cloud-mu 3.5.0 → 3.6.3

data/cookbooks/mu-tools/files/amazon-2023/etc/login.defs

@@ -0,0 +1,294 @@
+# Please note that the parameters in this configuration file control the
+# tools uses the PAM mechanism, and the utilities that use PAM (such as the
+# passwd command) should therefore be configured elsewhere. Refer to
+# /etc/pam.d/system-auth for more information.
+#
+
+#
+# Delay in seconds before being allowed another attempt after a login failure
+# Note: When PAM is used, some modules may enforce a minimum delay (e.g.
+#       pam_unix(8) enforces a 2s delay)
+#
+#FAIL_DELAY             3
+
+# Currently FAILLOG_ENAB is not supported
+
+#
+# Enable display of unknown usernames when login(1) failures are recorded.
+#
+#LOG_UNKFAIL_ENAB       no
+
+# Currently LOG_OK_LOGINS is not supported
+
+# Currently LASTLOG_ENAB is not supported
+
+#
+# Limit the highest user ID number for which the lastlog entries should
+# be updated.
+#
+# No LASTLOG_UID_MAX means that there is no user ID limit for writing
+# lastlog entries.
+#
+#LASTLOG_UID_MAX
+
+# Currently MAIL_CHECK_ENAB is not supported
+
+# Currently OBSCURE_CHECKS_ENAB is not supported
+
+# Currently PORTTIME_CHECKS_ENAB is not supported
+
+# Currently QUOTAS_ENAB is not supported
+
+# Currently SYSLOG_SU_ENAB is not supported
+
+#
+# Enable "syslog" logging of newgrp(1) and sg(1) activity.
+#
+#SYSLOG_SG_ENAB         yes
+
+# Currently CONSOLE is not supported
+
+# Currently SULOG_FILE is not supported
+
+# Currently MOTD_FILE is not supported
+
+# Currently ISSUE_FILE is not supported
+
+# Currently TTYTYPE_FILE is not supported
+
+# Currently FTMP_FILE is not supported
+
+# Currently NOLOGINS_FILE is not supported
+
+# Currently SU_NAME is not supported
+
+# *REQUIRED*
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define both, MAIL_DIR takes precedence.
+#
+MAIL_DIR        /var/spool/mail
+#MAIL_FILE      .mail
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+#HUSHLOGIN_FILE .hushlogin
+#HUSHLOGIN_FILE /etc/hushlogins
+
+# Currently ENV_TZ is not supported
+
+# Currently ENV_HZ is not supported
+
+#
+# The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+#ENV_SUPATH     PATH=/sbin:/bin:/usr/sbin:/usr/bin
+#ENV_PATH       PATH=/bin:/usr/bin
+
+#
+# Terminal permissions
+#
+#       TTYGROUP        Login tty will be assigned this group ownership.
+#       TTYPERM         Login tty will be set to this permission.
+#
+# If you have a write(1) program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP as the number of such group
+# and TTYPERM as 0620.  Otherwise leave TTYGROUP commented out and
+# set TTYPERM to either 622 or 600.
+#
+#TTYGROUP       tty
+#TTYPERM                0600
+
+# Currently ERASECHAR, KILLCHAR and ULIMIT are not supported
+
+# Default initial "umask" value used by login(1) on non-PAM enabled systems.
+# Default "umask" value for pam_umask(8) on PAM enabled systems.
+# UMASK is also used by useradd(8) and newusers(8) to set the mode for new
+# home directories if HOME_MODE is not set.
+# 022 is the default value, but 027, or even 077, could be considered
+# for increased privacy. There is no One True Answer here: each sysadmin
+# must make up their mind.
+UMASK           077
+
+# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+# home directories.
+# If HOME_MODE is not set, the value of UMASK is used to create the mode.
+HOME_MODE       0700
+
+# Password aging controls:
+#
+#       PASS_MAX_DAYS   Maximum number of days a password may be used.
+#       PASS_MIN_DAYS   Minimum number of days allowed between password changes.
+#       PASS_MIN_LEN    Minimum acceptable password length.
+#       PASS_WARN_AGE   Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS   90
+PASS_MIN_DAYS   7
+PASS_MIN_LEN    12
+PASS_WARN_AGE   14
+
+# Currently PASS_MIN_LEN is not supported
+
+# Currently SU_WHEEL_ONLY is not supported
+
+# Currently CRACKLIB_DICTPATH is not supported
+
+#
+# Min/max values for automatic uid selection in useradd(8)
+#
+UID_MIN                  1000
+UID_MAX                 60000
+# System accounts
+SYS_UID_MIN               201
+SYS_UID_MAX               999
+# Extra per user uids
+SUB_UID_MIN                100000
+SUB_UID_MAX             600100000
+SUB_UID_COUNT               65536
+
+#
+# Min/max values for automatic gid selection in groupadd(8)
+#
+GID_MIN                  1000
+GID_MAX                 60000
+# System accounts
+SYS_GID_MIN               201
+SYS_GID_MAX               999
+# Extra per user group ids
+SUB_GID_MIN                100000
+SUB_GID_MAX             600100000
+SUB_GID_COUNT               65536
+
+#
+# Max number of login(1) retries if password is bad
+#
+#LOGIN_RETRIES          3
+
+#
+# Max time in seconds for login(1)
+#
+#LOGIN_TIMEOUT          60
+
+# Currently PASS_CHANGE_TRIES is not supported
+
+# Currently PASS_ALWAYS_WARN is not supported
+
+# Currently PASS_MAX_LEN is not supported
+
+# Currently CHFN_AUTH is not supported
+
+#
+# Which fields may be changed by regular users using chfn(1) - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+#
+#CHFN_RESTRICT          rwh
+
+# Currently LOGIN_STRING is not supported
+
+# Currently MD5_CRYPT_ENAB is not supported
+
+#
+# If set to MD5, MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
+# If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+#
+ENCRYPT_METHOD YESCRYPT
+
+#
+# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute-force the password.
+# However, more CPU resources will be needed to authenticate users if
+# this value is increased.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be within the 1000-999999999 range.
+#
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+# Currently SHA_CRYPT_MIN_ROUNDS is not supported
+
+#
+# Only works if ENCRYPT_METHOD is set to BCRYPT.
+#
+# Define the number of BCRYPT rounds.
+# With a lot of rounds, it is more difficult to brute-force the password.
+# However, more CPU resources will be needed to authenticate users if
+# this value is increased.
+#
+# If not specified, 13 rounds will be attempted.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+#BCRYPT_MIN_ROUNDS 13
+#BCRYPT_MAX_ROUNDS 31
+
+#
+# Only works if ENCRYPT_METHOD is set to YESCRYPT.
+#
+# Define the YESCRYPT cost factor.
+# With a higher cost factor, it is more difficult to brute-force the password.
+# However, more CPU time and more memory will be needed to authenticate users
+# if this value is increased.
+#
+# If not specified, a cost factor of 5 will be used.
+# The value must be within the 1-11 range.
+#
+#YESCRYPT_COST_FACTOR 5
+
+# Currently CONSOLE_GROUPS is not supported
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is yes.
+#
+#DEFAULT_HOME   yes
+
+# Currently ENVIRON_FILE is not supported
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD    /usr/sbin/userdel_local
+
+#
+# Enables userdel(8) to remove user groups if no members exist.
+#
+USERGROUPS_ENAB yes
+
+#
+# If set to a non-zero number, the shadow utilities will make sure that
+# groups never have more than this number of users on one line.
+# This permits to support split groups (groups split into multiple lines,
+# with the same group ID, to avoid limitation of the line length in the
+# group file).
+#
+# 0 is the default value and disables this feature.
+#
+#MAX_MEMBERS_PER_GROUP  0
+
+#
+# If useradd(8) should create home directories for users by default (non
+# system users only).
+# This option is overridden with the -M or -m flags on the useradd(8)
+# command-line.
+#
+CREATE_HOME     yes
+
+#
+# Force use shadow, even if shadow passwd & shadow group files are
+# missing.
+#
+#FORCE_SHADOW    yes

data/cookbooks/mu-tools/files/default/logrotate.conf

@@ -0,0 +1,35 @@
+# see "man logrotate" for details
+# rotate log files weekly
+daily
+
+# keep 4 weeks worth of backlogs
+rotate 4
+
+# create new (empty) log files after rotating old ones
+create
+
+# use date as a suffix of the rotated file
+dateext
+
+# uncomment this if you want your log files compressed
+compress
+
+# RPM packages drop log rotation information into this directory
+include /etc/logrotate.d
+
+# no packages own wtmp and btmp -- we'll rotate them here
+/var/log/wtmp {
+    monthly
+    create 0664 root utmp
+  minsize 1M
+    rotate 1
+}
+
+/var/log/btmp {
+    missingok
+    monthly
+    create 0600 root utmp
+    rotate 1
+}
+
+# system-specific logs may be also be configured here.

data/cookbooks/mu-tools/libraries/helper.rb

@@ -16,13 +16,13 @@ module Mutools
       base_url = "http://metadata.google.internal/computeMetadata/v1"
       begin
         Timeout.timeout(2) do
-          response = open(
+          response = URI.open(
             "#{base_url}/#{param}",
             "Metadata-Flavor" => "Google"
           ).read
           return response
         end
-      rescue Net::HTTPServerException, OpenURI::HTTPError, Timeout::Error, SocketError => e
+      rescue Net::HTTPServerException, OpenURI::HTTPError, Timeout::Error, SocketError, Errno::ENOENT, OpenSSL::SSL::SSLError => e
         # This is fairly normal, just handle it gracefully
       end
 
@@ -36,11 +36,17 @@ module Mutools
       base_url = "http://169.254.169.254/latest"
       begin
         Timeout.timeout(2) do
-          response = open("#{base_url}/#{param}").read
+          response = URI.open("#{base_url}/#{param}").read
           return response
         end
-      rescue Net::HTTPServerException, OpenURI::HTTPError, Timeout::Error, SocketError => e
+        require 'aws-sdk-ec2'
+        require 'aws-sdk-s3'
+      rescue Net::HTTPServerException, OpenURI::HTTPError, Timeout::Error, SocketError, Errno::ENOENT => e
+        puts e.inspect
         # This is fairly normal, just handle it gracefully
+        if e.code == 401
+          puts "*************** Got 401 Unauthorized trying to fetch #{base_url}/#{param}. This instance may be requiring IMDSv2 requests to fetch its own metadata. ***************"
+        end
       end
       nil
     end
@@ -136,7 +142,7 @@ module Mutools
     @region = nil
     def set_aws_cfg_params
       begin
-        require 'aws-sdk'
+        require 'aws-sdk-core'
         instance_identity = get_aws_metadata("dynamic/instance-identity/document")
         return false if instance_identity.nil? # Not in AWS, most likely
         @region = JSON.parse(instance_identity)["region"]
@@ -153,7 +159,8 @@ module Mutools
       rescue OpenURI::HTTPError, Timeout::Error, SocketError, JSON::ParserError
         Chef::Log.info("This node isn't in Amazon Web Services, skipping AWS config")
         return false
-      rescue LoadError
+      rescue LoadError => e
+      puts e.inspect
         Chef::Log.info("aws-sdk-gem hasn't been installed yet!")
         return false
       end
@@ -257,10 +264,14 @@ module Mutools
       filename = mu_get_tag_value("MU-ID")+"-secret"
 
       if cloud == "AWS"
+        include_recipe "mu-tools::aws_api"
+        require 'aws-sdk-s3'
         resp = nil
         begin
           Chef::Log.info("Fetch deploy secret from s3://#{bucket}/#{filename}")
-          resp = s3.get_object(bucket: bucket, key: filename)
+          set_aws_cfg_params
+        @s3 ||= Aws::S3::Client.new(region: @region)
+          resp = @s3.get_object(bucket: bucket, key: filename)
         rescue ::Aws::S3::Errors::PermanentRedirect => e
           tmps3 = Aws::S3::Client.new(region: "us-east-1")
           resp = tmps3.get_object(bucket: bucket, key: filename)
@@ -308,6 +319,7 @@ module Mutools
       req = Net::HTTP::Post.new(uri)
       res_type = (node['deployment'].has_key?('server_pools') and node['deployment']['server_pools'].has_key?(node['service_name'])) ? "server_pool" : "server"
       response = nil
+      retries = 0
       begin
         secret = get_deploy_secret
         if secret.nil? or secret.empty?
@@ -331,7 +343,7 @@ module Mutools
         http.verify_mode = OpenSSL::SSL::VERIFY_NONE # XXX this sucks
         response = http.request(req)
         if response.code != "200"
-          Chef::Log.error("Got #{response.code} back from #{uri} on #{action} => #{arg}")
+          Chef::Log.error("Got #{response.code} back from #{uri} on #{action} => #{arg}: #{response.body}")
         else
           if action == "add_volume" and arg and arg.is_a?(Hash) and arg[:dev]
             seen_requested = false
@@ -350,7 +362,7 @@ module Mutools
             end while retries < 5 and !seen_requested
           end
         end
-      rescue EOFError => e
+      rescue EOFError, OpenSSL::SSL::SSLError => e
         # Sometimes deployment metadata is incomplete and missing a
         # server_pool entry. Try to help it out.
         # XXX find some awsmetadata way to determine that we're in an Autoscale Group before trying this

data/cookbooks/mu-tools/metadata.rb

@@ -7,14 +7,14 @@ long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
 source_url 'https://github.com/cloudamatic/mu'
 issues_url 'https://github.com/cloudamatic/mu/issues'
 chef_version '>= 14.0' if respond_to?(:chef_version)
-version '1.1.0'
+version '1.1.1'
 
 %w( amazon centos redhat windows ).each do |os|
 	supports os
 end
 
 depends "oracle-instantclient", '~> 1.1.0'
-depends "mu-nagios"
+depends "nagios"
 depends "database", '~> 6.1.1'
 depends "postgresql", '~> 7.1.0'
 depends "mu-utility"
@@ -22,8 +22,8 @@ depends "java", '~> 2.2.0'
 depends "windows", '~> 5.1.1'
 depends "mu-splunk"
 depends "chef-vault", '~> 3.1.1'
-depends "poise-python", '~> 1.7.0'
-depends "yum-epel", '~> 3.2.0'
+#depends "poise-python", '~> 1.7.0'
+depends "yum-epel", '~> 5.0.8'
 depends "mu-firewall"
 depends "mu-activedirectory"
 depends "chocolatey"

data/cookbooks/mu-tools/recipes/apply_security.rb

@@ -66,7 +66,7 @@ if !node['application_attributes']['skip_recipes'].include?('apply_security')
         notifies :run, "execute[enable manual auditd restarts]", :before
       end
   
-      if node['platform_version'].to_i < 7
+      if !platform_family?("amazon") and node['platform_version'].to_i < 7
         cookbook_file "/etc/audit/audit.rules" do
           source "etc/audit/stig.rules"
           notifies :restart, "service[auditd]", :delayed
@@ -124,11 +124,12 @@ if !node['application_attributes']['skip_recipes'].include?('apply_security')
   
   
       bash "Logging and Auditing" do
-        code <<-EOH
   				#4.1.4 Create and Set Permissions on rsyslog Log Files
   				#find `awk '/^ *[^#$]/ { print $2 }' /etc/rsyslog.conf | egrep -o "/.*"` -perm /o+rwx
+        code <<-EOH
   				chmod og-rwx /var/log/boot.log
         EOH
+        only_if { File.exist?("/var/log/boot.log") }
       end
   
       bash "Network Configuration and Firewalls" do

data/cookbooks/mu-tools/recipes/aws_api.rb

@@ -16,11 +16,29 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-chef_gem "aws-sdk" do
-  compile_time true
-  version "3.0.1"
-  action :install
-end
+# well apparently these versions need to be pegged to whatever Chef is using
+# internally (as of Chef 17.4.38, aws-sdk-core 3.119)
+awsgems = {
+#  "aws-sdk-core" => "~> 3.119",
+  "aws-sdk-s3" => "3.205.0",
+#  "aws-sdk-ec2" => nil
+}
+
+awsgems.each_pair { |g, v|
+# XXX chef_gem is, inexplicably, failing for these AWS SDK gems; logs indicate
+# installation, but they're not actually there. Doing it with an execute seems
+# to circumvent the problem. We then use chef_gem to load the stupid thing for
+# the current Chef run.
+  execute "env -i /opt/chef/embedded/bin/gem install #{g} #{v.nil? ? "" : "--version '#{v}'"}" do
+    compile_time true
+  end
+  chef_gem g do
+    gem_binary "/opt/chef/embedded/bin/gem"
+    version v if !v.nil?
+    compile_time true
+   action :install
+  end
+}
 
 if platform_family?("rhel") or platform_family?("amazon")
   if node['platform_version'].to_i == 6

data/cookbooks/mu-tools/recipes/base_repositories.rb

@@ -21,11 +21,14 @@ if !node['application_attributes']['skip_recipes'].include?('base_repositories')
   case node['platform_family']
     when "rhel", "redhat", "amazon" # ~FC024
       # Workaround for EOL CentOS 5 repos
-      if node['platform'] != "amazon" and node['platform_version'].to_i <= 6
+      if node['platform_family'] != "amazon" and node['platform_version'].to_i <= 6
         cookbook_file "/etc/yum.repos.d/CentOS-Base.repo" do
           source "CentOS-Base.repo"
         end
       end
       include_recipe "yum-epel"
   end
+  if platform_family?("amazon")
+    package "cronie"
+  end
 end

data/cookbooks/mu-tools/recipes/gcloud.rb

@@ -16,59 +16,59 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-if platform_family?("rhel") or platform_family?("amazon")
-  if node['platform_version'].to_i >= 7
-    yum_repository "google-cloud-sdk" do
-      description 'Google Cloud SDK'
-      url "https://packages.cloud.google.com/yum/repos/cloud-sdk-el#{node['platform_version'].to_i}-x86_64#{node['platform_version'].to_i == 6 ? "-unstable": ""}"
-      enabled true
-      gpgcheck true
-      repo_gpgcheck true
-      gpgkey ["https://packages.cloud.google.com/yum/doc/yum-key.gpg", "https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg"]
-    end
-    package "google-cloud-sdk"
-  elsif node['platform_version'].to_i == 6
-    version = "317.0.0"
-    remote_file "#{Chef::Config[:file_cache_path]}/gcloud-cli.sh" do
-      source "https://sdk.cloud.google.com"
-      action :nothing
-    end
-    remote_file "#{Chef::Config[:file_cache_path]}/gcloud-cli.tar.gz" do
-      source "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-#{version}-linux-x86_64.tar.gz"
-      action :nothing
-    end
-    bash "install gcloud-cli" do
-      cwd "/opt"
-      code <<-EOH
-        rm -rf /opt/google-cloud-sdk/
-        tar -xzf #{Chef::Config[:file_cache_path]}/gcloud-cli.tar.gz
-        CLOUDSDK_PYTHON="`/bin/rpm -ql muthon | grep '/bin/python3$'`" ./google-cloud-sdk/install.sh -q
-      EOH
-      notifies :create, "remote_file[#{Chef::Config[:file_cache_path]}/gcloud-cli.sh]", :before
-      notifies :create, "remote_file[#{Chef::Config[:file_cache_path]}/gcloud-cli.tar.gz]", :before
-      not_if "/opt/google-cloud-sdk/bin/gcloud version | grep 'Google Cloud SDK #{version}'"
-    end
-    link "/etc/bash_completion.d/gcloud" do
-      to "/opt/google-cloud-sdk/completion.bash.inc"
-    end
-    link "/etc/profile.d/gcloud.sh" do
-      to "/opt/google-cloud-sdk/path.bash.inc"
-    end
-    file "/etc/profile.d/gcloud_python.sh" do
-      content "export CLOUDSDK_PYTHON=\"`/bin/rpm -ql muthon | grep '/bin/python$'`\"\n"
-      mode 0644
-    end
-  end
-elsif platform_family?("debian")
-  bash "add google-cloud-sdk repo" do
-    code <<-EOH
-      export CLOUD_SDK_REPO="cloud-sdk-$(lsb_release -c -s)"
-      echo "deb http://packages.cloud.google.com/apt $CLOUD_SDK_REPO main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
-      curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
-      sudo apt-get update
-    EOH
-    not_if { ::File.exist?("/etc/apt/sources.list.d/google-cloud-sdk.list") }
-  end
-  package "google-cloud-sdk"
-else
-end
+#if platform_family?("rhel") or platform_family?("amazon")
+#  if node['platform_version'].to_i >= 7
+#    yum_repository "google-cloud-sdk" do
+#      description 'Google Cloud SDK'
+#      url "https://packages.cloud.google.com/yum/repos/cloud-sdk-el#{node['platform_version'].to_i}-x86_64#{node['platform_version'].to_i == 6 ? "-unstable": ""}"
+#      enabled true
+#      gpgcheck true
+#      repo_gpgcheck true
+#      gpgkey ["https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg"]
+#    end
+#    package "google-cloud-sdk"
+#  elsif node['platform_version'].to_i == 6
+#    version = "317.0.0"
+#    remote_file "#{Chef::Config[:file_cache_path]}/gcloud-cli.sh" do
+#      source "https://sdk.cloud.google.com"
+#      action :nothing
+#    end
+#    remote_file "#{Chef::Config[:file_cache_path]}/gcloud-cli.tar.gz" do
+#      source "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-#{version}-linux-x86_64.tar.gz"
+#      action :nothing
+#    end
+#    bash "install gcloud-cli" do
+#      cwd "/opt"
+#      code <<-EOH
+#        rm -rf /opt/google-cloud-sdk/
+#        tar -xzf #{Chef::Config[:file_cache_path]}/gcloud-cli.tar.gz
+#        CLOUDSDK_PYTHON="`/bin/rpm -ql muthon | grep '/bin/python3$'`" ./google-cloud-sdk/install.sh -q
+#      EOH
+#      notifies :create, "remote_file[#{Chef::Config[:file_cache_path]}/gcloud-cli.sh]", :before
+#      notifies :create, "remote_file[#{Chef::Config[:file_cache_path]}/gcloud-cli.tar.gz]", :before
+#      not_if "/opt/google-cloud-sdk/bin/gcloud version | grep 'Google Cloud SDK #{version}'"
+#    end
+#    link "/etc/bash_completion.d/gcloud" do
+#      to "/opt/google-cloud-sdk/completion.bash.inc"
+#    end
+#    link "/etc/profile.d/gcloud.sh" do
+#      to "/opt/google-cloud-sdk/path.bash.inc"
+#    end
+#    file "/etc/profile.d/gcloud_python.sh" do
+#      content "export CLOUDSDK_PYTHON=\"`/bin/rpm -ql muthon | grep '/bin/python$'`\"\n"
+#      mode 0644
+#    end
+#  end
+#elsif platform_family?("debian")
+#  bash "add google-cloud-sdk repo" do
+#    code <<-EOH
+#      export CLOUD_SDK_REPO="cloud-sdk-$(lsb_release -c -s)"
+#      echo "deb http://packages.cloud.google.com/apt $CLOUD_SDK_REPO main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
+#      curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
+#      sudo apt-get update
+#    EOH
+#    not_if { ::File.exist?("/etc/apt/sources.list.d/google-cloud-sdk.list") }
+#  end
+#  package "google-cloud-sdk"
+#else
+#end

data/cookbooks/mu-tools/recipes/nagios.rb

@@ -16,4 +16,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-include_recipe "mu-nagios"
+include_recipe "nagios"