cloud-mu 3.5.0 → 3.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Berksfile +5 -2
- data/Berksfile.lock +135 -0
- data/ansible/roles/mu-base/README.md +33 -0
- data/ansible/roles/mu-base/defaults/main.yml +2 -0
- data/ansible/roles/mu-base/files/check_apm.cfg +1 -0
- data/ansible/roles/mu-base/files/check_apm.sh +18 -0
- data/ansible/roles/mu-base/files/check_disk.cfg +1 -0
- data/ansible/roles/mu-base/files/check_elastic_shards.cfg +1 -0
- data/ansible/roles/mu-base/files/check_elastic_shards.sh +12 -0
- data/ansible/roles/mu-base/files/check_logstash.cfg +1 -0
- data/ansible/roles/mu-base/files/check_logstash.sh +14 -0
- data/ansible/roles/mu-base/files/check_mem.cfg +1 -0
- data/ansible/roles/mu-base/files/check_updates.cfg +1 -0
- data/ansible/roles/mu-base/files/logrotate.conf +35 -0
- data/ansible/roles/mu-base/files/nrpe-apm-sudo +1 -0
- data/ansible/roles/mu-base/files/nrpe-elasticshards-sudo +2 -0
- data/ansible/roles/mu-base/handlers/main.yml +5 -0
- data/ansible/roles/mu-base/meta/main.yml +53 -0
- data/ansible/roles/mu-base/tasks/main.yml +113 -0
- data/ansible/roles/mu-base/templates/nrpe.cfg.j2 +231 -0
- data/ansible/roles/mu-base/tests/inventory +2 -0
- data/ansible/roles/mu-base/tests/test.yml +5 -0
- data/ansible/roles/mu-base/vars/main.yml +1 -0
- data/ansible/roles/mu-compliance/README.md +33 -0
- data/ansible/roles/mu-compliance/defaults/main.yml +2 -0
- data/ansible/roles/mu-compliance/files/U_MS_Windows_Server_2016_V2R1_STIG_SCAP_1-2_Benchmark.xml +15674 -0
- data/ansible/roles/mu-compliance/files/U_MS_Windows_Server_2019_V2R1_STIG_SCAP_1-2_Benchmark.xml +17553 -0
- data/ansible/roles/mu-compliance/handlers/main.yml +2 -0
- data/ansible/roles/mu-compliance/meta/main.yml +53 -0
- data/ansible/roles/mu-compliance/tasks/main.yml +45 -0
- data/ansible/roles/mu-compliance/tests/inventory +2 -0
- data/ansible/roles/mu-compliance/tests/test.yml +5 -0
- data/ansible/roles/mu-compliance/vars/main.yml +4 -0
- data/ansible/roles/mu-elastic/README.md +51 -0
- data/ansible/roles/mu-elastic/defaults/main.yml +2 -0
- data/ansible/roles/mu-elastic/files/jvm.options +93 -0
- data/ansible/roles/mu-elastic/handlers/main.yml +10 -0
- data/ansible/roles/mu-elastic/meta/main.yml +52 -0
- data/ansible/roles/mu-elastic/tasks/main.yml +186 -0
- data/ansible/roles/mu-elastic/templates/elasticsearch.yml.j2 +110 -0
- data/ansible/roles/mu-elastic/templates/kibana.yml.j2 +131 -0
- data/ansible/roles/mu-elastic/templates/password_set.expect.j2 +19 -0
- data/ansible/roles/mu-elastic/tests/inventory +2 -0
- data/ansible/roles/mu-elastic/tests/test.yml +5 -0
- data/ansible/roles/mu-elastic/vars/main.yml +2 -0
- data/ansible/roles/mu-logstash/README.md +51 -0
- data/ansible/roles/mu-logstash/defaults/main.yml +2 -0
- data/ansible/roles/mu-logstash/files/02-beats-input.conf +5 -0
- data/ansible/roles/mu-logstash/files/10-rails-filter.conf +16 -0
- data/ansible/roles/mu-logstash/files/jvm.options +84 -0
- data/ansible/roles/mu-logstash/files/logstash.yml +304 -0
- data/ansible/roles/mu-logstash/handlers/main.yml +20 -0
- data/ansible/roles/mu-logstash/meta/main.yml +52 -0
- data/ansible/roles/mu-logstash/tasks/main.yml +254 -0
- data/ansible/roles/mu-logstash/templates/20-cloudtrail.conf.j2 +28 -0
- data/ansible/roles/mu-logstash/templates/30-elasticsearch-output.conf.j2 +19 -0
- data/ansible/roles/mu-logstash/templates/apm-server.yml.j2 +33 -0
- data/ansible/roles/mu-logstash/templates/heartbeat.yml.j2 +29 -0
- data/ansible/roles/mu-logstash/templates/nginx/apm.conf.j2 +25 -0
- data/ansible/roles/mu-logstash/templates/nginx/default.conf.j2 +56 -0
- data/ansible/roles/mu-logstash/templates/nginx/elastic.conf.j2 +27 -0
- data/ansible/roles/mu-logstash/tests/inventory +2 -0
- data/ansible/roles/mu-logstash/tests/test.yml +5 -0
- data/ansible/roles/mu-logstash/vars/main.yml +2 -0
- data/ansible/roles/mu-rdp/README.md +33 -0
- data/ansible/roles/mu-rdp/meta/main.yml +53 -0
- data/ansible/roles/mu-rdp/tasks/main.yml +9 -0
- data/ansible/roles/mu-rdp/tests/inventory +2 -0
- data/ansible/roles/mu-rdp/tests/test.yml +5 -0
- data/ansible/roles/mu-windows/tasks/main.yml +3 -0
- data/bin/mu-ansible-secret +1 -1
- data/bin/mu-aws-setup +4 -3
- data/bin/mu-azure-setup +5 -5
- data/bin/mu-configure +25 -17
- data/bin/mu-firewall-allow-clients +1 -0
- data/bin/mu-gcp-setup +3 -3
- data/bin/mu-load-config.rb +1 -0
- data/bin/mu-node-manage +66 -33
- data/bin/mu-self-update +2 -2
- data/bin/mu-upload-chef-artifacts +6 -1
- data/bin/mu-user-manage +1 -1
- data/cloud-mu.gemspec +25 -23
- data/cookbooks/firewall/CHANGELOG.md +417 -224
- data/cookbooks/firewall/LICENSE +202 -0
- data/cookbooks/firewall/README.md +153 -126
- data/cookbooks/firewall/TODO.md +6 -0
- data/cookbooks/firewall/attributes/firewalld.rb +7 -0
- data/cookbooks/firewall/attributes/iptables.rb +3 -3
- data/cookbooks/firewall/chefignore +115 -0
- data/cookbooks/firewall/libraries/helpers.rb +5 -0
- data/cookbooks/firewall/libraries/helpers_firewalld.rb +1 -1
- data/cookbooks/firewall/libraries/helpers_firewalld_dbus.rb +72 -0
- data/cookbooks/firewall/libraries/helpers_iptables.rb +3 -3
- data/cookbooks/firewall/libraries/helpers_nftables.rb +170 -0
- data/cookbooks/firewall/libraries/helpers_ufw.rb +7 -0
- data/cookbooks/firewall/libraries/helpers_windows.rb +8 -9
- data/cookbooks/firewall/libraries/provider_firewall_firewalld.rb +9 -9
- data/cookbooks/firewall/libraries/provider_firewall_iptables.rb +7 -7
- data/cookbooks/firewall/libraries/provider_firewall_iptables_ubuntu.rb +12 -8
- data/cookbooks/firewall/libraries/provider_firewall_iptables_ubuntu1404.rb +13 -9
- data/cookbooks/firewall/libraries/provider_firewall_rule.rb +1 -1
- data/cookbooks/firewall/libraries/provider_firewall_ufw.rb +5 -5
- data/cookbooks/firewall/libraries/provider_firewall_windows.rb +4 -4
- data/cookbooks/firewall/libraries/resource_firewall_rule.rb +3 -3
- data/cookbooks/firewall/metadata.json +40 -1
- data/cookbooks/firewall/metadata.rb +15 -0
- data/cookbooks/firewall/recipes/default.rb +7 -7
- data/cookbooks/firewall/recipes/disable_firewall.rb +1 -1
- data/cookbooks/firewall/recipes/firewalld.rb +87 -0
- data/cookbooks/firewall/renovate.json +18 -0
- data/cookbooks/firewall/resources/firewalld.rb +28 -0
- data/cookbooks/firewall/resources/firewalld_config.rb +39 -0
- data/cookbooks/firewall/resources/firewalld_helpers.rb +106 -0
- data/cookbooks/firewall/resources/firewalld_icmptype.rb +88 -0
- data/cookbooks/firewall/resources/firewalld_ipset.rb +104 -0
- data/cookbooks/firewall/resources/firewalld_policy.rb +115 -0
- data/cookbooks/firewall/resources/firewalld_service.rb +98 -0
- data/cookbooks/firewall/resources/firewalld_zone.rb +118 -0
- data/cookbooks/firewall/resources/nftables.rb +71 -0
- data/cookbooks/firewall/resources/nftables_rule.rb +113 -0
- data/cookbooks/mu-activedirectory/Berksfile +1 -1
- data/cookbooks/mu-activedirectory/metadata.rb +1 -1
- data/cookbooks/mu-firewall/metadata.rb +2 -2
- data/cookbooks/mu-master/Berksfile +4 -3
- data/cookbooks/mu-master/attributes/default.rb +5 -2
- data/cookbooks/mu-master/files/default/check_elastic.sh +761 -0
- data/cookbooks/mu-master/files/default/check_kibana.rb +45 -0
- data/cookbooks/mu-master/libraries/mu.rb +24 -0
- data/cookbooks/mu-master/metadata.rb +5 -5
- data/cookbooks/mu-master/recipes/default.rb +31 -20
- data/cookbooks/mu-master/recipes/firewall-holes.rb +5 -0
- data/cookbooks/mu-master/recipes/init.rb +58 -19
- data/cookbooks/mu-master/recipes/update_nagios_only.rb +251 -178
- data/cookbooks/mu-master/templates/default/nagios.conf.erb +5 -11
- data/cookbooks/mu-master/templates/default/web_app.conf.erb +3 -0
- data/cookbooks/mu-php54/Berksfile +1 -1
- data/cookbooks/mu-php54/metadata.rb +2 -2
- data/cookbooks/mu-tools/Berksfile +2 -3
- data/cookbooks/mu-tools/attributes/default.rb +3 -4
- data/cookbooks/mu-tools/files/amazon/etc/bashrc +90 -0
- data/cookbooks/mu-tools/files/amazon/etc/login.defs +292 -0
- data/cookbooks/mu-tools/files/amazon/etc/profile +77 -0
- data/cookbooks/mu-tools/files/amazon/etc/security/limits.conf +63 -0
- data/cookbooks/mu-tools/files/amazon/etc/sysconfig/init +19 -0
- data/cookbooks/mu-tools/files/amazon/etc/sysctl.conf +82 -0
- data/cookbooks/mu-tools/files/amazon-2023/etc/login.defs +294 -0
- data/cookbooks/mu-tools/files/default/logrotate.conf +35 -0
- data/cookbooks/mu-tools/files/default/nrpe_conf_d.pp +0 -0
- data/cookbooks/mu-tools/libraries/helper.rb +21 -9
- data/cookbooks/mu-tools/metadata.rb +4 -4
- data/cookbooks/mu-tools/recipes/apply_security.rb +3 -2
- data/cookbooks/mu-tools/recipes/aws_api.rb +23 -5
- data/cookbooks/mu-tools/recipes/base_repositories.rb +4 -1
- data/cookbooks/mu-tools/recipes/gcloud.rb +56 -56
- data/cookbooks/mu-tools/recipes/nagios.rb +1 -1
- data/cookbooks/mu-tools/recipes/nrpe.rb +20 -2
- data/cookbooks/mu-tools/recipes/rsyslog.rb +12 -1
- data/cookbooks/mu-tools/recipes/set_local_fw.rb +1 -1
- data/data_bags/nagios_services/apm_backend_connect.json +5 -0
- data/data_bags/nagios_services/apm_listen.json +5 -0
- data/data_bags/nagios_services/elastic_shards.json +5 -0
- data/data_bags/nagios_services/logstash.json +5 -0
- data/data_bags/nagios_services/rhel7_updates.json +8 -0
- data/extras/image-generators/AWS/centos7.yaml +1 -0
- data/extras/image-generators/AWS/rhel7.yaml +21 -0
- data/extras/image-generators/AWS/win2k12r2.yaml +1 -0
- data/extras/image-generators/AWS/win2k16.yaml +1 -0
- data/extras/image-generators/AWS/win2k19.yaml +1 -0
- data/extras/list-stock-amis +0 -0
- data/extras/ruby_rpm/muby.spec +8 -5
- data/extras/vault_tools/export_vaults.sh +1 -1
- data/extras/vault_tools/recreate_vaults.sh +0 -0
- data/extras/vault_tools/test_vaults.sh +0 -0
- data/install/deprecated-bash-library.sh +1 -1
- data/install/installer +4 -2
- data/modules/mommacat.ru +3 -1
- data/modules/mu/adoption.rb +1 -1
- data/modules/mu/cloud/dnszone.rb +2 -2
- data/modules/mu/cloud/machine_images.rb +26 -25
- data/modules/mu/cloud/resource_base.rb +213 -182
- data/modules/mu/cloud/server_pool.rb +1 -1
- data/modules/mu/cloud/ssh_sessions.rb +7 -5
- data/modules/mu/cloud/wrappers.rb +2 -2
- data/modules/mu/cloud.rb +1 -1
- data/modules/mu/config/bucket.rb +1 -1
- data/modules/mu/config/function.rb +6 -1
- data/modules/mu/config/loadbalancer.rb +24 -2
- data/modules/mu/config/ref.rb +12 -0
- data/modules/mu/config/role.rb +1 -1
- data/modules/mu/config/schema_helpers.rb +42 -9
- data/modules/mu/config/server.rb +43 -27
- data/modules/mu/config/tail.rb +19 -10
- data/modules/mu/config.rb +6 -5
- data/modules/mu/defaults/AWS.yaml +78 -114
- data/modules/mu/deploy.rb +9 -2
- data/modules/mu/groomer.rb +12 -4
- data/modules/mu/groomers/ansible.rb +104 -20
- data/modules/mu/groomers/chef.rb +15 -6
- data/modules/mu/master.rb +9 -4
- data/modules/mu/mommacat/daemon.rb +4 -2
- data/modules/mu/mommacat/naming.rb +1 -2
- data/modules/mu/mommacat/storage.rb +7 -2
- data/modules/mu/mommacat.rb +33 -6
- data/modules/mu/providers/aws/database.rb +161 -8
- data/modules/mu/providers/aws/dnszone.rb +11 -6
- data/modules/mu/providers/aws/endpoint.rb +81 -6
- data/modules/mu/providers/aws/firewall_rule.rb +254 -172
- data/modules/mu/providers/aws/function.rb +65 -3
- data/modules/mu/providers/aws/loadbalancer.rb +39 -28
- data/modules/mu/providers/aws/log.rb +2 -1
- data/modules/mu/providers/aws/role.rb +25 -7
- data/modules/mu/providers/aws/server.rb +36 -12
- data/modules/mu/providers/aws/server_pool.rb +237 -127
- data/modules/mu/providers/aws/storage_pool.rb +7 -1
- data/modules/mu/providers/aws/user.rb +1 -1
- data/modules/mu/providers/aws/userdata/linux.erb +6 -2
- data/modules/mu/providers/aws/userdata/windows.erb +7 -5
- data/modules/mu/providers/aws/vpc.rb +49 -25
- data/modules/mu/providers/aws.rb +13 -8
- data/modules/mu/providers/azure/container_cluster.rb +1 -1
- data/modules/mu/providers/azure/loadbalancer.rb +2 -2
- data/modules/mu/providers/azure/server.rb +5 -2
- data/modules/mu/providers/azure/userdata/linux.erb +1 -1
- data/modules/mu/providers/azure.rb +11 -8
- data/modules/mu/providers/cloudformation/dnszone.rb +1 -1
- data/modules/mu/providers/google/container_cluster.rb +15 -2
- data/modules/mu/providers/google/folder.rb +2 -1
- data/modules/mu/providers/google/function.rb +130 -4
- data/modules/mu/providers/google/habitat.rb +2 -1
- data/modules/mu/providers/google/loadbalancer.rb +407 -160
- data/modules/mu/providers/google/role.rb +16 -3
- data/modules/mu/providers/google/server.rb +5 -1
- data/modules/mu/providers/google/user.rb +25 -18
- data/modules/mu/providers/google/userdata/linux.erb +1 -1
- data/modules/mu/providers/google/vpc.rb +53 -7
- data/modules/mu/providers/google.rb +39 -39
- data/modules/mu.rb +8 -8
- data/modules/tests/elk.yaml +46 -0
- data/test/mu-master-test/controls/all_in_one.rb +1 -1
- metadata +207 -112
- data/cookbooks/firewall/CONTRIBUTING.md +0 -2
- data/cookbooks/firewall/MAINTAINERS.md +0 -19
- data/cookbooks/firewall/libraries/matchers.rb +0 -30
- data/extras/image-generators/AWS/rhel71.yaml +0 -17
@@ -439,17 +439,45 @@ module MU
|
|
439
439
|
"description" => "For resources which span regions, restrict to regions inside the United States",
|
440
440
|
"default" => false
|
441
441
|
},
|
442
|
-
"
|
443
|
-
|
444
|
-
|
445
|
-
|
446
|
-
|
447
|
-
|
448
|
-
|
449
|
-
|
450
|
-
"
|
442
|
+
"generate_passwords" => {
|
443
|
+
"type" => "array",
|
444
|
+
"items" => {
|
445
|
+
"type" => "object",
|
446
|
+
"required" => ["itemname"],
|
447
|
+
"description" => "Generate a password-like string upon initial deployment and store it in the named item in this deploy's vault.",
|
448
|
+
"properties" => {
|
449
|
+
"itemname" => {
|
450
|
+
"type" => "string",
|
451
|
+
"description" => "The vault item into which this password should be injected"
|
452
|
+
},
|
453
|
+
"username" => {
|
454
|
+
"type" => "string",
|
455
|
+
"description" => "Optional string to add to vault data under the +username+ field"
|
456
|
+
},
|
457
|
+
"minlength" => {
|
458
|
+
"type" => "integer",
|
459
|
+
"description" => "The minimum length of the generated password",
|
460
|
+
"default" => 14
|
461
|
+
},
|
462
|
+
"safe_chars" => {
|
463
|
+
"type" => "string",
|
464
|
+
"descriptions" => "Characters (in addition to digits and latin letters) which should be considered for inclusion",
|
465
|
+
"default" => '~!@#%^&*_-+=`|(){}[]:;<>,.?'
|
451
466
|
}
|
452
467
|
}
|
468
|
+
}
|
469
|
+
},
|
470
|
+
"conditions" => {
|
471
|
+
"type" => "array",
|
472
|
+
"items" => {
|
473
|
+
"type" => "object",
|
474
|
+
"required" => ["name", "cloudcode"],
|
475
|
+
"description" => "CloudFormation-specific. Define Conditions as in http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/conditions-section-structure.html. Arguments must use the cloudCode() macro.",
|
476
|
+
"properties" => {
|
477
|
+
"name" => { "required" => true, "type" => "string" },
|
478
|
+
"cloudcode" => { "required" => true, "type" => "string" },
|
479
|
+
}
|
480
|
+
}
|
453
481
|
},
|
454
482
|
"parameters" => {
|
455
483
|
"type" => "array",
|
@@ -465,6 +493,11 @@ module MU
|
|
465
493
|
"type" => "string",
|
466
494
|
"description" => "Treat the value as a comma-separated list of values with this key name, equivalent to CloudFormation's various List<> types. For example, set to 'subnet_id' to pass values as an array of subnet identifiers as the 'subnets' argument of a VPC stanza."
|
467
495
|
},
|
496
|
+
"list" => {
|
497
|
+
"type" => "boolean",
|
498
|
+
"default" => false,
|
499
|
+
"description" => "Treat the value as a comma-separated list to be converted into an array of strings. This will be ignored if {list_of} is set."
|
500
|
+
},
|
468
501
|
"prettyname" => {
|
469
502
|
"type" => "string",
|
470
503
|
"description" => "An alternative name to use when generating parameter fields in, for example, CloudFormation templates"
|
data/modules/mu/config/server.rb
CHANGED
@@ -30,12 +30,12 @@ module MU
|
|
30
30
|
if !server['active_directory'].nil?
|
31
31
|
["domain_admin_vault", "domain_join_vault"].each { |vault_class|
|
32
32
|
server['vault_access'] << {
|
33
|
-
|
34
|
-
|
33
|
+
"vault" => server['active_directory'][vault_class]['vault'],
|
34
|
+
"item" => server['active_directory'][vault_class]['item']
|
35
35
|
}
|
36
36
|
item = groomclass.getSecret(
|
37
|
-
|
38
|
-
|
37
|
+
vault: server['active_directory'][vault_class]['vault'],
|
38
|
+
item: server['active_directory'][vault_class]['item'],
|
39
39
|
)
|
40
40
|
["username_field", "password_field"].each { |field|
|
41
41
|
if !item.has_key?(server['active_directory'][vault_class][field])
|
@@ -50,8 +50,8 @@ module MU
|
|
50
50
|
server['use_cloud_provider_windows_password'] = false
|
51
51
|
|
52
52
|
server['vault_access'] << {
|
53
|
-
|
54
|
-
|
53
|
+
"vault" => server['windows_auth_vault']['vault'],
|
54
|
+
"item" => server['windows_auth_vault']['item']
|
55
55
|
}
|
56
56
|
item = groomclass.getSecret(
|
57
57
|
vault: server['windows_auth_vault']['vault'],
|
@@ -67,6 +67,7 @@ module MU
|
|
67
67
|
# Check all of the non-special ones while we're at it
|
68
68
|
server['vault_access'].each { |v|
|
69
69
|
next if v['vault'] == "splunk" and v['item'] == "admin_user"
|
70
|
+
next if !v['vault'] # assumed to be the one the server or database will always have
|
70
71
|
item = groomclass.getSecret(vault: v['vault'], item: v['item'])
|
71
72
|
}
|
72
73
|
rescue MuError
|
@@ -445,6 +446,21 @@ module MU
|
|
445
446
|
"value_is" => "centos7",
|
446
447
|
"set" => "centos"
|
447
448
|
},
|
449
|
+
{
|
450
|
+
"key_is" => "platform",
|
451
|
+
"value_is" => "amazon",
|
452
|
+
"set" => "ec2-user"
|
453
|
+
},
|
454
|
+
{
|
455
|
+
"key_is" => "platform",
|
456
|
+
"value_is" => "amazon2",
|
457
|
+
"set" => "ec2-user"
|
458
|
+
},
|
459
|
+
{
|
460
|
+
"key_is" => "platform",
|
461
|
+
"value_is" => "amazon2023",
|
462
|
+
"set" => "ec2-user"
|
463
|
+
},
|
448
464
|
{
|
449
465
|
"key_is" => "platform",
|
450
466
|
"value_is" => "centos8",
|
@@ -478,32 +494,32 @@ module MU
|
|
478
494
|
"type" => "object",
|
479
495
|
"description" => "Chef Node structure artifact for mu-tools cookbook.",
|
480
496
|
},
|
481
|
-
# Objects here will be stored in this node's Chef Vault
|
497
|
+
# Objects here will be stored in this node's Chef/Ansible/etc Vault
|
482
498
|
"secrets" => {
|
483
499
|
"type" => "object",
|
484
|
-
"description" => "JSON artifact to be stored
|
500
|
+
"description" => "JSON artifact to be stored the appropriate groomer vault for this node. Note that these values will still be stored in plain text local to the MU server, but only accessible to nodes via Vault."
|
485
501
|
},
|
486
502
|
# This node will be granted access to the following Vault items.
|
487
503
|
"vault_access" => {
|
488
|
-
|
489
|
-
|
490
|
-
|
491
|
-
|
492
|
-
|
493
|
-
|
494
|
-
|
495
|
-
|
496
|
-
|
497
|
-
|
498
|
-
|
499
|
-
|
500
|
-
|
501
|
-
|
502
|
-
|
503
|
-
|
504
|
-
|
505
|
-
}
|
504
|
+
"type" => "array",
|
505
|
+
"minItems" => 1,
|
506
|
+
"items" => {
|
507
|
+
"description" => "Chef Vault items to which this node should be granted access.",
|
508
|
+
"type" => "object",
|
509
|
+
"title" => "vault_access",
|
510
|
+
"required" => ["item"],
|
511
|
+
"additionalProperties" => false,
|
512
|
+
"properties" => {
|
513
|
+
"vault" => {
|
514
|
+
"type" => "string",
|
515
|
+
"description" => "The Vault to which this node should be granted access. If not specified, will resolve to this resource's own vault (ex +MYAPP-DEV-2021091617-QT-FOODB+)"
|
516
|
+
},
|
517
|
+
"item" => {
|
518
|
+
"type" => "string",
|
519
|
+
"description" => "The item within the Vault to which this node should be granted access."
|
520
|
+
}
|
506
521
|
}
|
522
|
+
}
|
507
523
|
},
|
508
524
|
"existing_deploys" => {
|
509
525
|
"type" => "array",
|
@@ -590,7 +606,7 @@ module MU
|
|
590
606
|
"monitoring" => {
|
591
607
|
"type" => "boolean",
|
592
608
|
"default" => true,
|
593
|
-
"description" => "Enable detailed instance monitoring.",
|
609
|
+
"description" => "Enable detailed cloud provider instance monitoring.",
|
594
610
|
},
|
595
611
|
"private_ip" => {
|
596
612
|
"type" => "string",
|
data/modules/mu/config/tail.rb
CHANGED
@@ -41,14 +41,16 @@ module MU
|
|
41
41
|
attr_reader :runtimecode
|
42
42
|
attr_reader :valid_values
|
43
43
|
attr_reader :is_list_element
|
44
|
+
attr_reader :is_flat_list
|
44
45
|
|
45
|
-
def initialize(name, value, prettyname = nil, cloudtype = "String", valid_values = [], description = "", is_list_element = false, prefix: "", suffix: "", pseudo: false, runtimecode: nil, index: 0)
|
46
|
+
def initialize(name, value, prettyname = nil, cloudtype = "String", valid_values = [], description = "", is_list_element = false, prefix: "", suffix: "", pseudo: false, runtimecode: nil, index: 0, is_flat_list: false)
|
46
47
|
@name = name
|
47
48
|
@bindings = {}
|
48
49
|
@value = value
|
49
50
|
@valid_values = valid_values
|
50
51
|
@pseudo = pseudo
|
51
52
|
@index = index
|
53
|
+
@is_flat_list = is_flat_list
|
52
54
|
@runtimecode = runtimecode
|
53
55
|
@cloudtype = cloudtype
|
54
56
|
@is_list_element = is_list_element
|
@@ -142,7 +144,7 @@ module MU
|
|
142
144
|
# @param suffix [<String>]: A static String that should be appended to the stored value when queried
|
143
145
|
# @param pseudo [<Boolean>]: This is a pseudo-parameter, automatically provided, and not available as user input.
|
144
146
|
# @param runtimecode [<String>]: Actual code to allow the cloud layer to interpret literally in its own idiom, e.g. '"Ref" : "AWS::StackName"' for CloudFormation
|
145
|
-
def getTail(param, value: nil, prettyname: nil, cloudtype: "String", valid_values: [], description: nil, list_of: nil, prefix: "", suffix: "", pseudo: false, runtimecode: nil)
|
147
|
+
def getTail(param, value: nil, prettyname: nil, cloudtype: "String", valid_values: [], description: nil, list_of: nil, flat_list: false, prefix: "", suffix: "", pseudo: false, runtimecode: nil)
|
146
148
|
param = param.gsub(/[^a-z0-9_]/i, "_")
|
147
149
|
if value.nil?
|
148
150
|
if @@parameters.nil? or !@@parameters.has_key?(param)
|
@@ -156,23 +158,30 @@ module MU
|
|
156
158
|
if !prettyname.nil?
|
157
159
|
prettyname.gsub!(/[^a-z0-9]/i, "") # comply with CloudFormation restrictions
|
158
160
|
end
|
161
|
+
|
159
162
|
if value.is_a?(MU::Config::Tail)
|
160
163
|
MU.log "Parameter #{param} is using a nested parameter as a value. This rarely works, depending on the target cloud. YMMV.", MU::WARN
|
161
164
|
tail = MU::Config::Tail.new(param, value, prettyname, cloudtype, valid_values, description, prefix: prefix, suffix: suffix, pseudo: pseudo, runtimecode: runtimecode)
|
162
|
-
elsif !list_of.nil? or (@@tails.has_key?(param) and @@tails[param].is_a?(Array))
|
165
|
+
elsif !list_of.nil? or flat_list or (@@tails.has_key?(param) and @@tails[param].is_a?(Array))
|
163
166
|
tail = []
|
164
167
|
count = 0
|
165
168
|
value.split(/\s*,\s*/).each { |subval|
|
166
169
|
if @@tails.has_key?(param) and !@@tails[param][count].nil?
|
167
|
-
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
170
|
+
src = @@tails[param][count].is_a?(Hash) ? @@tails[param][count].values.first : @@tails[param][count]
|
171
|
+
subval ||= src.to_s
|
172
|
+
is_flat_list = !(@@tails[param][count].is_a?(Hash))
|
173
|
+
list_of ||= src.getName
|
174
|
+
prettyname ||= src.getPrettyName
|
175
|
+
description ||= src.description
|
176
|
+
valid_values = src.valid_values if valid_values.nil? or valid_values.empty?
|
177
|
+
cloudtype = src.getCloudType if src.getCloudType != "String"
|
173
178
|
end
|
174
179
|
prettyname = param.capitalize if prettyname.nil?
|
175
|
-
|
180
|
+
if !is_flat_list and list_of
|
181
|
+
tail << { list_of => MU::Config::Tail.new(list_of, subval, prettyname, cloudtype, valid_values, description, true, pseudo: pseudo, index: count) }
|
182
|
+
else
|
183
|
+
tail << MU::Config::Tail.new(param, subval, prettyname, cloudtype, valid_values, description, true, pseudo: pseudo, index: count, is_flat_list: true)
|
184
|
+
end
|
176
185
|
count = count + 1
|
177
186
|
}
|
178
187
|
else
|
data/modules/mu/config.rb
CHANGED
@@ -341,9 +341,9 @@ module MU
|
|
341
341
|
end
|
342
342
|
end
|
343
343
|
if param.has_key?("cloudtype")
|
344
|
-
getTail(param['name'], value: @@parameters[param['name']], cloudtype: param["cloudtype"], valid_values: param['valid_values'], description: param['description'], prettyname: param['prettyname'], list_of: param['list_of'])
|
344
|
+
getTail(param['name'], value: @@parameters[param['name']], cloudtype: param["cloudtype"], valid_values: param['valid_values'], description: param['description'], prettyname: param['prettyname'], list_of: param['list_of'], flat_list: param['list'])
|
345
345
|
else
|
346
|
-
getTail(param['name'], value: @@parameters[param['name']], valid_values: param['valid_values'], description: param['description'], prettyname: param['prettyname'], list_of: param['list_of'])
|
346
|
+
getTail(param['name'], value: @@parameters[param['name']], valid_values: param['valid_values'], description: param['description'], prettyname: param['prettyname'], list_of: param['list_of'], flat_list: param['list'])
|
347
347
|
end
|
348
348
|
}
|
349
349
|
end
|
@@ -435,8 +435,8 @@ module MU
|
|
435
435
|
# @param resource [Hash]
|
436
436
|
# @param name [String]
|
437
437
|
# @param type [String]
|
438
|
-
# @param
|
439
|
-
# @param
|
438
|
+
# @param their_phase [String]
|
439
|
+
# @param my_phase [String]
|
440
440
|
def self.addDependency(resource, name, type, their_phase: "create", my_phase: nil)
|
441
441
|
if ![nil, "create", "groom"].include?(their_phase)
|
442
442
|
raise MuError, "Invalid their_phase '#{their_phase}' while adding dependency #{type} #{name} to #{resource['name']}"
|
@@ -828,7 +828,7 @@ module MU
|
|
828
828
|
begin
|
829
829
|
JSON::Validator.validate!(myschema, plain_cfg)
|
830
830
|
rescue JSON::Schema::ValidationError
|
831
|
-
pp
|
831
|
+
puts PP.pp(plain_cfg, '').bold
|
832
832
|
# Use fully_validate to get the complete error list, save some time
|
833
833
|
errors = JSON::Validator.fully_validate(myschema, plain_cfg)
|
834
834
|
realerrors = []
|
@@ -1163,6 +1163,7 @@ module MU
|
|
1163
1163
|
myAZ = $myAZ
|
1164
1164
|
myRegion = $myRegion
|
1165
1165
|
myAppName = $myAppName
|
1166
|
+
credentials = @default_credentials ? @default_credentials : "default"
|
1166
1167
|
|
1167
1168
|
# return MU::Config.global_bindings[keyset] if MU::Config.global_bindings[keyset]
|
1168
1169
|
MU::Config.global_bindings[keyset] = binding
|
@@ -1,66 +1,53 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
|
4
|
-
ap-
|
5
|
-
ap-northeast-
|
6
|
-
ap-south-1: ami-
|
7
|
-
ap-southeast-1: ami-
|
8
|
-
|
9
|
-
|
10
|
-
eu-
|
11
|
-
eu-
|
12
|
-
eu-west-1: ami-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
us-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
ap-
|
41
|
-
ap-southeast-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
eu-west-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
us-west-1: ami-0ea3494c08412920e
|
52
|
-
us-west-2: ami-055ce4c70b0ceabcb
|
53
|
-
ubuntu16: &3
|
54
|
-
us-east-1: ami-bcdc16c6
|
55
|
-
us-west-1: ami-1b17257b
|
56
|
-
us-west-2: ami-19e92861
|
57
|
-
eu-west-1: ami-eed00d97
|
58
|
-
eu-central-1: ami-e613ac89
|
59
|
-
sa-east-1: ami-1ca7d970
|
60
|
-
ap-northeast-1: ami-6959870f
|
61
|
-
ap-northeast-2: ami-08d77266
|
62
|
-
ap-southeast-1: ami-d9dca7ba
|
63
|
-
ap-southeast-2: ami-02ad4060
|
2
|
+
ubuntu20: &3
|
3
|
+
af-south-1: ami-0670428c515903d37
|
4
|
+
ap-east-1: ami-0350928fdb53ae439
|
5
|
+
ap-northeast-1: ami-0a3eb6ca097b78895
|
6
|
+
ap-south-1: ami-05ba3a39a75be1ec4
|
7
|
+
ap-southeast-1: ami-0750a20e9959e44ff
|
8
|
+
ca-central-1: ami-073c944d45ffb4f27
|
9
|
+
eu-central-1: ami-02584c1c9d05efa69
|
10
|
+
eu-north-1: ami-09f0506c9ef0fb473
|
11
|
+
eu-south-1: ami-06ea0ad3f5adc2565
|
12
|
+
eu-west-1: ami-00e7df8df28dfa791
|
13
|
+
me-south-1: ami-05b680b37c7917206
|
14
|
+
sa-east-1: ami-077518a464c82703b
|
15
|
+
us-east-1: ami-0c4f7023847b90238
|
16
|
+
us-west-1: ami-0487b1fe60c1fd1a2
|
17
|
+
af-south-1: ami-000ab2cb7ff83c5eb
|
18
|
+
ap-east-1: ami-0827918a2d84bd005
|
19
|
+
ap-northeast-1: ami-079a259b40675acc6
|
20
|
+
ap-south-1: ami-075ebde7b27c12bc0
|
21
|
+
ap-southeast-1: ami-04be67a4d5cb63d4e
|
22
|
+
ca-central-1: ami-071c767dd20b7339f
|
23
|
+
eu-central-1: ami-064768e636ea1ae04
|
24
|
+
eu-north-1: ami-053d8a8a6f91d4aec
|
25
|
+
eu-south-1: ami-0b273191310849e2d
|
26
|
+
eu-west-1: ami-009c3f9c3bfcf00f0
|
27
|
+
me-south-1: ami-0151ae040b710b0cf
|
28
|
+
sa-east-1: ami-0c6915838c72f6d16
|
29
|
+
us-east-1: ami-0d70a59d7191a8079
|
30
|
+
us-west-1: ami-06c272cb6ba6b812d
|
31
|
+
us-gov-east-1: ami-0eb7ef4cc0594fa04
|
32
|
+
us-gov-west-1: ami-029a634618d6c0300
|
33
|
+
us-gov-east-1: ami-00675642586ed8b16
|
34
|
+
us-gov-west-1: ami-0947a235367a203c9
|
35
|
+
ap-northeast-2: ami-0225bc2990c54ce9a
|
36
|
+
ap-southeast-2: ami-0d539270873f66397
|
37
|
+
eu-west-2: ami-00826bd51e68b1487
|
38
|
+
us-east-2: ami-0eea504f45ef7a8f7
|
39
|
+
us-west-2: ami-0cb4e786f15603b0d
|
40
|
+
ap-northeast-2: ami-032ce4dc565d286ec
|
41
|
+
ap-southeast-2: ami-06d39abb1664bf70e
|
42
|
+
eu-west-2: ami-07c7023e96cb88196
|
43
|
+
us-east-2: ami-008e02c1f94100fd9
|
44
|
+
us-west-2: ami-025fc2c61f9333edc
|
45
|
+
ap-northeast-3: ami-0c2223049202ca738
|
46
|
+
ap-southeast-3: ami-0f06496957d1fe04a
|
47
|
+
eu-west-3: ami-0a21d1c76ac56fee7
|
48
|
+
ap-northeast-3: ami-0a4d5c02a15b5ea05
|
49
|
+
ap-southeast-3: ami-05469598f0bccf936
|
50
|
+
eu-west-3: ami-0190e6d0d8c1fe02d
|
64
51
|
ubuntu14:
|
65
52
|
us-east-1: ami-663a6e0c
|
66
53
|
us-west-1: ami-13988772
|
@@ -73,57 +60,33 @@ ubuntu14:
|
|
73
60
|
ap-southeast-1: ami-2855964b
|
74
61
|
ap-southeast-2: ami-d19fc4b2
|
75
62
|
win2k12r2: &1
|
76
|
-
us-east-1: ami-
|
77
|
-
us-east-2: ami-
|
78
|
-
|
79
|
-
us-west-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
us-
|
94
|
-
us-
|
95
|
-
|
96
|
-
us-
|
97
|
-
|
98
|
-
us-west-1: ami-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
ap-northeast-1: ami-014c730050acef11d
|
104
|
-
ap-south-1: ami-0c3c8739263aa4844
|
105
|
-
ap-northeast-2: ami-0018a05eb15503b5e
|
106
|
-
ap-southeast-2: ami-0b50bfbb507285a89
|
107
|
-
ap-southeast-1: ami-073c677bcf225774a
|
108
|
-
eu-north-1: ami-09bb6d618593f2e7f
|
109
|
-
win2k19:
|
110
|
-
us-east-1: ami-09c18c34c341f2b6a
|
111
|
-
us-east-2: ami-030371d5ee8881350
|
112
|
-
ca-central-1: ami-018e5bf45c30fa58f
|
113
|
-
us-west-2: ami-07d1e5c4f906877e1
|
114
|
-
eu-west-2: ami-0b9d95fef44aa7c11
|
115
|
-
us-west-1: ami-0e7e082d6fa1769f3
|
116
|
-
eu-west-1: ami-05573fafa080144b6
|
117
|
-
eu-central-1: ami-0122b027c265988ea
|
118
|
-
eu-west-3: ami-0ba7c0a3dc4148b6a
|
119
|
-
eu-north-1: ami-03d8c3307f72f9847
|
120
|
-
sa-east-1: ami-0d0f66c3e0dfc09ee
|
121
|
-
ap-northeast-2: ami-07eff56de9293ab16
|
122
|
-
ap-northeast-1: ami-020fb790a3bed4cda
|
123
|
-
ap-southeast-1: ami-0b5d036d6d711a4c8
|
124
|
-
ap-southeast-2: ami-0fff96935fef7bf60
|
125
|
-
ap-south-1: ami-030ec249497f66a33
|
126
|
-
amazon:
|
63
|
+
us-east-1: ami-0fc211ea56b172cdb
|
64
|
+
us-east-2: ami-0c559960e17c7bbff
|
65
|
+
us-west-2: ami-0c2a974f145ad7b53
|
66
|
+
us-west-1: ami-0b4e0252dffc41c98
|
67
|
+
win2k16:
|
68
|
+
us-east-1: ami-02ae3989c58aefad5
|
69
|
+
us-east-2: ami-0269af40607a3ba35
|
70
|
+
us-west-1: ami-0051dca2f308635c0
|
71
|
+
us-west-2: ami-0d6eeeae0729c800c
|
72
|
+
win2k19: &2
|
73
|
+
us-east-1: ami-075ac92102843eaa9
|
74
|
+
us-east-2: ami-0655085ead3f9a05d
|
75
|
+
us-west-1: ami-08e8fdee01486e656
|
76
|
+
us-west-2: ami-0e5f0bd903025b4b6
|
77
|
+
centos7: &4
|
78
|
+
us-east-1: ami-021a033508ff35a45
|
79
|
+
us-east-2: ami-0eac2356dec5e031a
|
80
|
+
us-west-2: ami-05568b0fd4ad69d41
|
81
|
+
us-west-1: ami-0318b20ca171e16f0
|
82
|
+
rhel79: &5
|
83
|
+
us-east-1: ami-099b4dbc8b9cdee98
|
84
|
+
us-east-2: ami-03be73fea244ae122
|
85
|
+
us-west-1: ami-0c2b107078c52b02e
|
86
|
+
us-west-2: ami-0557fe078d2fcf2bf
|
87
|
+
amazon2023: &6
|
88
|
+
us-east-1: ami-066784287e358dad1
|
89
|
+
amazon2:
|
127
90
|
us-east-1: ami-b73b63a0
|
128
91
|
us-east-2: ami-58277d3d
|
129
92
|
us-west-1: ami-23e8a343
|
@@ -142,4 +105,5 @@ ubuntu: *3
|
|
142
105
|
centos: *4
|
143
106
|
rhel7: *5
|
144
107
|
rhel: *5
|
145
|
-
linux: *
|
108
|
+
linux: *6
|
109
|
+
amazon: *6
|
data/modules/mu/deploy.rb
CHANGED
@@ -684,7 +684,6 @@ MESSAGE_END
|
|
684
684
|
if !@updating or mode != "create"
|
685
685
|
myservice = run_this_method.call
|
686
686
|
else
|
687
|
-
|
688
687
|
# XXX experimental create behavior for --liveupdate flag, only works on a couple of resource types. Inserting new resources into an old deploy is tricky.
|
689
688
|
opts = {}
|
690
689
|
if myservice["#MU_CLOUDCLASS"].cfg_name == "loadbalancer"
|
@@ -705,7 +704,15 @@ MESSAGE_END
|
|
705
704
|
)
|
706
705
|
|
707
706
|
found = found.delete_if { |x|
|
708
|
-
x.cloud_id.nil? and x.cloudobj.cloud_id.nil?
|
707
|
+
failed = (x.cloud_id.nil? and x.cloudobj.cloud_id.nil?)
|
708
|
+
if !failed
|
709
|
+
begin
|
710
|
+
failed = true if !x.cloud_desc
|
711
|
+
rescue StandardError
|
712
|
+
failed = true
|
713
|
+
end
|
714
|
+
end
|
715
|
+
failed
|
709
716
|
}
|
710
717
|
|
711
718
|
if found.size == 0
|
data/modules/mu/groomer.rb
CHANGED
@@ -129,10 +129,18 @@ module MU
|
|
129
129
|
MU.log "Calling groomer method #{method}", MU::DEBUG, details: ["sensitive output suppress"]
|
130
130
|
end
|
131
131
|
begin
|
132
|
-
if !args.nil?
|
133
|
-
|
134
|
-
|
135
|
-
|
132
|
+
if !args.nil?
|
133
|
+
if args.is_a?(Hash)
|
134
|
+
retval = @groomer_obj.method(method).call(**args)
|
135
|
+
elsif args.is_a?(Array)
|
136
|
+
if args.size == 1 and args.first.is_a?(Hash)
|
137
|
+
retval = @groomer_obj.method(method).call(**args.first)
|
138
|
+
else
|
139
|
+
retval = @groomer_obj.method(method).call(*args)
|
140
|
+
end
|
141
|
+
else
|
142
|
+
retval = @groomer_obj.method(method).call(args)
|
143
|
+
end
|
136
144
|
else
|
137
145
|
retval = @groomer_obj.method(method).call
|
138
146
|
end
|