cloud-mu 3.4.0 → 3.5.0

data/modules/mu/cloud/machine_images.rb

@@ -94,7 +94,7 @@ module MU
           else
             begin
               Timeout.timeout(2) do
-                response = open("#{base_url}/#{cloud}.yaml").read
+                response = URI.open("#{base_url}/#{cloud}.yaml").read
                 images ||= {}
                 images.deep_merge!(YAML.load(response))
                 break

data/modules/mu/cloud/providers.rb

@@ -64,7 +64,12 @@ module MU
     # code for each of its supported resource type classes.
     failed = []
     MU::Cloud.supportedClouds.each { |cloud|
-      require "mu/providers/#{cloud.downcase}"
+      begin
+        require "mu/providers/#{cloud.downcase}"
+      rescue LoadError, Gem::MissingSpecError => e
+        MU.log "Error loading #{cloud} library, calls into this provider will fail", MU::ERR, details: e.message
+        next
+      end
       cloudclass = Object.const_get("MU").const_get("Cloud").const_get(cloud)
       @@generic_class_methods_toplevel.each { |method|
         if !cloudclass.respond_to?(method)

data/modules/mu/cloud/resource_base.rb

@@ -912,7 +912,7 @@ module MU
             }
 
             @deploydata = @cloudobj.deploydata
-            @config = @cloudobj.config
+            @config = MU::Config.manxify(@cloudobj.config)
             retval
           end
         } # end instance method list

data/modules/mu/cloud/ssh_sessions.rb

@@ -187,6 +187,10 @@ module MU
             retry
 #            rescue SystemCallError, Timeout::Error, Errno::ECONNRESET, Errno::EHOSTUNREACH, Net::SSH::Proxy::ConnectError, SocketError, Net::SSH::Disconnect, Net::SSH::AuthenticationFailed, IOError, Net::SSH::ConnectionTimeout, Net::SSH::Proxy::ConnectError, MU::Cloud::NetSSHFail => e
           rescue SystemExit, Timeout::Error, Net::SSH::AuthenticationFailed, Net::SSH::Disconnect, Net::SSH::ConnectionTimeout, Net::SSH::Proxy::ConnectError, Net::SSH::Exception, Errno::ECONNRESET, Errno::EHOSTUNREACH, Errno::ECONNREFUSED, Errno::EPIPE, SocketError, IOError => e
+            if !active?
+              raise MuError, "Server #{@mu_name} disappeared while I was attempting to log into it"
+            end
+
             begin
               session.close if !session.nil?
             rescue Net::SSH::Disconnect, IOError => e

data/modules/mu/config.rb

@@ -437,27 +437,27 @@ module MU
     # @param type [String]
     # @param phase [String]
     # @param no_create_wait [Boolean]
-    def self.addDependency(resource, name, type, phase: "create", no_create_wait: false)
-      if ![nil, "create", "groom"].include?(phase)
-        raise MuError, "Invalid phase '#{phase}' while adding dependency #{type} #{name} to #{resource['name']}"
+    def self.addDependency(resource, name, type, their_phase: "create", my_phase: nil)
+      if ![nil, "create", "groom"].include?(their_phase)
+        raise MuError, "Invalid their_phase '#{their_phase}' while adding dependency #{type} #{name} to #{resource['name']}"
       end
       resource['dependencies'] ||= []
       _shortclass, cfg_name, _cfg_plural, _classname = MU::Cloud.getResourceNames(type)
 
       resource['dependencies'].each { |dep|
         if dep['type'] == cfg_name and dep['name'].to_s == name.to_s
-          dep["no_create_wait"] = no_create_wait
-          dep["phase"] = phase if phase
+          dep["their_phase"] = their_phase if their_phase
+          dep["my_phase"] = my_phase if my_phase
           return
         end
       }
 
       newdep = {
         "type" => cfg_name,
-        "name"  => name.to_s,
-        "no_create_wait" => no_create_wait
+        "name"  => name.to_s
       }
-      newdep["phase"] = phase if phase
+      newdep["their_phase"] = their_phase if their_phase
+      newdep["my_phase"] = my_phase if my_phase
 
       resource['dependencies'] << newdep
 
@@ -746,7 +746,7 @@ module MU
           next if !acl_include["name"] and !acl_include["rule_name"]
           acl_include["name"] ||= acl_include["rule_name"]
           if haveLitterMate?(acl_include["name"], "firewall_rules")
-            MU::Config.addDependency(descriptor, acl_include["name"], "firewall_rule", no_create_wait: (cfg_name == "vpc"))
+            MU::Config.addDependency(descriptor, acl_include["name"], "firewall_rule", my_phase: ((cfg_name == "vpc") ? "groom" : "create"))
           elsif acl_include["name"]
             MU.log shortclass.to_s+" #{descriptor['name']} depends on FirewallRule #{acl_include["name"]}, but no such rule declared.", MU::ERR
             ok = false
@@ -892,6 +892,10 @@ module MU
           deleteme = []
 
           resource["dependencies"].each { |dependency|
+            dependency["their_phase"] ||= dependency["phase"]
+            dependency.delete("phase")
+            dependency["my_phase"] ||= dependency["no_create_wait"] ? "groom" : "create"
+            dependency.delete("no_create_wait")
             # make sure the thing we depend on really exists
             sibling = haveLitterMate?(dependency['name'], dependency['type'])
             if !sibling
@@ -929,10 +933,22 @@ module MU
               end
             end
 
+            if dependency['their_phase'] == "groom"
+              sibling['dependencies'].each { |sib_dep|
+                next if sib_dep['type'] != cfg_name or sib_dep['their_phase'] != "groom"
+                cousin = haveLitterMate?(sib_dep['name'], sib_dep['type'])
+                if cousin and cousin['name'] == resource['name']
+                  MU.log "Circular dependency between #{type} #{resource['name']} <=> #{dependency['type']} #{dependency['name']}", MU::ERR, details: [ resource['name'] => dependency, sibling['name'] => sib_dep ]
+                  ok = false
+                end
+              }
+            end
+
             # Check for a circular relationship that will lead to a deadlock
             # when creating resource. This only goes one layer deep, and does
             # not consider groom-phase deadlocks.
-            if dependency['phase'] == "groom" or dependency['no_create_wait'] or (
+            if dependency['their_phase'] == "groom" or
+               dependency['my_phase'] == "groom" or (
                  !MU::Cloud.resourceClass(sibling['cloud'], type).deps_wait_on_my_creation and
                  !MU::Cloud.resourceClass(resource['cloud'], type).waits_on_parent_completion
                )
@@ -941,7 +957,7 @@ module MU
 
             if sibling['dependencies']
               sibling['dependencies'].each { |sib_dep|
-                next if sib_dep['type'] != cfg_name or sib_dep['no_create_wait']
+                next if sib_dep['type'] != cfg_name or sib_dep['my_phase'] == "groom"
                 cousin = haveLitterMate?(sib_dep['name'], sib_dep['type'])
                 if cousin and cousin['name'] == resource['name']
                   MU.log "Circular dependency between #{type} #{resource['name']} <=> #{dependency['type']} #{dependency['name']}", MU::ERR, details: [ resource['name'] => dependency, sibling['name'] => sib_dep ]
@@ -1238,7 +1254,7 @@ module MU
                     "port" => db["port"],
                     "sgs" => [cfg_name+server['name']]
                   }
-                  MU::Config.addDependency(ruleset, cfg_name+server['name'], "firewall_rule", no_create_wait: true)
+                  MU::Config.addDependency(ruleset, cfg_name+server['name'], "firewall_rule", my_phase: "groom")
                 end
               }
             }

data/modules/mu/config/database.rb

@@ -341,7 +341,7 @@ module MU
               "region" => db['region'],
               "credentials" => db['credentials'],
             }
-            MU::Config.addDependency(replica, db["name"], "database", phase: "groom")
+            MU::Config.addDependency(replica, db["name"], "database", their_phase: "groom")
             read_replicas << replica
           end
         end
@@ -367,7 +367,7 @@ module MU
               "type" => "databases"
             }
             # AWS will figure out for us which database instance is the writer/master so we can create all of them concurrently.
-            MU::Config.addDependency(node, db["name"], "database", phase: "groom")
+            MU::Config.addDependency(node, db["name"], "database", their_phase: "groom")
             cluster_nodes << node
 
            # Alarms are set on each DB cluster node, not on the cluster itself,

data/modules/mu/config/firewall_rule.rb

@@ -119,7 +119,7 @@ module MU
         if acl_include['sgs']
           acl_include['sgs'].each { |sg_ref|
             if haveLitterMate?(sg_ref, "firewall_rules")
-              MU::Config.addDependency(acl, sg_ref, "firewall_rule", no_create_wait: true)
+              MU::Config.addDependency(acl, sg_ref, "firewall_rule", my_phase: "groom")
               siblingfw = haveLitterMate?(sg_ref, "firewall_rules")
               if !siblingfw["#MU_VALIDATED"]
 # XXX raise failure somehow

data/modules/mu/config/ref.rb

@@ -365,7 +365,7 @@ end
               region: @region,
               habitats: hab_arg,
               credentials: @credentials,
-              dummy_ok: (["habitats", "folders", "users", "groups", "vpcs"].include?(@type))
+              dummy_ok: (["habitats", "folders", "users", "groups", "vpcs"].include?(@type) or @id)
             }
 
             found = MU::MommaCat.findStray(
@@ -377,7 +377,7 @@ end
               region: @region,
               habitats: hab_arg,
               credentials: @credentials,
-              dummy_ok: (["habitats", "folders", "users", "groups", "vpcs"].include?(@type))
+              dummy_ok: (["habitats", "folders", "users", "groups", "vpcs"].include?(@type) or @id)
             )
             MU.log "Ref#kitten results from findStray", loglevel, details: found
             @obj ||= found.first if found

data/modules/mu/config/schema_helpers.rb

@@ -185,15 +185,24 @@ module MU
               "type" => "string",
               "enum" => MU::Cloud.resource_types.values.map { |v| v[:cfg_name] }
             },
-            "phase" => {
+            "my_phase" => {
+              "type" => "string",
+              "description" => "Which part of our creation process should be waiting?",
+              "enum" => ["create", "groom"]
+            },
+            "their_phase" => {
               "type" => "string",
               "description" => "Which part of the creation process of the resource we depend on should we wait for before starting our own creation? Defaults are usually sensible, but sometimes you want, say, a Server to wait on another Server to be completely ready (through its groom phase) before starting up.",
               "enum" => ["create", "groom"]
             },
+            "phase" => {
+              "type" => "string",
+              "description" => "Alias for {their_phase}",
+              "enum" => ["create", "groom"]
+            },
             "no_create_wait" => {
               "type" => "boolean",
-              "default" => false,
-              "description" => "By default, it's assumed that we want to wait on our parents' creation phase, in addition to whatever is declared in this stanza. Setting this flag will bypass waiting on our parent resource's creation, so that our create or groom phase can instead depend only on the parent's groom phase. "
+              "description" => "DEPRECATED- setting +true+ is the same as setting {my_phase} to +groom+; setting to +false+ is the same as setting {my_phase} to +create+. If both +no_create_wait+ and {my_phase} are specified, {my_phase} takes precedence."
             }
           }
         }

data/modules/mu/config/server.rb

@@ -386,8 +386,7 @@ module MU
           },
           "associate_public_ip" => {
               "type" => "boolean",
-              "default" => false,
-              "description" => "Associate public IP address?"
+              "description" => "Whether to associate a public IP address with this server. Default behavior is to align with resident VPC/subnet, which to say +true+ if the subnet is publicly routable, +false+ if not. For non-VPC instances (AWS Classic), we default to +true+."
           },
           "userdata_script" => userdata_primitive,
           "windows_admin_username" => {
@@ -649,15 +648,22 @@ module MU
             server["vpc"]["subnet_pref"] = "public"
           end
 
+          if server["associate_public_ip"].nil?
+            server["associate_public_ip"] = server["vpc"]["subnet_pref"] == "public" ? true : false
+
+          end
+
           if !server["vpc"]["subnet_name"].nil? and configurator.nat_routes.has_key?(server["vpc"]["subnet_name"]) and !configurator.nat_routes[server["vpc"]["subnet_name"]].empty?
-            MU::Config.addDependency(server, configurator.nat_routes[server["vpc"]["subnet_name"]], "server", phase: "groom", no_create_wait: true)
+            MU::Config.addDependency(server, configurator.nat_routes[server["vpc"]["subnet_name"]], "server", their_phase: "groom", my_phase: "groom")
           elsif !server["vpc"]["name"].nil?
             siblingvpc = configurator.haveLitterMate?(server["vpc"]["name"], "vpcs")
             if siblingvpc and siblingvpc['bastion'] and
                server['name'] != siblingvpc['bastion']['name']
-              MU::Config.addDependency(server, siblingvpc['bastion']['name'], "server", phase: "groom", no_create_wait: true)
+              MU::Config.addDependency(server, siblingvpc['bastion']['name'], "server", their_phase: "groom", my_phase: "groom")
             end
           end
+        else
+          server["associate_public_ip"] ||= false
         end
 
         ok

data/modules/mu/config/server_pool.rb

@@ -186,7 +186,7 @@ module MU
 
         if !pool["vpc"].nil?
           if !pool["vpc"]["subnet_name"].nil? and configurator.nat_routes.has_key?(pool["vpc"]["subnet_name"])
-            MU::Config.addDependency(pool, configurator.nat_routes[pool["vpc"]["subnet_name"]], "server", phase: "groom", no_create_wait: true)
+            MU::Config.addDependency(pool, configurator.nat_routes[pool["vpc"]["subnet_name"]], "server", their_phase: "groom", my_phase: "groom")
           end
         end
 # TODO make sure this is handled... somewhere
@@ -199,7 +199,7 @@ module MU
 #          }
 #        end
         if pool["basis"] and pool["basis"]["server"]
-          MU::Config.addDependency(pool, pool["basis"]["server"], "server", phase: "groom")
+          MU::Config.addDependency(pool, pool["basis"]["server"], "server", their_phase: "groom")
         end
         if !pool['static_ip'].nil? and !pool['ip'].nil?
           ok = false

data/modules/mu/config/vpc.rb

@@ -540,7 +540,7 @@ module MU
             end
           end
 
-          # Feeling that, generate a generic bastion/NAT host to do the job.
+          # Failing that, generate a generic bastion/NAT host to do the job.
           # Clouds that don't have some kind of native NAT gateway can also
           # leverage this host to honor "gateway" => "#NAT" situations.
           if !can_peer and !already_peered and have_public and vpc["create_bastion"]
@@ -563,13 +563,13 @@ module MU
               "name" => vpc["name"],
               "subnet_pref" => "public"
             }
-            MU::Config.addDependency(vpc, bastion['name'], "server", no_create_wait: true)
-            vpc["bastion"] = MU::Config::Ref.get(
-              name: bastion['name'],
-              cloud: vpc['cloud'],
-              credentials: vpc['credentials'],
-              type: "servers"
-            )
+#            MU::Config.addDependency(vpc, bastion['name'], "server", my_phase: "groom")
+#            vpc["bastion"] = MU::Config::Ref.get(
+#              name: bastion['name'],
+#              cloud: vpc['cloud'],
+#              credentials: vpc['credentials'],
+#              type: "servers"
+#            )
 
             ok = false if !configurator.insertKitten(bastion, "servers", true)
           end
@@ -615,11 +615,11 @@ module MU
                     append_me = { "vpc" => peer["vpc"].dup }
                     append_me['vpc']['name'] = sib['name']
                     append << append_me
-                    MU::Config.addDependency(vpc, sib['name'], "vpc", phase: "groom", no_create_wait: true)
+                    MU::Config.addDependency(vpc, sib['name'], "vpc", their_phase: "create", my_phase: "groom")
                   end
                   delete << peer
                 else
-                  MU::Config.addDependency(vpc, peer['vpc']['name'], "vpc", phase: "groom", no_create_wait: true)
+                  MU::Config.addDependency(vpc, peer['vpc']['name'], "vpc", their_phase: "create", my_phase: "groom")
                 end
                 delete << peer if sib['name'] == vpc['name']
               }

data/modules/mu/defaults/AWS.yaml

@@ -17,39 +17,39 @@ rhel71: &5
   us-west-1: ami-00457c55541605cb4
   us-west-2: ami-02211d4e254a9e10f
 centos6: &4
-  us-east-1: ami-0ccdc671f12147a1d
-  us-east-2: ami-00d0e8bc2f05ab949
-  ap-northeast-1: ami-0726801ceef87f5f8
-  ap-northeast-2: ami-05fa4afc4a0493b0a
-  ap-south-1: ami-0d6e4f3b6592b3139
-  ap-southeast-1: ami-0c988e3dc80b14653
-  ap-southeast-2: ami-02ac856fd094675ef
-  ca-central-1: ami-0ce7e343953af2292
-  eu-central-1: ami-0ce8317423cea27b8
-  eu-north-1: ami-0a923b493d5fc9743
-  eu-west-1: ami-06e0f02328921c865
-  eu-west-2: ami-07ae118c8814df140
-  eu-west-3: ami-03c1017cd1ccc6e9d
-  sa-east-1: ami-05212ae133b9c3ba1
-  us-west-1: ami-0b05ec54412b9f8b0
-  us-west-2: ami-0447e036b102b2ca0
+  us-east-1: ami-0ac9258984ed4bb4a
+  us-east-2: ami-09888b2b4484f774a
+  us-west-1: ami-04e7e499cdb873bfa
+  us-west-2: ami-0fcd16e6cf3c4b100
+  ap-northeast-1: ami-098052d1926fd4297
+  ap-northeast-2: ami-0319e58869a7b5bf2
+  ap-south-1: ami-0d19f7ad27c77cbf6
+  ap-southeast-1: ami-04b6b2013a296075c
+  ap-southeast-2: ami-07f02efb410df7e1d
+  ca-central-1: ami-0e7cc87df5666a78c
+  eu-central-1: ami-0cc33b333c7b7acd6
+  eu-north-1: ami-0bc09b1d6b4f351ea
+  eu-west-1: ami-08a7f444dba463099
+  eu-west-2: ami-0e84e5ba9694be11b
+  eu-west-3: ami-08e28291804571999
+  sa-east-1: ami-0b447e11308862517
 centos7:
-  us-east-1: ami-0be9d646b29a9f51d
-  ap-northeast-1: ami-0ea500fc488406ad8
-  ap-northeast-2: ami-062d5536e5ebf04e9
-  ap-south-1: ami-0c2bf51384a5dcd92
-  ap-southeast-1: ami-0a8022e9bb353022f
-  ap-southeast-2: ami-03d47c88f2e01203b
-  ca-central-1: ami-0f0dc8a3e18a28544
-  eu-central-1: ami-0ea618bc5a1f372a2
-  eu-north-1: ami-02b062056e7dd4741
-  eu-west-1: ami-03851110db1a143e7
-  eu-west-2: ami-03800a8fe524171d2
-  eu-west-3: ami-074acd461ca002f0a
-  sa-east-1: ami-00c88550221a205f9
-  us-east-2: ami-098da5da2eef484e5
-  us-west-1: ami-0eea632474ef51860
-  us-west-2: ami-075aad0e6e9fc5654
+  us-east-1: ami-08d24209f345a21ab
+  ap-northeast-1: ami-001cfcb3548768288
+  ap-northeast-2: ami-0a2f6ec79ed710bf7
+  ap-south-1: ami-05e0c30fc8b2a21a2
+  ap-southeast-1: ami-0b28f5573dd4aa62a
+  ap-southeast-2: ami-026419375863852b7
+  ca-central-1: ami-01e799689fa5c1f31
+  eu-central-1: ami-0ded33da6c28082d8
+  eu-north-1: ami-02c7692e69b06afc5
+  eu-west-1: ami-086619450a959a101
+  eu-west-2: ami-05db24096d56207f6
+  eu-west-3: ami-03ea610526da7c2f3
+  sa-east-1: ami-0029cb6ee83a799ca
+  us-east-2: ami-065847253b2d4acab
+  us-west-1: ami-0ea3494c08412920e
+  us-west-2: ami-055ce4c70b0ceabcb
 ubuntu16: &3
   us-east-1: ami-bcdc16c6
   us-west-1: ami-1b17257b

data/modules/mu/deploy.rb

@@ -269,6 +269,7 @@ module MU
           cloudclass = MU::Cloud.cloudClass(cloud)
           cloudclass.initDeploy(@mommacat)
         }
+        @mommacat.writeDeploySecret
 
         # Kick off threads to create each of our new servers.
         @my_threads << Thread.new {
@@ -535,8 +536,9 @@ MESSAGE_END
     #########################################################################
     def addDependentThread(parent, child)
       @dependency_semaphore.synchronize {
-        @dependency_threads[child] = Array.new if !@dependency_threads[child]
+        @dependency_threads[child] ||= []
         @dependency_threads[child] << parent
+        @dependency_threads[child].uniq!
         MU.log "Thread #{child} will wait on #{parent}", MU::DEBUG, details: @dependency_threads[child]
       }
     end
@@ -567,6 +569,7 @@ MESSAGE_END
 
         MU.log "Setting dependencies for #{name}", MU::DEBUG, details: resource["dependencies"]
         if !resource["dependencies"].nil? then
+
           resource["dependencies"].each { |dependency|
             parent_class = MU::Cloud.loadBaseType(dependency['type'])
 
@@ -576,31 +579,41 @@ MESSAGE_END
             parent = parent_type+"_"+dependency["name"]+"_create"
             addDependentThread(parent, "#{name}_groom")
 
+            # if we've explicitly declared each end of the dependency, roll
+            # with that and don't meddle further
+            if dependency["my_phase"] and dependency["their_phase"]
+              parent = parent_type+"_"+dependency["name"]+"_"+dependency["their_phase"]
+              addDependentThread(parent, name+"_"+dependency["my_phase"])
+              next
+            end
+
             # should our creation thread also wait on our parent's create?
-            if !dependency["no_create_wait"] and
+            if dependency["my_phase"] == "create" and
                (resource["#MU_CLOUDCLASS"].waits_on_parent_completion or
-               dependency['phase'] == "create" or
-               parent_class.deps_wait_on_my_creation)
+                parent_class.deps_wait_on_my_creation
+               )
               addDependentThread(parent, "#{name}_create")
             end
 
 
             # how about our groom thread waiting on our parents' grooms?
-            if (dependency['phase'] == "groom" or resource["#MU_CLOUDCLASS"].waits_on_parent_completion) and parent_class.instance_methods(false).include?(:groom)
+            if (dependency['their_phase'] == "groom" or resource["#MU_CLOUDCLASS"].waits_on_parent_completion) and parent_class.instance_methods(false).include?(:groom)
               parent = parent_type+"_"+dependency["name"]+"_groom"
               addDependentThread(parent, "#{name}_groom")
-              if !dependency["no_create_wait"] and (
+              if dependency["my_phase"] == "groom" and 
+                 (dependency['their_phase'] == "create" or
+                  (!dependency['their_phase'] and
                    parent_class.deps_wait_on_my_creation or
-                   resource["#MU_CLOUDCLASS"].waits_on_parent_completion or
-                   dependency['phase'] == "groom"
+                   resource["#MU_CLOUDCLASS"].waits_on_parent_completion)
                  )
                 addDependentThread(parent, "#{name}_create")
               end
             end
           }
         end
-        MU.log "Thread dependencies #{res_type}[#{name}]", MU::DEBUG, details: { "create" => @dependency_threads["#{name}_create"], "groom" => @dependency_threads["#{name}_groom"] }
-        @dependency_threads["#{name}_groom"]=["#{name}_create", "mu_groom_container"]
+        @dependency_threads["#{name}_groom"].concat(["#{name}_create", "mu_groom_container"])
+        @dependency_threads["#{name}_groom"].uniq!
+        MU.log "Thread dependencies #{res_type}[#{name}]", MU::DEBUG, details: { "create" => @dependency_threads["#{name}_create"], "groom" => @dependency_threads["#{name}_groom"] } if res_type == "role" and resource['name'] == "dynamostream-to-es"
       }
     end