife data bag delete $name --yes
|
427
|
+
$knife data bag $knife_cfg delete $name --yes
|
424
428
|
fi
|
425
429
|
set -e
|
426
430
|
done
|
@@ -621,9 +625,9 @@ if [ -d "$MU_DATADIR/users" -a "$USER" == "root" ];then
|
|
621
625
|
if [ -f "$bagdir/$admin.json" ];then
|
622
626
|
if [ "$bagcreated" == "0" ];then
|
623
627
|
bagcreated=1
|
624
|
-
$knife data bag create nagios_users
|
628
|
+
$knife data bag $knife_cfg create nagios_users
|
625
629
|
fi
|
626
|
-
$knife data bag from file nagios_users $bagdir/$admin.json
|
630
|
+
$knife data bag $knife_cfg from file nagios_users $bagdir/$admin.json
|
627
631
|
fi
|
628
632
|
if [ ! -f "$bagdir/$admin.json" ];then
|
629
633
|
id="`echo $admin | sed -e 's/@/_/'`"
|
@@ -657,21 +661,21 @@ if [ "$all" != "1" ];then
|
|
657
661
|
if [ "$match" == "" -o "$match" == "$itemname" ];then
|
658
662
|
if [ "$bagcreated" == "0" ];then
|
659
663
|
bagcreated=1
|
660
|
-
$knife data bag create $bag
|
664
|
+
$knife data bag $knife_cfg create $bag
|
661
665
|
fi
|
662
|
-
$knife data bag from file $bag $file
|
666
|
+
$knife data bag $knife_cfg from file $bag $file
|
663
667
|
fi
|
664
668
|
done
|
665
669
|
done
|
666
670
|
else
|
667
671
|
for role in $upload_roles;do
|
668
672
|
if [ "$match" == "" -o "$match" == "$role" ];then
|
669
|
-
$knife role from file $MU_CHEF_CACHE/roles/$role.json
|
673
|
+
$knife role $knife_cfg from file $MU_CHEF_CACHE/roles/$role.json
|
670
674
|
fi
|
671
675
|
done
|
672
676
|
for env in $upload_environments;do
|
673
677
|
if [ "$match" == "" -o "$match" == "$env" ];then
|
674
|
-
$knife environment from file $MU_CHEF_CACHE/environments/$env.json
|
678
|
+
$knife environment $knife_cfg from file $MU_CHEF_CACHE/environments/$env.json
|
675
679
|
fi
|
676
680
|
done
|
677
681
|
set +e
|
@@ -682,9 +686,9 @@ if [ "$all" != "1" ];then
|
|
682
686
|
if [ "$match" == "" -o "$match" == "$itemname" ];then
|
683
687
|
if [ "$bagcreated" == "0" ];then
|
684
688
|
bagcreated=1
|
685
|
-
$knife data bag create $bag
|
689
|
+
$knife data bag $knife_cfg create $bag
|
686
690
|
fi
|
687
|
-
$knife data bag from file $bag $file
|
691
|
+
$knife data bag $knife_cfg from file $bag $file
|
688
692
|
fi
|
689
693
|
done
|
690
694
|
done
|
@@ -713,9 +717,9 @@ else
|
|
713
717
|
if [ "$match" == "" -o "$match" == "$itemname" ];then
|
714
718
|
if [ "$bagcreated" == "0" ];then
|
715
719
|
bagcreated=1
|
716
|
-
$knife data bag create $folder
|
720
|
+
$knife data bag $knife_cfg create $folder
|
717
721
|
fi
|
718
|
-
$knife data bag from file $folder $file
|
722
|
+
$knife data bag $knife_cfg from file $folder $file
|
719
723
|
fi
|
720
724
|
done
|
721
725
|
done
|
@@ -729,7 +733,7 @@ else
|
|
729
733
|
for file in $_files;do
|
730
734
|
role="`echo $file | sed -r 's/.*\/([^\\]+).json$/\1/'`"
|
731
735
|
if [ "$match" == "" -o "$match" == "$role" ];then
|
732
|
-
$knife role from file $file
|
736
|
+
$knife role $knife_cfg from file $file
|
733
737
|
fi
|
734
738
|
done
|
735
739
|
|
@@ -737,7 +741,7 @@ else
|
|
737
741
|
for file in $_files;do
|
738
742
|
env="`echo $file | sed -r 's/.*\/([^\\]+).json$/\1/'`"
|
739
743
|
if [ "$match" == "" -o "$match" == "$env" ];then
|
740
|
-
$knife environment from file $file
|
744
|
+
$knife environment $knife_cfg from file $file
|
741
745
|
fi
|
742
746
|
done
|
743
747
|
|
@@ -751,9 +755,9 @@ else
|
|
751
755
|
if [ "$match" == "" -o "$match" == "$itemname" ];then
|
752
756
|
if [ "$bagcreated" == "0" ];then
|
753
757
|
bagcreated=1
|
754
|
-
$knife data bag create $folder
|
758
|
+
$knife data bag $knife_cfg create $folder
|
755
759
|
fi
|
756
|
-
$knife data bag from file $folder $file
|
760
|
+
$knife data bag $knife_cfg from file $folder $file
|
757
761
|
fi
|
758
762
|
done
|
759
763
|
set -e
|
data/cloud-mu.gemspec
CHANGED
@@ -17,8 +17,8 @@ end
|
|
17
17
|
|
18
18
|
Gem::Specification.new do |s|
|
19
19
|
s.name = 'cloud-mu'
|
20
|
-
s.version = '3.
|
21
|
-
s.date = '
|
20
|
+
s.version = '3.5.0'
|
21
|
+
s.date = '2021-01-18'
|
22
22
|
s.require_paths = ['modules']
|
23
23
|
s.required_ruby_version = '>= 2.4'
|
24
24
|
s.summary = "The eGTLabs Mu toolkit for unified cloud deployments"
|
@@ -31,19 +31,21 @@ EOF
|
|
31
31
|
s.authors = ["John Stange", "Robert Patt-Corner", "Ryan Bolyard", "Zach Rowe"]
|
32
32
|
s.email = 'eGTLabs@eglobaltech.com'
|
33
33
|
s.files = build_file_list(whereami)
|
34
|
-
|
34
|
+
if Dir.exists?(whereami+"/bin")
|
35
|
+
s.executables = Dir.entries(whereami+"/bin").reject { |f| File.directory?(f) }
|
36
|
+
end
|
35
37
|
s.homepage =
|
36
38
|
'https://github.com/cloudamatic/mu'
|
37
39
|
s.license = 'BSD-3-Clause-Attribution'
|
38
40
|
s.add_runtime_dependency 'addressable', '~> 2.5'
|
39
41
|
s.add_runtime_dependency "aws-sdk", "~> 3.0"
|
40
|
-
s.add_runtime_dependency 'azure_sdk',
|
41
|
-
s.add_runtime_dependency 'bundler', "~> 1.
|
42
|
+
s.add_runtime_dependency 'azure_sdk', '~> 0.65'
|
43
|
+
s.add_runtime_dependency 'bundler', "~> 2.1.4"
|
42
44
|
s.add_runtime_dependency 'chronic_duration', "~> 0.10"
|
43
45
|
s.add_runtime_dependency 'color', "~> 1.8"
|
44
46
|
s.add_runtime_dependency 'colorize', "~> 0.8"
|
45
47
|
s.add_runtime_dependency 'erubis', "~> 2.7"
|
46
|
-
s.add_runtime_dependency 'google-api-client', "~> 0.
|
48
|
+
s.add_runtime_dependency 'google-api-client', "~> 0.50.0"
|
47
49
|
s.add_runtime_dependency 'googleauth', "~> 0.6"
|
48
50
|
s.add_runtime_dependency 'inifile', "~> 3.0"
|
49
51
|
s.add_runtime_dependency 'json-schema', "~> 2.8"
|
@@ -22,6 +22,9 @@ default['apache']['contact'] = $MU_CFG['mu_admin_email']
|
|
22
22
|
default['apache']['traceenable'] = 'Off'
|
23
23
|
|
24
24
|
default["apache"]["listen"] = ["*:80", "*:443", "*:8443"]
|
25
|
+
default['apache']['user'] = "apache"
|
26
|
+
default['apache']['group'] = "apache"
|
27
|
+
|
25
28
|
|
26
29
|
override["nagios"]["http_port"] = 8443
|
27
30
|
default['nagios']['enable_ssl'] = true
|
@@ -47,6 +50,7 @@ default["nagios"]["log_dir"] = "/var/log/httpd"
|
|
47
50
|
default['nagios']['cgi-bin'] = "/usr/lib/cgi-bin/"
|
48
51
|
default['nagios']['cgi-path'] = "/nagios/cgi-bin/"
|
49
52
|
default['nagios']['server_role'] = "mu-master"
|
53
|
+
default['nagios']['group'] = "nagios"
|
50
54
|
default['nagios']['server']['install_method'] = 'source'
|
51
55
|
default['nagios']['multi_environment_monitoring'] = true
|
52
56
|
default['nagios']['users_databag'] = "nagios_users"
|
@@ -94,7 +98,7 @@ case node['platform']
|
|
94
98
|
ssh_user = "ec2-user"
|
95
99
|
end
|
96
100
|
|
97
|
-
default['application_attributes']['sshd_allow_groups'] = "#{ssh_user} mu-users"
|
101
|
+
default['application_attributes']['sshd_allow_groups'] = "#{ssh_user} mu-users adm google-sudoers"
|
98
102
|
default['application_attributes']['sshd_allow_password_auth'] = true
|
99
103
|
default['update_nagios_only'] = false
|
100
104
|
default['apache']['listen'] = [80, 443, 8443]
|