RubyGems - cloud-mu - Versions diffs - 3.5.0 → 3.6.3 - Mend

cloud-mu 3.5.0 → 3.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (245) hide show

checksums.yaml +4 -4
data/Berksfile +5 -2
data/Berksfile.lock +135 -0
data/ansible/roles/mu-base/README.md +33 -0
data/ansible/roles/mu-base/defaults/main.yml +2 -0
data/ansible/roles/mu-base/files/check_apm.cfg +1 -0
data/ansible/roles/mu-base/files/check_apm.sh +18 -0
data/ansible/roles/mu-base/files/check_disk.cfg +1 -0
data/ansible/roles/mu-base/files/check_elastic_shards.cfg +1 -0
data/ansible/roles/mu-base/files/check_elastic_shards.sh +12 -0
data/ansible/roles/mu-base/files/check_logstash.cfg +1 -0
data/ansible/roles/mu-base/files/check_logstash.sh +14 -0
data/ansible/roles/mu-base/files/check_mem.cfg +1 -0
data/ansible/roles/mu-base/files/check_updates.cfg +1 -0
data/ansible/roles/mu-base/files/logrotate.conf +35 -0
data/ansible/roles/mu-base/files/nrpe-apm-sudo +1 -0
data/ansible/roles/mu-base/files/nrpe-elasticshards-sudo +2 -0
data/ansible/roles/mu-base/handlers/main.yml +5 -0
data/ansible/roles/mu-base/meta/main.yml +53 -0
data/ansible/roles/mu-base/tasks/main.yml +113 -0
data/ansible/roles/mu-base/templates/nrpe.cfg.j2 +231 -0
data/ansible/roles/mu-base/tests/inventory +2 -0
data/ansible/roles/mu-base/tests/test.yml +5 -0
data/ansible/roles/mu-base/vars/main.yml +1 -0
data/ansible/roles/mu-compliance/README.md +33 -0
data/ansible/roles/mu-compliance/defaults/main.yml +2 -0
data/ansible/roles/mu-compliance/files/U_MS_Windows_Server_2016_V2R1_STIG_SCAP_1-2_Benchmark.xml +15674 -0
data/ansible/roles/mu-compliance/files/U_MS_Windows_Server_2019_V2R1_STIG_SCAP_1-2_Benchmark.xml +17553 -0
data/ansible/roles/mu-compliance/handlers/main.yml +2 -0
data/ansible/roles/mu-compliance/meta/main.yml +53 -0
data/ansible/roles/mu-compliance/tasks/main.yml +45 -0
data/ansible/roles/mu-compliance/tests/inventory +2 -0
data/ansible/roles/mu-compliance/tests/test.yml +5 -0
data/ansible/roles/mu-compliance/vars/main.yml +4 -0
data/ansible/roles/mu-elastic/README.md +51 -0
data/ansible/roles/mu-elastic/defaults/main.yml +2 -0
data/ansible/roles/mu-elastic/files/jvm.options +93 -0
data/ansible/roles/mu-elastic/handlers/main.yml +10 -0
data/ansible/roles/mu-elastic/meta/main.yml +52 -0
data/ansible/roles/mu-elastic/tasks/main.yml +186 -0
data/ansible/roles/mu-elastic/templates/elasticsearch.yml.j2 +110 -0
data/ansible/roles/mu-elastic/templates/kibana.yml.j2 +131 -0
data/ansible/roles/mu-elastic/templates/password_set.expect.j2 +19 -0
data/ansible/roles/mu-elastic/tests/inventory +2 -0
data/ansible/roles/mu-elastic/tests/test.yml +5 -0
data/ansible/roles/mu-elastic/vars/main.yml +2 -0
data/ansible/roles/mu-logstash/README.md +51 -0
data/ansible/roles/mu-logstash/defaults/main.yml +2 -0
data/ansible/roles/mu-logstash/files/02-beats-input.conf +5 -0
data/ansible/roles/mu-logstash/files/10-rails-filter.conf +16 -0
data/ansible/roles/mu-logstash/files/jvm.options +84 -0
data/ansible/roles/mu-logstash/files/logstash.yml +304 -0
data/ansible/roles/mu-logstash/handlers/main.yml +20 -0
data/ansible/roles/mu-logstash/meta/main.yml +52 -0
data/ansible/roles/mu-logstash/tasks/main.yml +254 -0
data/ansible/roles/mu-logstash/templates/20-cloudtrail.conf.j2 +28 -0
data/ansible/roles/mu-logstash/templates/30-elasticsearch-output.conf.j2 +19 -0
data/ansible/roles/mu-logstash/templates/apm-server.yml.j2 +33 -0
data/ansible/roles/mu-logstash/templates/heartbeat.yml.j2 +29 -0
data/ansible/roles/mu-logstash/templates/nginx/apm.conf.j2 +25 -0
data/ansible/roles/mu-logstash/templates/nginx/default.conf.j2 +56 -0
data/ansible/roles/mu-logstash/templates/nginx/elastic.conf.j2 +27 -0
data/ansible/roles/mu-logstash/tests/inventory +2 -0
data/ansible/roles/mu-logstash/tests/test.yml +5 -0
data/ansible/roles/mu-logstash/vars/main.yml +2 -0
data/ansible/roles/mu-rdp/README.md +33 -0
data/ansible/roles/mu-rdp/meta/main.yml +53 -0
data/ansible/roles/mu-rdp/tasks/main.yml +9 -0
data/ansible/roles/mu-rdp/tests/inventory +2 -0
data/ansible/roles/mu-rdp/tests/test.yml +5 -0
data/ansible/roles/mu-windows/tasks/main.yml +3 -0
data/bin/mu-ansible-secret +1 -1
data/bin/mu-aws-setup +4 -3
data/bin/mu-azure-setup +5 -5
data/bin/mu-configure +25 -17
data/bin/mu-firewall-allow-clients +1 -0
data/bin/mu-gcp-setup +3 -3
data/bin/mu-load-config.rb +1 -0
data/bin/mu-node-manage +66 -33
data/bin/mu-self-update +2 -2
data/bin/mu-upload-chef-artifacts +6 -1
data/bin/mu-user-manage +1 -1
data/cloud-mu.gemspec +25 -23
data/cookbooks/firewall/CHANGELOG.md +417 -224
data/cookbooks/firewall/LICENSE +202 -0
data/cookbooks/firewall/README.md +153 -126
data/cookbooks/firewall/TODO.md +6 -0
data/cookbooks/firewall/attributes/firewalld.rb +7 -0
data/cookbooks/firewall/attributes/iptables.rb +3 -3
data/cookbooks/firewall/chefignore +115 -0
data/cookbooks/firewall/libraries/helpers.rb +5 -0
data/cookbooks/firewall/libraries/helpers_firewalld.rb +1 -1
data/cookbooks/firewall/libraries/helpers_firewalld_dbus.rb +72 -0
data/cookbooks/firewall/libraries/helpers_iptables.rb +3 -3
data/cookbooks/firewall/libraries/helpers_nftables.rb +170 -0
data/cookbooks/firewall/libraries/helpers_ufw.rb +7 -0
data/cookbooks/firewall/libraries/helpers_windows.rb +8 -9
data/cookbooks/firewall/libraries/provider_firewall_firewalld.rb +9 -9
data/cookbooks/firewall/libraries/provider_firewall_iptables.rb +7 -7
data/cookbooks/firewall/libraries/provider_firewall_iptables_ubuntu.rb +12 -8
data/cookbooks/firewall/libraries/provider_firewall_iptables_ubuntu1404.rb +13 -9
data/cookbooks/firewall/libraries/provider_firewall_rule.rb +1 -1
data/cookbooks/firewall/libraries/provider_firewall_ufw.rb +5 -5
data/cookbooks/firewall/libraries/provider_firewall_windows.rb +4 -4
data/cookbooks/firewall/libraries/resource_firewall_rule.rb +3 -3
data/cookbooks/firewall/metadata.json +40 -1
data/cookbooks/firewall/metadata.rb +15 -0
data/cookbooks/firewall/recipes/default.rb +7 -7
data/cookbooks/firewall/recipes/disable_firewall.rb +1 -1
data/cookbooks/firewall/recipes/firewalld.rb +87 -0
data/cookbooks/firewall/renovate.json +18 -0
data/cookbooks/firewall/resources/firewalld.rb +28 -0
data/cookbooks/firewall/resources/firewalld_config.rb +39 -0
data/cookbooks/firewall/resources/firewalld_helpers.rb +106 -0
data/cookbooks/firewall/resources/firewalld_icmptype.rb +88 -0
data/cookbooks/firewall/resources/firewalld_ipset.rb +104 -0
data/cookbooks/firewall/resources/firewalld_policy.rb +115 -0
data/cookbooks/firewall/resources/firewalld_service.rb +98 -0
data/cookbooks/firewall/resources/firewalld_zone.rb +118 -0
data/cookbooks/firewall/resources/nftables.rb +71 -0
data/cookbooks/firewall/resources/nftables_rule.rb +113 -0
data/cookbooks/mu-activedirectory/Berksfile +1 -1
data/cookbooks/mu-activedirectory/metadata.rb +1 -1
data/cookbooks/mu-firewall/metadata.rb +2 -2
data/cookbooks/mu-master/Berksfile +4 -3
data/cookbooks/mu-master/attributes/default.rb +5 -2
data/cookbooks/mu-master/files/default/check_elastic.sh +761 -0
data/cookbooks/mu-master/files/default/check_kibana.rb +45 -0
data/cookbooks/mu-master/libraries/mu.rb +24 -0
data/cookbooks/mu-master/metadata.rb +5 -5
data/cookbooks/mu-master/recipes/default.rb +31 -20
data/cookbooks/mu-master/recipes/firewall-holes.rb +5 -0
data/cookbooks/mu-master/recipes/init.rb +58 -19
data/cookbooks/mu-master/recipes/update_nagios_only.rb +251 -178
data/cookbooks/mu-master/templates/default/nagios.conf.erb +5 -11
data/cookbooks/mu-master/templates/default/web_app.conf.erb +3 -0
data/cookbooks/mu-php54/Berksfile +1 -1
data/cookbooks/mu-php54/metadata.rb +2 -2
data/cookbooks/mu-tools/Berksfile +2 -3
data/cookbooks/mu-tools/attributes/default.rb +3 -4
data/cookbooks/mu-tools/files/amazon/etc/bashrc +90 -0
data/cookbooks/mu-tools/files/amazon/etc/login.defs +292 -0
data/cookbooks/mu-tools/files/amazon/etc/profile +77 -0
data/cookbooks/mu-tools/files/amazon/etc/security/limits.conf +63 -0
data/cookbooks/mu-tools/files/amazon/etc/sysconfig/init +19 -0
data/cookbooks/mu-tools/files/amazon/etc/sysctl.conf +82 -0
data/cookbooks/mu-tools/files/amazon-2023/etc/login.defs +294 -0
data/cookbooks/mu-tools/files/default/logrotate.conf +35 -0
data/cookbooks/mu-tools/files/default/nrpe_conf_d.pp +0 -0
data/cookbooks/mu-tools/libraries/helper.rb +21 -9
data/cookbooks/mu-tools/metadata.rb +4 -4
data/cookbooks/mu-tools/recipes/apply_security.rb +3 -2
data/cookbooks/mu-tools/recipes/aws_api.rb +23 -5
data/cookbooks/mu-tools/recipes/base_repositories.rb +4 -1
data/cookbooks/mu-tools/recipes/gcloud.rb +56 -56
data/cookbooks/mu-tools/recipes/nagios.rb +1 -1
data/cookbooks/mu-tools/recipes/nrpe.rb +20 -2
data/cookbooks/mu-tools/recipes/rsyslog.rb +12 -1
data/cookbooks/mu-tools/recipes/set_local_fw.rb +1 -1
data/data_bags/nagios_services/apm_backend_connect.json +5 -0
data/data_bags/nagios_services/apm_listen.json +5 -0
data/data_bags/nagios_services/elastic_shards.json +5 -0
data/data_bags/nagios_services/logstash.json +5 -0
data/data_bags/nagios_services/rhel7_updates.json +8 -0
data/extras/image-generators/AWS/centos7.yaml +1 -0
data/extras/image-generators/AWS/rhel7.yaml +21 -0
data/extras/image-generators/AWS/win2k12r2.yaml +1 -0
data/extras/image-generators/AWS/win2k16.yaml +1 -0
data/extras/image-generators/AWS/win2k19.yaml +1 -0
data/extras/list-stock-amis +0 -0
data/extras/ruby_rpm/muby.spec +8 -5
data/extras/vault_tools/export_vaults.sh +1 -1
data/extras/vault_tools/recreate_vaults.sh +0 -0
data/extras/vault_tools/test_vaults.sh +0 -0
data/install/deprecated-bash-library.sh +1 -1
data/install/installer +4 -2
data/modules/mommacat.ru +3 -1
data/modules/mu/adoption.rb +1 -1
data/modules/mu/cloud/dnszone.rb +2 -2
data/modules/mu/cloud/machine_images.rb +26 -25
data/modules/mu/cloud/resource_base.rb +213 -182
data/modules/mu/cloud/server_pool.rb +1 -1
data/modules/mu/cloud/ssh_sessions.rb +7 -5
data/modules/mu/cloud/wrappers.rb +2 -2
data/modules/mu/cloud.rb +1 -1
data/modules/mu/config/bucket.rb +1 -1
data/modules/mu/config/function.rb +6 -1
data/modules/mu/config/loadbalancer.rb +24 -2
data/modules/mu/config/ref.rb +12 -0
data/modules/mu/config/role.rb +1 -1
data/modules/mu/config/schema_helpers.rb +42 -9
data/modules/mu/config/server.rb +43 -27
data/modules/mu/config/tail.rb +19 -10
data/modules/mu/config.rb +6 -5
data/modules/mu/defaults/AWS.yaml +78 -114
data/modules/mu/deploy.rb +9 -2
data/modules/mu/groomer.rb +12 -4
data/modules/mu/groomers/ansible.rb +104 -20
data/modules/mu/groomers/chef.rb +15 -6
data/modules/mu/master.rb +9 -4
data/modules/mu/mommacat/daemon.rb +4 -2
data/modules/mu/mommacat/naming.rb +1 -2
data/modules/mu/mommacat/storage.rb +7 -2
data/modules/mu/mommacat.rb +33 -6
data/modules/mu/providers/aws/database.rb +161 -8
data/modules/mu/providers/aws/dnszone.rb +11 -6
data/modules/mu/providers/aws/endpoint.rb +81 -6
data/modules/mu/providers/aws/firewall_rule.rb +254 -172
data/modules/mu/providers/aws/function.rb +65 -3
data/modules/mu/providers/aws/loadbalancer.rb +39 -28
data/modules/mu/providers/aws/log.rb +2 -1
data/modules/mu/providers/aws/role.rb +25 -7
data/modules/mu/providers/aws/server.rb +36 -12
data/modules/mu/providers/aws/server_pool.rb +237 -127
data/modules/mu/providers/aws/storage_pool.rb +7 -1
data/modules/mu/providers/aws/user.rb +1 -1
data/modules/mu/providers/aws/userdata/linux.erb +6 -2
data/modules/mu/providers/aws/userdata/windows.erb +7 -5
data/modules/mu/providers/aws/vpc.rb +49 -25
data/modules/mu/providers/aws.rb +13 -8
data/modules/mu/providers/azure/container_cluster.rb +1 -1
data/modules/mu/providers/azure/loadbalancer.rb +2 -2
data/modules/mu/providers/azure/server.rb +5 -2
data/modules/mu/providers/azure/userdata/linux.erb +1 -1
data/modules/mu/providers/azure.rb +11 -8
data/modules/mu/providers/cloudformation/dnszone.rb +1 -1
data/modules/mu/providers/google/container_cluster.rb +15 -2
data/modules/mu/providers/google/folder.rb +2 -1
data/modules/mu/providers/google/function.rb +130 -4
data/modules/mu/providers/google/habitat.rb +2 -1
data/modules/mu/providers/google/loadbalancer.rb +407 -160
data/modules/mu/providers/google/role.rb +16 -3
data/modules/mu/providers/google/server.rb +5 -1
data/modules/mu/providers/google/user.rb +25 -18
data/modules/mu/providers/google/userdata/linux.erb +1 -1
data/modules/mu/providers/google/vpc.rb +53 -7
data/modules/mu/providers/google.rb +39 -39
data/modules/mu.rb +8 -8
data/modules/tests/elk.yaml +46 -0
data/test/mu-master-test/controls/all_in_one.rb +1 -1
metadata +207 -112
data/cookbooks/firewall/CONTRIBUTING.md +0 -2
data/cookbooks/firewall/MAINTAINERS.md +0 -19
data/cookbooks/firewall/libraries/matchers.rb +0 -30
data/extras/image-generators/AWS/rhel71.yaml +0 -17

data/cookbooks/mu-tools/recipes/nrpe.rb CHANGED Viewed

@@ -45,7 +45,7 @@ if !node['application_attributes']['skip_recipes'].include?('nrpe')
     case elversion
     when 7
-      %w{nrpe_file.pp nrpe_file.te nrpe_check_disk.te nrpe_check_disk.pp}.each { |f|
+      %w{nrpe_file.pp nrpe_file.te nrpe_check_disk.te nrpe_check_disk.pp nrpe_conf_d.pp}.each { |f|
         cookbook_file "#{Chef::Config[:file_cache_path]}/#{f}" do
           source f
         end
@@ -64,6 +64,23 @@ if !node['application_attributes']['skip_recipes'].include?('nrpe')
         not_if "/usr/sbin/semodule -l | grep nrpe_check_disk"
         notifies :restart, "service[nrpe]", :delayed
       end
+      execute "Allow NRPE to read /etc/nagios/nrpe.d through SELinux" do
+        command "/usr/sbin/semodule -i nrpe_conf_d.pp"
+        cwd Chef::Config[:file_cache_path]
+        not_if "/usr/sbin/semodule -l | grep nrpe_conf_d"
+        notifies :restart, "service[nrpe]", :delayed
+      end
+      if node['platform'] == "centos"
+        package "nagios-plugins-check-updates"
+        nrpe_check "check_updates" do
+          command "#{node['nrpe']['plugin_dir']}/check_updates --security-only"
+          action :add
+          notifies :run, 'execute[selinux permissions]', :immediately if node['platform'] != 'amazon'
+          notifies :restart, "service[nrpe]", :delayed
+        end
+      end
     when 6
       if node['platform'] != 'amazon'
         cookbook_file "nrpe_disk.pp" do
@@ -96,7 +113,7 @@ if !node['application_attributes']['skip_recipes'].include?('nrpe')
       notifies :run, 'execute[selinux permissions]', :immediately if node['platform'] != 'amazon'
       notifies :restart, "service[nrpe]", :delayed
     end
     # execute "chmod o+r /etc/nagios/nrpe.d/check_disk.cfg"
     # file "/etc/nagios/nrpe.d/check_disk.cfg" do
       # mode 0640
@@ -113,6 +130,7 @@ if !node['application_attributes']['skip_recipes'].include?('nrpe')
       end
     end
+    execute "restorecon -Rv /etc/nagios/nrpe.d"
     service "nrpe" do
       action [:enable, :start]
     end

data/cookbooks/mu-tools/recipes/rsyslog.rb CHANGED Viewed

@@ -20,7 +20,11 @@ if !node['application_attributes']['skip_recipes'].include?('rsyslog')
   case node['platform_family']
   when "rhel", "debian", "amazon"
     package "rsyslog"
-    package "rsyslog-gnutls"
+    if platform_family?("amazon") and node['platform_version'].to_i == 2023
+      package "rsyslog-crypto"
+    else
+      package "rsyslog-gnutls"
+    end
     execute "chcon -R -h -t var_log_t /Mu_Logs" do
       action :nothing
       only_if { ::Dir.exist?("/Mu_Logs") }
@@ -71,3 +75,10 @@ if !node['application_attributes']['skip_recipes'].include?('rsyslog')
     end
   end
 end
+cookbook_file "/etc/logrotate.conf" do
+  source "logrotate.conf"
+  mode 0644
+  owner "root"
+  group "root"
+end

data/cookbooks/mu-tools/recipes/set_local_fw.rb CHANGED Viewed

@@ -19,7 +19,7 @@
 if !node['application_attributes']['skip_recipes'].include?('set_local_fw')
   master_ips = get_mu_master_ips
   case node['platform_family']
-  when 'rhel', 'amazon'
+  when 'rhel'#, 'amazon'
     include_recipe 'mu-firewall'
     if elversion >= 7 and node['platform_family'] != "amazon" # Can use firewalld, but not if iptables is already rigged

data/data_bags/nagios_services/apm_backend_connect.json ADDED Viewed

@@ -0,0 +1,5 @@
+{
+  "id": "apm_backend_connect",
+  "hostgroup_name": "mu-logstash",
+  "command_line": "$USER1$/check_nrpe -H $HOSTADDRESS$ -c check_apm"
+}

data/data_bags/nagios_services/apm_listen.json ADDED Viewed

@@ -0,0 +1,5 @@
+{
+  "id": "apm_listen",
+  "hostgroup_name": "mu-logstash",
+  "command_line": "$USER1$/check_http $HOSTADDRESS$ -p 8200"
+}

data/data_bags/nagios_services/elastic_shards.json ADDED Viewed

@@ -0,0 +1,5 @@
+{
+  "id": "elastic_shards",
+  "hostgroup_name": "mu-elastic",
+  "command_line": "$USER1$/check_nrpe -H $HOSTADDRESS$ -c check_elastic_shards"
+}

data/data_bags/nagios_services/logstash.json ADDED Viewed

@@ -0,0 +1,5 @@
+{
+  "id": "logstash",
+  "hostgroup_name": "mu-logstash",
+  "command_line": "$USER1$/check_nrpe -H $HOSTADDRESS$ -c check_logstash"
+}

data/data_bags/nagios_services/rhel7_updates.json ADDED Viewed

@@ -0,0 +1,8 @@
+{
+	"id": "rhel7_updates",
+  "hostgroup_name": "mu-node",
+	"command_line": "$USER1$/check_nrpe -H $HOSTADDRESS$ -t 60 -c check_updates",
+  "check_interval": 120,
+  "retry_interval": 3600,
+  "notification_interval": 14400
+}

data/extras/image-generators/AWS/centos7.yaml CHANGED Viewed

@@ -1,5 +1,6 @@
 ---
 appname: mu
+us_only: true
 servers:
 - name: centos7
   platform: centos7

data/extras/image-generators/AWS/rhel7.yaml ADDED Viewed

@@ -0,0 +1,21 @@
+---
+appname: mu
+us_only: true
+servers:
+- name: rhel7
+  platform: rhel7
+  size: m4.large
+  vpc:
+    name: r7vpc
+  scrub_groomer: true
+  run_list:
+  - recipe[mu-tools::apply_security]
+  - recipe[mu-tools::updates]
+  - recipe[mu-tools::split_var_partitions]
+  create_image:
+    image_then_destroy: true
+    public: true
+    copy_to_regions:
+    - "#ALL"
+vpcs:
+- name: r7vpc

data/extras/image-generators/AWS/win2k12r2.yaml CHANGED Viewed

@@ -1,5 +1,6 @@
 ---
   appname: mu
+  us_only: true
   vpcs:
   - name: windowsbuild
   servers:

data/extras/image-generators/AWS/win2k16.yaml CHANGED Viewed

@@ -1,5 +1,6 @@
 ---
   appname: mu
+  us_only: true
   vpcs:
   - name: windowsbuild
   servers:

data/extras/image-generators/AWS/win2k19.yaml CHANGED Viewed

@@ -1,5 +1,6 @@
 ---
   appname: mu
+  us_only: true
   vpcs:
   - name: windowsbuild
   servers:

data/extras/list-stock-amis CHANGED Viewed

File without changes

data/extras/ruby_rpm/muby.spec CHANGED Viewed

@@ -1,16 +1,18 @@
 Summary: Ruby for Mu(by)
 BuildArch: x86_64
 Name: muby
-Version: 2.7.2
+Version: 3.3.5
 Release: 1%{dist}
 Group: Development/Languages
 License: Ruby License/GPL - see COPYING
 URL: http://www.ruby-lang.org/
 Prefix: /opt/rubies
-Source: https://cache.ruby-lang.org/pub/ruby/2.7/ruby-%{version}.tar.gz
+Source: https://cache.ruby-lang.org/pub/ruby/3.3/ruby-%{version}.tar.gz
 BuildRequires: zlib
 BuildRequires: zlib-devel
+BuildRequires: libyaml
+BuildRequires: libyaml-devel
 BuildRequires: openssl
 %description
@@ -19,21 +21,22 @@ I was drunk when I wrote this spec file
 %prep
 rm -rf $RPM_BUILD_DIR/ruby-%{version}
 rm -rf %{prefix}
-test -f $RPM_SOURCE_DIR/ruby-%{version}.tar.gz || ( cd $RPM_SOURCE_DIR && curl -O https://cache.ruby-lang.org/pub/ruby/2.7/ruby-%{version}.tar.gz )
+test -f $RPM_SOURCE_DIR/ruby-%{version}.tar.gz || ( cd $RPM_SOURCE_DIR && curl -O https://cache.ruby-lang.org/pub/ruby/3.3/ruby-%{version}.tar.gz )
 tar -xzvf $RPM_SOURCE_DIR/ruby-%{version}.tar.gz
 mkdir -p $RPM_BUILD_ROOT%{prefix}
 ln -s %{prefix}/ruby-%{version} $RPM_BUILD_ROOT%{prefix}/ruby-%{version}
 %build
 cd $RPM_BUILD_DIR/ruby-%{version}
-./configure --prefix=%{prefix}/ruby-%{version}  --enable-load-relative --enable-shared
+./configure --prefix=%{prefix}/ruby-%{version}  --enable-load-relative --enable-shared --disable-install-doc
 make
 %install
 cd $RPM_BUILD_DIR/ruby-%{version}
 make install
 mkdir -p %{prefix}
-yes | %{prefix}/ruby-%{version}/bin/gem install bundler --version '~> 2.1.4' --force
+yes | %{prefix}/ruby-%{version}/bin/gem install bundler --version '~> 2.5.18' --force
+yes | %{prefix}/ruby-%{version}/bin/gem install psych --force
 mkdir -p $RPM_BUILD_ROOT%{prefix}
 mv %{prefix}/ruby-%{version} $RPM_BUILD_ROOT%{prefix}/
 mkdir -p $RPM_BUILD_ROOT/usr/local/bin

data/extras/vault_tools/export_vaults.sh CHANGED Viewed

@@ -1,3 +1,3 @@
 #!/bin/bash
 # Exports existing vaults to a vaults directory for use by test_vaults and recreate_vaults
-mkdir -p ~/vaults ; for i in `knife data bag list | grep -v -- -`;do echo $i; mkdir -p vaults/$i ; for j in `knife data bag show $i | grep -v '_keys$'`;do echo "   $j"; knife vault show $i $j -F json > vaults/$i/$j.json;done;done ; find vaults -empty -delete
+mkdir -p ~/vaults ; for i in `knife data bag list | grep -vE -- '-[0-9]{10}-'`;do echo $i; mkdir -p vaults/$i ; for j in `knife data bag show $i | grep -v '_keys$'`;do echo "   $j"; knife vault show $i $j -F json > vaults/$i/$j.json;done;done ; find vaults -empty -delete

data/extras/vault_tools/recreate_vaults.sh CHANGED Viewed

File without changes

data/extras/vault_tools/test_vaults.sh CHANGED Viewed

File without changes

data/install/deprecated-bash-library.sh CHANGED Viewed

@@ -1299,7 +1299,7 @@ install_chef()
     status_message "Installing current Chef client"
     yum -y erase chef || rpm -e chef # one of these will get it
     rm -rf /opt/chef # and stay out
-    curl https://www.chef.io/chef/install.sh > /root/chef-install.sh
+    curl https://omnitruck.chef.io/install.sh > /root/chef-install.sh
     sh /root/chef-install.sh -v $CHEF_CLIENT_VERSION
   fi
   if [ -f /opt/chef/embedded/bin/gem ];then

data/install/installer CHANGED Viewed

@@ -1,8 +1,10 @@
 #!/bin/sh
+yum -y install git dmidecode
 BOLD=`tput bold`
 NORM=`tput sgr0`
-CHEF_CLIENT_VERSION="16.9.29"
+CHEF_CLIENT_VERSION="18.5.0"
 if [ "$MU_BRANCH" == "" ];then
   MU_BRANCH="master"
   mydir="`dirname $0`"
@@ -45,7 +47,7 @@ if ! /bin/rpm -q $CHEF_CLIENT_PKG > /dev/null ;then
   # Drop any old Chef packages laying around, first
   /usr/bin/yum -y erase chef || /bin/rpm -e chef
   /bin/rm -rf /opt/chef ~/.berkshelf ~/.chef /etc/chef
-  /usr/bin/curl https://www.chef.io/chef/install.sh > /root/chef-install.sh
+  /usr/bin/curl https://omnitruck.chef.io/install.sh > /root/chef-install.sh
   /bin/sh /root/chef-install.sh -v $CHEF_CLIENT_VERSION
 fi

data/modules/mommacat.ru CHANGED Viewed

@@ -417,12 +417,14 @@ app = proc do |env|
 # XXX make sure we handle mangled input safely
           params = JSON.parse(Base64.decode64(req["add_volume"]))
           MU.log "add_volume request", MU::NOTICE, details: params
-          instance.addVolume(params["dev"], params["size"], delete_on_termination: params["delete_on_termination"])
+          Thread.current.thread_variable_set("addVolume", req["mu_instance_id"])
+          instance.addVolume(dev: params["dev"], size: params["size"], delete_on_termination: params["delete_on_termination"])
         else
           returnval = throw500 "I don't know how to add a volume for #{instance}"
         end
       elsif !instance.nil?
         if !req["mu_bootstrap"].nil?
+          Thread.current.thread_variable_set("groomRequest", req["mu_instance_id"])
           kittenpile.groomNode(req["mu_instance_id"], req["mu_resource_name"], req["mu_resource_type"], mu_name: mu_name, sync_wait: true)
           returnval[2] = ["Grooming asynchronously, check Momma Cat logs on the master for details."]
         else

data/modules/mu/adoption.rb CHANGED Viewed

@@ -285,7 +285,7 @@ module MU
               rescue StandardError
               ensure
                 if !obj_desc
-                  MU.log cloud+" "+type.to_s+" "+obj_thr.cloud_id+" did not return a cloud descriptor, skipping", MU::WARN
+                  MU.log cloud+" "+type.to_s+" "+obj_thr.cloud_id+" #{cloud == "Google" ? "in org #{MU::Cloud::Google.getOrg(obj_thr.credentials).display_name} ": ""}did not return a cloud descriptor, skipping", MU::WARN
                   next
                 end
               end

data/modules/mu/cloud/dnszone.rb CHANGED Viewed

@@ -22,9 +22,9 @@ module MU
       # Set a generic .platform-mu DNS entry for a resource, and return the name
       # that was set.
-      def self.genericMuDNSEntry(*flags)
+      def self.genericMuDNSEntry(**flags)
 # XXX have this switch on a global config for where Mu puts its DNS
-        MU::Cloud.resourceClass(MU::Config.defaultCloud, "DNSZone").genericMuDNSEntry(flags.first)
+        MU::Cloud.resourceClass(MU::Config.defaultCloud, "DNSZone").genericMuDNSEntry(**flags)
       end
       # Wrapper for {MU::Cloud::AWS::DNSZone.manageRecord}. Spawns threads to create all

data/modules/mu/cloud/machine_images.rb CHANGED Viewed

@@ -27,14 +27,14 @@ module MU
     # Aliases for platform names, in case we don't have actual images built for
     # them.
     PLATFORM_ALIASES = {
-      "linux" => "centos7",
+      "linux" => "amazon2023",
       "windows" => "win2k12r2",
       "win2k12" => "win2k12r2",
       "ubuntu" => "ubuntu16",
       "centos" => "centos7",
       "rhel7" => "rhel71",
       "rhel" => "rhel71",
-      "amazon" => "amazon2016"
+      "amazon" => "amazon2023"
     }
     @@image_fetch_cache = {}
@@ -87,28 +87,29 @@ module MU
       end
       images = nil
-      urls.each { |base_url|
-        @@image_fetch_semaphore.synchronize {
-          if @@image_fetch_cache[cloud] and (Time.now - @@image_fetch_cache[cloud]['time']) < 30
-            images = @@image_fetch_cache[cloud]['contents'].dup
-          else
-            begin
-              Timeout.timeout(2) do
-                response = URI.open("#{base_url}/#{cloud}.yaml").read
-                images ||= {}
-                images.deep_merge!(YAML.load(response))
-                break
-              end
-            rescue StandardError => e
-              if fail_hard
-                raise MuError, "Failed to fetch stock images from #{base_url}/#{cloud}.yaml (#{e.message})"
-              else
-                MU.log "Failed to fetch stock images from #{base_url}/#{cloud}.yaml (#{e.message})", MU::WARN if !quiet
-              end
-            end
-          end
-        }
-      }
+# XXX no ability to update this cache anymore, and it's pointless now anyway
+#      urls.each { |base_url|
+#        @@image_fetch_semaphore.synchronize {
+#          if @@image_fetch_cache[cloud] and (Time.now - @@image_fetch_cache[cloud]['time']) < 30
+#            images = @@image_fetch_cache[cloud]['contents'].dup
+#          else
+#            begin
+#              Timeout.timeout(2) do
+#                response = URI.open("#{base_url}/#{cloud}.yaml").read
+#                images ||= {}
+#                images.deep_merge!(YAML.load(response))
+#                break
+#              end
+#            rescue StandardError => e
+#              if fail_hard
+#                raise MuError, "Failed to fetch stock images from #{base_url}/#{cloud}.yaml (#{e.message})"
+#              else
+#                MU.log "Failed to fetch stock images from #{base_url}/#{cloud}.yaml (#{e.message})", MU::WARN if !quiet
+#              end
+#            end
+#          end
+#        }
+#      }
       @@image_fetch_semaphore.synchronize {
         @@image_fetch_cache[cloud] = {
@@ -127,7 +128,7 @@ module MU
         [backwards_compat[cloud], cloud].each { |file|
           next if file.nil?
           if File.exist?("#{MU.myRoot}/modules/mu/defaults/#{file}.yaml")
-            images = YAML.load(File.read("#{MU.myRoot}/modules/mu/defaults/#{file}.yaml"))
+            images = YAML.load(File.read("#{MU.myRoot}/modules/mu/defaults/#{file}.yaml"), aliases: true)
             break
           end
         }