cloud-mu 3.5.0 → 3.6.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (245) hide show
  1. checksums.yaml +4 -4
  2. data/Berksfile +5 -2
  3. data/Berksfile.lock +135 -0
  4. data/ansible/roles/mu-base/README.md +33 -0
  5. data/ansible/roles/mu-base/defaults/main.yml +2 -0
  6. data/ansible/roles/mu-base/files/check_apm.cfg +1 -0
  7. data/ansible/roles/mu-base/files/check_apm.sh +18 -0
  8. data/ansible/roles/mu-base/files/check_disk.cfg +1 -0
  9. data/ansible/roles/mu-base/files/check_elastic_shards.cfg +1 -0
  10. data/ansible/roles/mu-base/files/check_elastic_shards.sh +12 -0
  11. data/ansible/roles/mu-base/files/check_logstash.cfg +1 -0
  12. data/ansible/roles/mu-base/files/check_logstash.sh +14 -0
  13. data/ansible/roles/mu-base/files/check_mem.cfg +1 -0
  14. data/ansible/roles/mu-base/files/check_updates.cfg +1 -0
  15. data/ansible/roles/mu-base/files/logrotate.conf +35 -0
  16. data/ansible/roles/mu-base/files/nrpe-apm-sudo +1 -0
  17. data/ansible/roles/mu-base/files/nrpe-elasticshards-sudo +2 -0
  18. data/ansible/roles/mu-base/handlers/main.yml +5 -0
  19. data/ansible/roles/mu-base/meta/main.yml +53 -0
  20. data/ansible/roles/mu-base/tasks/main.yml +113 -0
  21. data/ansible/roles/mu-base/templates/nrpe.cfg.j2 +231 -0
  22. data/ansible/roles/mu-base/tests/inventory +2 -0
  23. data/ansible/roles/mu-base/tests/test.yml +5 -0
  24. data/ansible/roles/mu-base/vars/main.yml +1 -0
  25. data/ansible/roles/mu-compliance/README.md +33 -0
  26. data/ansible/roles/mu-compliance/defaults/main.yml +2 -0
  27. data/ansible/roles/mu-compliance/files/U_MS_Windows_Server_2016_V2R1_STIG_SCAP_1-2_Benchmark.xml +15674 -0
  28. data/ansible/roles/mu-compliance/files/U_MS_Windows_Server_2019_V2R1_STIG_SCAP_1-2_Benchmark.xml +17553 -0
  29. data/ansible/roles/mu-compliance/handlers/main.yml +2 -0
  30. data/ansible/roles/mu-compliance/meta/main.yml +53 -0
  31. data/ansible/roles/mu-compliance/tasks/main.yml +45 -0
  32. data/ansible/roles/mu-compliance/tests/inventory +2 -0
  33. data/ansible/roles/mu-compliance/tests/test.yml +5 -0
  34. data/ansible/roles/mu-compliance/vars/main.yml +4 -0
  35. data/ansible/roles/mu-elastic/README.md +51 -0
  36. data/ansible/roles/mu-elastic/defaults/main.yml +2 -0
  37. data/ansible/roles/mu-elastic/files/jvm.options +93 -0
  38. data/ansible/roles/mu-elastic/handlers/main.yml +10 -0
  39. data/ansible/roles/mu-elastic/meta/main.yml +52 -0
  40. data/ansible/roles/mu-elastic/tasks/main.yml +186 -0
  41. data/ansible/roles/mu-elastic/templates/elasticsearch.yml.j2 +110 -0
  42. data/ansible/roles/mu-elastic/templates/kibana.yml.j2 +131 -0
  43. data/ansible/roles/mu-elastic/templates/password_set.expect.j2 +19 -0
  44. data/ansible/roles/mu-elastic/tests/inventory +2 -0
  45. data/ansible/roles/mu-elastic/tests/test.yml +5 -0
  46. data/ansible/roles/mu-elastic/vars/main.yml +2 -0
  47. data/ansible/roles/mu-logstash/README.md +51 -0
  48. data/ansible/roles/mu-logstash/defaults/main.yml +2 -0
  49. data/ansible/roles/mu-logstash/files/02-beats-input.conf +5 -0
  50. data/ansible/roles/mu-logstash/files/10-rails-filter.conf +16 -0
  51. data/ansible/roles/mu-logstash/files/jvm.options +84 -0
  52. data/ansible/roles/mu-logstash/files/logstash.yml +304 -0
  53. data/ansible/roles/mu-logstash/handlers/main.yml +20 -0
  54. data/ansible/roles/mu-logstash/meta/main.yml +52 -0
  55. data/ansible/roles/mu-logstash/tasks/main.yml +254 -0
  56. data/ansible/roles/mu-logstash/templates/20-cloudtrail.conf.j2 +28 -0
  57. data/ansible/roles/mu-logstash/templates/30-elasticsearch-output.conf.j2 +19 -0
  58. data/ansible/roles/mu-logstash/templates/apm-server.yml.j2 +33 -0
  59. data/ansible/roles/mu-logstash/templates/heartbeat.yml.j2 +29 -0
  60. data/ansible/roles/mu-logstash/templates/nginx/apm.conf.j2 +25 -0
  61. data/ansible/roles/mu-logstash/templates/nginx/default.conf.j2 +56 -0
  62. data/ansible/roles/mu-logstash/templates/nginx/elastic.conf.j2 +27 -0
  63. data/ansible/roles/mu-logstash/tests/inventory +2 -0
  64. data/ansible/roles/mu-logstash/tests/test.yml +5 -0
  65. data/ansible/roles/mu-logstash/vars/main.yml +2 -0
  66. data/ansible/roles/mu-rdp/README.md +33 -0
  67. data/ansible/roles/mu-rdp/meta/main.yml +53 -0
  68. data/ansible/roles/mu-rdp/tasks/main.yml +9 -0
  69. data/ansible/roles/mu-rdp/tests/inventory +2 -0
  70. data/ansible/roles/mu-rdp/tests/test.yml +5 -0
  71. data/ansible/roles/mu-windows/tasks/main.yml +3 -0
  72. data/bin/mu-ansible-secret +1 -1
  73. data/bin/mu-aws-setup +4 -3
  74. data/bin/mu-azure-setup +5 -5
  75. data/bin/mu-configure +25 -17
  76. data/bin/mu-firewall-allow-clients +1 -0
  77. data/bin/mu-gcp-setup +3 -3
  78. data/bin/mu-load-config.rb +1 -0
  79. data/bin/mu-node-manage +66 -33
  80. data/bin/mu-self-update +2 -2
  81. data/bin/mu-upload-chef-artifacts +6 -1
  82. data/bin/mu-user-manage +1 -1
  83. data/cloud-mu.gemspec +25 -23
  84. data/cookbooks/firewall/CHANGELOG.md +417 -224
  85. data/cookbooks/firewall/LICENSE +202 -0
  86. data/cookbooks/firewall/README.md +153 -126
  87. data/cookbooks/firewall/TODO.md +6 -0
  88. data/cookbooks/firewall/attributes/firewalld.rb +7 -0
  89. data/cookbooks/firewall/attributes/iptables.rb +3 -3
  90. data/cookbooks/firewall/chefignore +115 -0
  91. data/cookbooks/firewall/libraries/helpers.rb +5 -0
  92. data/cookbooks/firewall/libraries/helpers_firewalld.rb +1 -1
  93. data/cookbooks/firewall/libraries/helpers_firewalld_dbus.rb +72 -0
  94. data/cookbooks/firewall/libraries/helpers_iptables.rb +3 -3
  95. data/cookbooks/firewall/libraries/helpers_nftables.rb +170 -0
  96. data/cookbooks/firewall/libraries/helpers_ufw.rb +7 -0
  97. data/cookbooks/firewall/libraries/helpers_windows.rb +8 -9
  98. data/cookbooks/firewall/libraries/provider_firewall_firewalld.rb +9 -9
  99. data/cookbooks/firewall/libraries/provider_firewall_iptables.rb +7 -7
  100. data/cookbooks/firewall/libraries/provider_firewall_iptables_ubuntu.rb +12 -8
  101. data/cookbooks/firewall/libraries/provider_firewall_iptables_ubuntu1404.rb +13 -9
  102. data/cookbooks/firewall/libraries/provider_firewall_rule.rb +1 -1
  103. data/cookbooks/firewall/libraries/provider_firewall_ufw.rb +5 -5
  104. data/cookbooks/firewall/libraries/provider_firewall_windows.rb +4 -4
  105. data/cookbooks/firewall/libraries/resource_firewall_rule.rb +3 -3
  106. data/cookbooks/firewall/metadata.json +40 -1
  107. data/cookbooks/firewall/metadata.rb +15 -0
  108. data/cookbooks/firewall/recipes/default.rb +7 -7
  109. data/cookbooks/firewall/recipes/disable_firewall.rb +1 -1
  110. data/cookbooks/firewall/recipes/firewalld.rb +87 -0
  111. data/cookbooks/firewall/renovate.json +18 -0
  112. data/cookbooks/firewall/resources/firewalld.rb +28 -0
  113. data/cookbooks/firewall/resources/firewalld_config.rb +39 -0
  114. data/cookbooks/firewall/resources/firewalld_helpers.rb +106 -0
  115. data/cookbooks/firewall/resources/firewalld_icmptype.rb +88 -0
  116. data/cookbooks/firewall/resources/firewalld_ipset.rb +104 -0
  117. data/cookbooks/firewall/resources/firewalld_policy.rb +115 -0
  118. data/cookbooks/firewall/resources/firewalld_service.rb +98 -0
  119. data/cookbooks/firewall/resources/firewalld_zone.rb +118 -0
  120. data/cookbooks/firewall/resources/nftables.rb +71 -0
  121. data/cookbooks/firewall/resources/nftables_rule.rb +113 -0
  122. data/cookbooks/mu-activedirectory/Berksfile +1 -1
  123. data/cookbooks/mu-activedirectory/metadata.rb +1 -1
  124. data/cookbooks/mu-firewall/metadata.rb +2 -2
  125. data/cookbooks/mu-master/Berksfile +4 -3
  126. data/cookbooks/mu-master/attributes/default.rb +5 -2
  127. data/cookbooks/mu-master/files/default/check_elastic.sh +761 -0
  128. data/cookbooks/mu-master/files/default/check_kibana.rb +45 -0
  129. data/cookbooks/mu-master/libraries/mu.rb +24 -0
  130. data/cookbooks/mu-master/metadata.rb +5 -5
  131. data/cookbooks/mu-master/recipes/default.rb +31 -20
  132. data/cookbooks/mu-master/recipes/firewall-holes.rb +5 -0
  133. data/cookbooks/mu-master/recipes/init.rb +58 -19
  134. data/cookbooks/mu-master/recipes/update_nagios_only.rb +251 -178
  135. data/cookbooks/mu-master/templates/default/nagios.conf.erb +5 -11
  136. data/cookbooks/mu-master/templates/default/web_app.conf.erb +3 -0
  137. data/cookbooks/mu-php54/Berksfile +1 -1
  138. data/cookbooks/mu-php54/metadata.rb +2 -2
  139. data/cookbooks/mu-tools/Berksfile +2 -3
  140. data/cookbooks/mu-tools/attributes/default.rb +3 -4
  141. data/cookbooks/mu-tools/files/amazon/etc/bashrc +90 -0
  142. data/cookbooks/mu-tools/files/amazon/etc/login.defs +292 -0
  143. data/cookbooks/mu-tools/files/amazon/etc/profile +77 -0
  144. data/cookbooks/mu-tools/files/amazon/etc/security/limits.conf +63 -0
  145. data/cookbooks/mu-tools/files/amazon/etc/sysconfig/init +19 -0
  146. data/cookbooks/mu-tools/files/amazon/etc/sysctl.conf +82 -0
  147. data/cookbooks/mu-tools/files/amazon-2023/etc/login.defs +294 -0
  148. data/cookbooks/mu-tools/files/default/logrotate.conf +35 -0
  149. data/cookbooks/mu-tools/files/default/nrpe_conf_d.pp +0 -0
  150. data/cookbooks/mu-tools/libraries/helper.rb +21 -9
  151. data/cookbooks/mu-tools/metadata.rb +4 -4
  152. data/cookbooks/mu-tools/recipes/apply_security.rb +3 -2
  153. data/cookbooks/mu-tools/recipes/aws_api.rb +23 -5
  154. data/cookbooks/mu-tools/recipes/base_repositories.rb +4 -1
  155. data/cookbooks/mu-tools/recipes/gcloud.rb +56 -56
  156. data/cookbooks/mu-tools/recipes/nagios.rb +1 -1
  157. data/cookbooks/mu-tools/recipes/nrpe.rb +20 -2
  158. data/cookbooks/mu-tools/recipes/rsyslog.rb +12 -1
  159. data/cookbooks/mu-tools/recipes/set_local_fw.rb +1 -1
  160. data/data_bags/nagios_services/apm_backend_connect.json +5 -0
  161. data/data_bags/nagios_services/apm_listen.json +5 -0
  162. data/data_bags/nagios_services/elastic_shards.json +5 -0
  163. data/data_bags/nagios_services/logstash.json +5 -0
  164. data/data_bags/nagios_services/rhel7_updates.json +8 -0
  165. data/extras/image-generators/AWS/centos7.yaml +1 -0
  166. data/extras/image-generators/AWS/rhel7.yaml +21 -0
  167. data/extras/image-generators/AWS/win2k12r2.yaml +1 -0
  168. data/extras/image-generators/AWS/win2k16.yaml +1 -0
  169. data/extras/image-generators/AWS/win2k19.yaml +1 -0
  170. data/extras/list-stock-amis +0 -0
  171. data/extras/ruby_rpm/muby.spec +8 -5
  172. data/extras/vault_tools/export_vaults.sh +1 -1
  173. data/extras/vault_tools/recreate_vaults.sh +0 -0
  174. data/extras/vault_tools/test_vaults.sh +0 -0
  175. data/install/deprecated-bash-library.sh +1 -1
  176. data/install/installer +4 -2
  177. data/modules/mommacat.ru +3 -1
  178. data/modules/mu/adoption.rb +1 -1
  179. data/modules/mu/cloud/dnszone.rb +2 -2
  180. data/modules/mu/cloud/machine_images.rb +26 -25
  181. data/modules/mu/cloud/resource_base.rb +213 -182
  182. data/modules/mu/cloud/server_pool.rb +1 -1
  183. data/modules/mu/cloud/ssh_sessions.rb +7 -5
  184. data/modules/mu/cloud/wrappers.rb +2 -2
  185. data/modules/mu/cloud.rb +1 -1
  186. data/modules/mu/config/bucket.rb +1 -1
  187. data/modules/mu/config/function.rb +6 -1
  188. data/modules/mu/config/loadbalancer.rb +24 -2
  189. data/modules/mu/config/ref.rb +12 -0
  190. data/modules/mu/config/role.rb +1 -1
  191. data/modules/mu/config/schema_helpers.rb +42 -9
  192. data/modules/mu/config/server.rb +43 -27
  193. data/modules/mu/config/tail.rb +19 -10
  194. data/modules/mu/config.rb +6 -5
  195. data/modules/mu/defaults/AWS.yaml +78 -114
  196. data/modules/mu/deploy.rb +9 -2
  197. data/modules/mu/groomer.rb +12 -4
  198. data/modules/mu/groomers/ansible.rb +104 -20
  199. data/modules/mu/groomers/chef.rb +15 -6
  200. data/modules/mu/master.rb +9 -4
  201. data/modules/mu/mommacat/daemon.rb +4 -2
  202. data/modules/mu/mommacat/naming.rb +1 -2
  203. data/modules/mu/mommacat/storage.rb +7 -2
  204. data/modules/mu/mommacat.rb +33 -6
  205. data/modules/mu/providers/aws/database.rb +161 -8
  206. data/modules/mu/providers/aws/dnszone.rb +11 -6
  207. data/modules/mu/providers/aws/endpoint.rb +81 -6
  208. data/modules/mu/providers/aws/firewall_rule.rb +254 -172
  209. data/modules/mu/providers/aws/function.rb +65 -3
  210. data/modules/mu/providers/aws/loadbalancer.rb +39 -28
  211. data/modules/mu/providers/aws/log.rb +2 -1
  212. data/modules/mu/providers/aws/role.rb +25 -7
  213. data/modules/mu/providers/aws/server.rb +36 -12
  214. data/modules/mu/providers/aws/server_pool.rb +237 -127
  215. data/modules/mu/providers/aws/storage_pool.rb +7 -1
  216. data/modules/mu/providers/aws/user.rb +1 -1
  217. data/modules/mu/providers/aws/userdata/linux.erb +6 -2
  218. data/modules/mu/providers/aws/userdata/windows.erb +7 -5
  219. data/modules/mu/providers/aws/vpc.rb +49 -25
  220. data/modules/mu/providers/aws.rb +13 -8
  221. data/modules/mu/providers/azure/container_cluster.rb +1 -1
  222. data/modules/mu/providers/azure/loadbalancer.rb +2 -2
  223. data/modules/mu/providers/azure/server.rb +5 -2
  224. data/modules/mu/providers/azure/userdata/linux.erb +1 -1
  225. data/modules/mu/providers/azure.rb +11 -8
  226. data/modules/mu/providers/cloudformation/dnszone.rb +1 -1
  227. data/modules/mu/providers/google/container_cluster.rb +15 -2
  228. data/modules/mu/providers/google/folder.rb +2 -1
  229. data/modules/mu/providers/google/function.rb +130 -4
  230. data/modules/mu/providers/google/habitat.rb +2 -1
  231. data/modules/mu/providers/google/loadbalancer.rb +407 -160
  232. data/modules/mu/providers/google/role.rb +16 -3
  233. data/modules/mu/providers/google/server.rb +5 -1
  234. data/modules/mu/providers/google/user.rb +25 -18
  235. data/modules/mu/providers/google/userdata/linux.erb +1 -1
  236. data/modules/mu/providers/google/vpc.rb +53 -7
  237. data/modules/mu/providers/google.rb +39 -39
  238. data/modules/mu.rb +8 -8
  239. data/modules/tests/elk.yaml +46 -0
  240. data/test/mu-master-test/controls/all_in_one.rb +1 -1
  241. metadata +207 -112
  242. data/cookbooks/firewall/CONTRIBUTING.md +0 -2
  243. data/cookbooks/firewall/MAINTAINERS.md +0 -19
  244. data/cookbooks/firewall/libraries/matchers.rb +0 -30
  245. data/extras/image-generators/AWS/rhel71.yaml +0 -17
@@ -113,6 +113,7 @@ module MU
113
113
  }
114
114
  rescue MU::Groomer::RunError => e
115
115
  MU.log "Proceeding after failed initial Groomer run, but #{member.instance_id} may not behave as expected!", MU::WARN, details: e.inspect
116
+ pp e.backtrace
116
117
  rescue StandardError => e
117
118
  if !member.nil? and !done
118
119
  MU.log "Aborted before I could finish setting up #{@config['name']}, cleaning it up. Stack trace will print once cleanup is complete.", MU::WARN if !@deploy.nocleanup
@@ -592,6 +593,12 @@ module MU
592
593
  }
593
594
  }
594
595
  },
596
+ "shutdown_behavior" => {
597
+ "type" => "string",
598
+ "description" => "(Instance Templates only) Behavior when an instance is shut down at OS level",
599
+ "default" => "terminate",
600
+ "enum" => ["stop", "terminate"]
601
+ },
595
602
  "generate_iam_role" => {
596
603
  "type" => "boolean",
597
604
  "default" => true,
@@ -826,6 +833,15 @@ module MU
826
833
  },
827
834
  "ingress_rules" => MU::Cloud.resourceClass("AWS", "FirewallRule").ingressRuleAddtlSchema
828
835
  }
836
+ # Derpy hack: Make launch_template a valid basis key, largely the
837
+ # same schema as launch_config, just to cue us on which thing to
838
+ # build.
839
+ schema["basis"] = {
840
+ "properties" => {
841
+ "launch_template" => MU::Config::ServerPool.schema["properties"]["basis"]["properties"]["launch_config"].dup
842
+ }
843
+ }
844
+
829
845
  [toplevel_required, schema]
830
846
  end
831
847
 
@@ -893,8 +909,14 @@ module MU
893
909
  end
894
910
  }
895
911
 
896
- if !pool["basis"]["launch_config"].nil?
897
- launch = pool["basis"]["launch_config"]
912
+ if pool["basis"]["launch_config"] or pool["basis"]["launch_template"]
913
+ launch = if pool["basis"]["launch_config"]
914
+ MU.log "Launch Configurations are being sunsetted by AWS. You should switch to Launch Templates.", MU::WARN
915
+ sleep 10
916
+ pool["basis"]["launch_config"]
917
+ else
918
+ pool["basis"]["launch_template"]
919
+ end
898
920
  launch['iam_policies'] ||= pool['iam_policies']
899
921
 
900
922
  launch['size'] = MU::Cloud.resourceClass("AWS", "Server").validateInstanceType(launch["size"], pool["region"])
@@ -915,11 +937,10 @@ module MU
915
937
  }
916
938
  MU::Cloud.resourceClass("AWS", "Server").generateStandardRole(pool, configurator)
917
939
 
918
- launch["ami_id"] ||= launch["image_id"]
919
- if launch["server"].nil? and launch["instance_id"].nil? and launch["ami_id"].nil?
940
+ if launch["server"].nil? and launch["instance_id"].nil? and launch["image_id"].nil?
920
941
  img_id = MU::Cloud.getStockImage("AWS", platform: pool['platform'], region: pool['region'])
921
942
  if img_id
922
- launch['ami_id'] = configurator.getTail("pool"+pool['name']+"AMI", value: img_id, prettyname: "pool"+pool['name']+"AMI", cloudtype: "AWS::EC2::Image::Id")
943
+ launch['image_id'] = configurator.getTail("pool"+pool['name']+"AMI", value: img_id, prettyname: "pool"+pool['name']+"AMI", cloudtype: "AWS::EC2::Image::Id")
923
944
 
924
945
  else
925
946
  ok = false
@@ -1094,7 +1115,7 @@ module MU
1094
1115
  launch_configuration_name: resource_id
1095
1116
  )
1096
1117
  rescue Aws::AutoScaling::Errors::ValidationError => e
1097
- MU.log "No such Launch Configuration #{resource_id}"
1118
+ MU.log "No such Launch Configuration #{resource_id}", MU::DEBUG
1098
1119
  rescue Aws::AutoScaling::Errors::InternalFailure => e
1099
1120
  if retries < 5
1100
1121
  MU.log "Got #{e.inspect} while removing Launch Configuration #{resource_id}.", MU::WARN
@@ -1104,6 +1125,14 @@ module MU
1104
1125
  MU.log "Failed to delete Launch Configuration #{resource_id}", MU::ERR
1105
1126
  end
1106
1127
  end
1128
+
1129
+ retries = 0
1130
+ begin
1131
+ MU.log "Removing Launch Template #{resource_id}"
1132
+ MU::Cloud::AWS.ec2(region: region, credentials: credentials).delete_launch_template(launch_template_name: resource_id)
1133
+ rescue Aws::EC2::Errors::InvalidLaunchTemplateNameNotFoundException => e
1134
+ MU.log "No such Launch Template #{resource_id}", MU::DEBUG
1135
+ end
1107
1136
  }
1108
1137
  return nil
1109
1138
  end
@@ -1111,31 +1140,58 @@ module MU
1111
1140
  private
1112
1141
 
1113
1142
  def createUpdateLaunchConfig
1114
- return if !@config['basis'] or !@config['basis']["launch_config"]
1143
+ return if !@config['basis'] or !(@config['basis']["launch_config"] or @config['basis']["launch_template"])
1115
1144
 
1116
1145
  instance_secret = Password.random(50)
1117
1146
  @deploy.saveNodeSecret("default", instance_secret, "instance_secret")
1147
+
1148
+ launch_chunk = if @config['basis']['launch_config']
1149
+ @config['basis']['launch_config']
1150
+ else
1151
+ @config['basis']['launch_template']
1152
+ end
1153
+
1154
+ if !launch_chunk['image_id'] and !launch_chunk['ami_id']
1155
+ pp launch_chunk
1156
+ raise "missing image_id from launch somehow"
1157
+ end
1158
+
1159
+ launch_chunk['image_id'] ||= launch_chunk['ami_id']
1118
1160
 
1119
- if !@config['basis']['launch_config']["server"].nil?
1161
+ if !launch_chunk["server"].nil?
1120
1162
  #XXX this isn't how we find these; use findStray or something
1121
- if @deploy.deployment["images"].nil? or @deploy.deployment["images"][@config['basis']['launch_config']["server"]].nil?
1122
- raise MuError, "#{@mu_name} needs an AMI from server #{@config['basis']['launch_config']["server"]}, but I don't see one anywhere"
1163
+ if @deploy.deployment["images"].nil? or @deploy.deployment["images"][launch_chunk["server"]].nil?
1164
+ raise MuError, "#{@mu_name} needs an AMI from server #{launch_chunk["server"]}, but I don't see one anywhere"
1123
1165
  end
1124
- @config['basis']['launch_config']["ami_id"] = @deploy.deployment["images"][@config['basis']['launch_config']["server"]]["image_id"]
1125
- MU.log "Using AMI '#{@config['basis']['launch_config']["ami_id"]}' from sibling server #{@config['basis']['launch_config']["server"]} in ServerPool #{@mu_name}"
1126
- elsif !@config['basis']['launch_config']["instance_id"].nil?
1127
- @config['basis']['launch_config']["ami_id"] = MU::Cloud.resourceClass("AWS", "Server").createImage(
1166
+ launch_chunk["image_id"] = @deploy.deployment["images"][launch_chunk["server"]]["image_id"]
1167
+ MU.log "Using AMI '#{launch_chunk["image_id"]}' from sibling server #{launch_chunk["server"]} in ServerPool #{@mu_name}"
1168
+ elsif !launch_chunk["instance_id"].nil?
1169
+ launch_chunk["image_id"] = MU::Cloud.resourceClass("AWS", "Server").createImage(
1128
1170
  name: @mu_name,
1129
- instance_id: @config['basis']['launch_config']["instance_id"],
1171
+ instance_id: launch_chunk["instance_id"],
1130
1172
  credentials: @credentials,
1131
1173
  region: @region
1132
1174
  )[@region]
1133
1175
  end
1134
- MU::Cloud.resourceClass("AWS", "Server").waitForAMI(@config['basis']['launch_config']["ami_id"].to_s, credentials: @credentials)
1135
1176
 
1136
- oldlaunch = MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).describe_launch_configurations(
1137
- launch_configuration_names: [@mu_name]
1138
- ).launch_configurations.first
1177
+ if launch_chunk["image_id"]
1178
+ MU::Cloud.resourceClass("AWS", "Server").waitForAMI(launch_chunk["image_id"].to_s, credentials: @credentials)
1179
+ end
1180
+
1181
+
1182
+ oldlaunch = if @config['basis']['launch_template']
1183
+ begin
1184
+ MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).describe_launch_templates(
1185
+ launch_template_names: [@mu_name]
1186
+ ).launch_templates.first
1187
+ rescue Aws::EC2::Errors::InvalidLaunchTemplateNameNotFoundException
1188
+ nil
1189
+ end
1190
+ else
1191
+ MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).describe_launch_configurations(
1192
+ launch_configuration_names: [@mu_name]
1193
+ ).launch_configurations.first
1194
+ end
1139
1195
 
1140
1196
  userdata = MU::Cloud.fetchUserdata(
1141
1197
  platform: @config["platform"],
@@ -1160,10 +1216,10 @@ module MU
1160
1216
  )
1161
1217
 
1162
1218
  # Figure out which devices are embedded in the AMI already.
1163
- image = MU::Cloud::AWS.ec2.describe_images(image_ids: [@config["basis"]["launch_config"]["ami_id"]]).images.first
1219
+ image = MU::Cloud::AWS.ec2.describe_images(image_ids: [launch_chunk["image_id"]]).images.first
1164
1220
 
1165
1221
  if image.nil?
1166
- raise "#{@config["basis"]["launch_config"]["ami_id"]} does not exist, cannot update/create launch config #{@mu_name}"
1222
+ raise "#{launch_chunk["image_id"]} does not exist, cannot update/create launch config #{@mu_name}"
1167
1223
  end
1168
1224
 
1169
1225
  ext_disks = {}
@@ -1179,8 +1235,8 @@ module MU
1179
1235
  end
1180
1236
 
1181
1237
  storage = []
1182
- if !@config["basis"]["launch_config"]["storage"].nil?
1183
- @config["basis"]["launch_config"]["storage"].each { |vol|
1238
+ if !launch_chunk["storage"].nil?
1239
+ launch_chunk["storage"].each { |vol|
1184
1240
  if ext_disks.has_key?(vol["device"])
1185
1241
  if ext_disks[vol["device"]].has_key?(:snapshot_id)
1186
1242
  vol.delete("encrypted")
@@ -1194,151 +1250,205 @@ module MU
1194
1250
  storage.concat(MU::Cloud.resourceClass("AWS", "Server").ephemeral_mappings)
1195
1251
 
1196
1252
  if !oldlaunch.nil?
1197
- olduserdata = Base64.decode64(oldlaunch.user_data)
1198
- if userdata == olduserdata and
1199
- oldlaunch.image_id == @config["basis"]["launch_config"]["ami_id"] and
1200
- oldlaunch.ebs_optimized == @config["basis"]["launch_config"]["ebs_optimized"] and
1201
- oldlaunch.instance_type == @config["basis"]["launch_config"]["size"] and
1202
- oldlaunch.instance_monitoring.enabled == @config["basis"]["launch_config"]["monitoring"]
1203
- # XXX check more things
1253
+ if @config['basis']['launch_template']
1254
+ MU.log "XXX LAUNCH TEMPLATE ADD A NEW VERSION", MU::ERR
1255
+ else
1256
+ olduserdata = Base64.decode64(oldlaunch.user_data)
1257
+ if userdata == olduserdata and
1258
+ oldlaunch.image_id == launch_chunk["image_id"] and
1259
+ oldlaunch.ebs_optimized == launch_chunk["ebs_optimized"] and
1260
+ oldlaunch.instance_type == launch_chunk["size"] and
1261
+ oldlaunch.instance_monitoring.enabled == launch_chunk["monitoring"]
1262
+ # XXX check more things
1204
1263
  # launch.block_device_mappings != storage
1205
1264
  # XXX block device comparison isn't this simple
1206
- return
1207
- end
1265
+ return
1266
+ end
1208
1267
 
1209
- # Put our Autoscale group onto a temporary launch config
1210
- begin
1268
+ # Put our Autoscale group onto a temporary launch config
1269
+ try_ami = oldlaunch.image_id
1270
+ begin
1211
1271
 
1212
- MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).create_launch_configuration(
1213
- launch_configuration_name: @mu_name+"-TMP",
1214
- user_data: Base64.encode64(olduserdata),
1215
- image_id: oldlaunch.image_id,
1216
- key_name: oldlaunch.key_name,
1217
- security_groups: oldlaunch.security_groups,
1218
- instance_type: oldlaunch.instance_type,
1219
- block_device_mappings: storage,
1220
- instance_monitoring: oldlaunch.instance_monitoring,
1221
- iam_instance_profile: oldlaunch.iam_instance_profile,
1222
- ebs_optimized: oldlaunch.ebs_optimized,
1223
- associate_public_ip_address: oldlaunch.associate_public_ip_address
1224
- )
1225
- rescue ::Aws::AutoScaling::Errors::ValidationError => e
1226
- if e.message.match(/Member must have length less than or equal to (\d+)/)
1227
- MU.log "Userdata script too long updating #{@mu_name} Launch Config (#{Base64.encode64(userdata).size.to_s}/#{Regexp.last_match[1]} bytes)", MU::ERR
1228
- else
1229
- MU.log "Error updating #{@mu_name} Launch Config", MU::ERR, details: e.message
1272
+ MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).create_launch_configuration(
1273
+ launch_configuration_name: @mu_name+"-TMP",
1274
+ user_data: Base64.encode64(olduserdata),
1275
+ image_id: try_ami,
1276
+ key_name: oldlaunch.key_name,
1277
+ security_groups: oldlaunch.security_groups,
1278
+ instance_type: oldlaunch.instance_type,
1279
+ block_device_mappings: storage,
1280
+ instance_monitoring: oldlaunch.instance_monitoring,
1281
+ iam_instance_profile: oldlaunch.iam_instance_profile,
1282
+ ebs_optimized: oldlaunch.ebs_optimized,
1283
+ associate_public_ip_address: oldlaunch.associate_public_ip_address
1284
+ )
1285
+ rescue ::Aws::AutoScaling::Errors::ValidationError => e
1286
+ if e.message.match(/Member must have length less than or equal to (\d+)/)
1287
+ MU.log "Userdata script too long updating #{@mu_name} Launch Config (#{Base64.encode64(userdata).size.to_s}/#{Regexp.last_match[1]} bytes)", MU::ERR
1288
+ elsif e.message.match(/AMI cannot be described/) and try_ami == oldlaunch.image_id and try_ami != launch_chunk["image_id"]
1289
+ try_ami = launch_chunk["image_id"]
1290
+ retry
1291
+ else
1292
+ MU.log "Error saving copy of old #{@mu_name} Launch Config: #{e.message}", MU::ERR
1293
+ end
1294
+ raise e.message
1230
1295
  end
1231
- raise e.message
1232
- end
1233
1296
 
1234
1297
 
1235
- MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).update_auto_scaling_group(
1236
- auto_scaling_group_name: @mu_name,
1237
- launch_configuration_name: @mu_name+"-TMP"
1238
- )
1239
- # ...now back to an identical one with the "real" name
1240
- MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).delete_launch_configuration(
1241
- launch_configuration_name: @mu_name
1242
- )
1298
+ MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).update_auto_scaling_group(
1299
+ auto_scaling_group_name: @mu_name,
1300
+ launch_configuration_name: @mu_name+"-TMP"
1301
+ )
1302
+ # ...now back to an identical one with the "real" name
1303
+ MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).delete_launch_configuration(
1304
+ launch_configuration_name: @mu_name
1305
+ )
1306
+ end
1243
1307
  end
1244
1308
 
1245
- # Now to build the new one
1246
1309
  sgs = []
1247
1310
  if @dependencies.has_key?("firewall_rule")
1248
1311
  @dependencies['firewall_rule'].values.each { |sg|
1249
1312
  sgs << sg.cloud_id
1250
1313
  }
1251
1314
  end
1252
-
1253
- launch_options = {
1254
- :launch_configuration_name => @mu_name,
1255
- :user_data => Base64.encode64(userdata),
1256
- :image_id => @config["basis"]["launch_config"]["ami_id"],
1257
- :key_name => @deploy.ssh_key_name,
1258
- :security_groups => sgs,
1259
- :instance_type => @config["basis"]["launch_config"]["size"],
1260
- :block_device_mappings => storage,
1261
- :instance_monitoring => {:enabled => @config["basis"]["launch_config"]["monitoring"]},
1262
- :ebs_optimized => @config["basis"]["launch_config"]["ebs_optimized"]
1263
- }
1264
- if @config["vpc"] or @config["vpc_zone_identifier"]
1265
- launch_options[:associate_public_ip_address] = @config["associate_public_ip"]
1266
- end
1267
- ["kernel_id", "ramdisk_id", "spot_price"].each { |arg|
1268
- if @config['basis']['launch_config'][arg]
1269
- launch_options[arg.to_sym] = @config['basis']['launch_config'][arg]
1270
- end
1271
- }
1272
- rolename = nil
1273
-
1274
1315
  ['generate_iam_role', 'iam_policies', 'canned_iam_policies', 'iam_role'].each { |field|
1275
- if !@config['basis']['launch_config'].nil?
1276
- @config[field] = @config['basis']['launch_config'][field]
1316
+ if launch_chunk
1317
+ @config[field] = launch_chunk[field]
1277
1318
  else
1278
- @config['basis']['launch_config'][field] = @config[field]
1319
+ launch_chunk[field] = @config[field]
1279
1320
  end
1280
1321
  }
1281
-
1282
- @config['iam_role'] = @config['basis']['launch_config']['iam_role'] = launch_options[:iam_instance_profile] = MU::Cloud.resourceClass("AWS", "Server").getIAMProfile(
1322
+ @config['iam_role'] = launch_chunk['iam_role'] = MU::Cloud.resourceClass("AWS", "Server").getIAMProfile(
1283
1323
  @config['name'],
1284
1324
  @deploy,
1285
- generated: @config['basis']['launch_config']['generate_iam_role'],
1286
- role_name: @config['basis']['launch_config']['iam_role'],
1325
+ generated: launch_chunk['generate_iam_role'],
1326
+ role_name: launch_chunk['iam_role'],
1287
1327
  region: @region,
1288
1328
  credentials: @credentials
1289
1329
  ).values.first
1290
1330
 
1291
- lc_attempts = 0
1292
- begin
1293
- MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).create_launch_configuration(launch_options)
1294
- rescue Aws::AutoScaling::Errors::ValidationError => e
1295
- if lc_attempts > 3
1296
- MU.log "Got error while creating #{@mu_name} Launch Config#{@credentials ? " with credentials #{@credentials}" : ""}: #{e.message}, retrying in 10s", MU::WARN, details: launch_options.reject { |k,_v | k == :user_data }
1331
+ if @config['basis']['launch_config']
1332
+ @config['basis']['launch_config']['iam_role'] = @config['iam_role']
1333
+ launch_options = {
1334
+ :launch_configuration_name => @mu_name,
1335
+ :user_data => Base64.encode64(userdata),
1336
+ :image_id => launch_chunk["image_id"],
1337
+ :key_name => @deploy.ssh_key_name,
1338
+ :iam_instance_profile => @config['iam_role'],
1339
+ :security_groups => sgs,
1340
+ :instance_type => launch_chunk["size"],
1341
+ :block_device_mappings => storage,
1342
+ :instance_monitoring => {:enabled => launch_chunk["monitoring"]},
1343
+ :ebs_optimized => launch_chunk["ebs_optimized"]
1344
+ }
1345
+ if @config["vpc"] or @config["vpc_zone_identifier"]
1346
+ launch_options[:associate_public_ip_address] = @config["associate_public_ip"]
1297
1347
  end
1298
- sleep 5
1299
- lc_attempts += 1
1300
- retry
1348
+ ["kernel_id", "ramdisk_id", "spot_price"].each { |arg|
1349
+ if launch_chunk[arg]
1350
+ launch_options[arg.to_sym] = launch_chunk[arg]
1351
+ end
1352
+ }
1353
+ rolename = nil
1354
+
1355
+ lc_attempts = 0
1356
+ begin
1357
+ MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).create_launch_configuration(launch_options)
1358
+ rescue Aws::AutoScaling::Errors::ValidationError => e
1359
+ if lc_attempts > 3
1360
+ MU.log "Got error while creating #{@mu_name} Launch Config#{@credentials ? " with credentials #{@credentials}" : ""}: #{e.message}, retrying in 5s", MU::WARN, details: launch_options.reject { |k,_v | k == :user_data }
1361
+ end
1362
+ sleep 5
1363
+ lc_attempts += 1
1364
+ retry
1365
+ end
1366
+ MU.log "Launch Configuration #{@mu_name} created"
1367
+ elsif !oldlaunch # XXX actually just generate a version instead of a whole new template
1368
+ @config['basis']['launch_template']['iam_role'] = @config['iam_role']
1369
+ launch_options = {
1370
+ :launch_template_name => @mu_name,
1371
+ :version_description => "initial",
1372
+ :launch_template_data => {
1373
+ :image_id => launch_chunk["image_id"],
1374
+ :instance_type => launch_chunk["size"],
1375
+ :block_device_mappings => storage,
1376
+ :key_name => @deploy.ssh_key_name,
1377
+ :security_group_ids => sgs,
1378
+ :instance_initiated_shutdown_behavior => @config['shutdown_behavior'],
1379
+ :metadata_options => {
1380
+ :http_tokens => "optional",
1381
+ :http_endpoint => "enabled",
1382
+ :instance_metadata_tags => "enabled"
1383
+ },
1384
+ :iam_instance_profile => {
1385
+ :name => @config['iam_role']
1386
+ },
1387
+ :ebs_optimized => launch_chunk["ebs_optimized"],
1388
+ :monitoring => {:enabled => launch_chunk["monitoring"]},
1389
+ :tag_specifications => [
1390
+ :resource_type => "instance",
1391
+ :tags => @tags.keys.map { |t| { key: t, value: @tags[t] } }
1392
+ ],
1393
+ :user_data => Base64.encode64(userdata),
1394
+ },
1395
+ }
1396
+ ["kernel_id", "ramdisk_id"].each { |arg|
1397
+ if launch_chunk[arg]
1398
+ launch_options[:launch_template_data][arg.to_sym] = launch_chunk[arg]
1399
+ end
1400
+ }
1401
+ lt_attempts = 0
1402
+ resp = nil
1403
+ begin
1404
+ resp = MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).create_launch_template(launch_options)
1405
+ pp resp
1406
+ if !resp or !resp.launch_template or resp.launch_template.empty? or (resp and resp.warning and resp.warning.errors)
1407
+ MU.log "Got error while creating #{@mu_name} Launch Template#{@credentials ? " with credentials #{@credentials}" : ""}: #{resp.warning.errors.first.message} (deleting then retrying in 5s)", MU::WARN, details: launch_options
1408
+ MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).delete_launch_template(launch_template_id: resp.launch_template.launch_template_id)
1409
+ sleep 5
1410
+ lt_attempts += 1
1411
+ end
1412
+ end while lt_attempts < 5 and resp and resp.warning and resp.warning.errors
1413
+ MU.log "Launch Template #{@mu_name} created"
1301
1414
  end
1302
1415
 
1303
1416
  if !oldlaunch.nil?
1304
- # Tell the ASG to use the new one, and nuke the old one
1305
- MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).update_auto_scaling_group(
1306
- auto_scaling_group_name: @mu_name,
1307
- launch_configuration_name: @mu_name
1308
- )
1309
- MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).delete_launch_configuration(
1310
- launch_configuration_name: @mu_name+"-TMP"
1311
- )
1312
- MU.log "Launch Configuration #{@mu_name} replaced"
1313
- else
1314
- MU.log "Launch Configuration #{@mu_name} created"
1417
+ if @config['basis']['launch_template']
1418
+ MU.log "XXX LAUNCH TEMPLATE MAKE ASG USE NEW VERSION", MU::ERR
1419
+ else
1420
+ # Tell the ASG to use the new LaunchConfig, and nuke the old one
1421
+ MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).update_auto_scaling_group(
1422
+ auto_scaling_group_name: @mu_name,
1423
+ launch_configuration_name: @mu_name
1424
+ )
1425
+ MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).delete_launch_configuration(
1426
+ launch_configuration_name: @mu_name+"-TMP"
1427
+ )
1428
+ MU.log "Launch Configuration #{@mu_name} replaced"
1429
+ end
1315
1430
  end
1316
1431
 
1317
1432
  end
1318
1433
 
1434
+
1435
+
1436
+
1319
1437
  def buildOptionsHash
1320
1438
  asg_options = {
1321
1439
  :auto_scaling_group_name => @mu_name,
1322
- :launch_configuration_name => @mu_name,
1323
1440
  :default_cooldown => @config["default_cooldown"],
1324
1441
  :health_check_type => @config["health_check_type"],
1325
1442
  :health_check_grace_period => @config["health_check_grace_period"],
1326
- :tags => []
1327
1443
  }
1444
+ asg_options[:tags] = @tags.keys.map { |t| { key: t, value: @tags[t], propagate_at_launch: true } }
1328
1445
 
1329
- MU::MommaCat.listStandardTags.each_pair { |name, value|
1330
- asg_options[:tags] << {key: name, value: value, propagate_at_launch: true}
1331
- }
1332
-
1333
- if @config['optional_tags']
1334
- MU::MommaCat.listOptionalTags.each_pair { |name, value|
1335
- asg_options[:tags] << {key: name, value: value, propagate_at_launch: true}
1336
- }
1337
- end
1338
-
1339
- if @config['tags']
1340
- @config['tags'].each { |tag|
1341
- asg_options[:tags] << {key: tag['key'], value: tag['value'], propagate_at_launch: true}
1446
+ if @config['basis']['launch_config']
1447
+ asg_options[:launch_configuration_name] = @mu_name
1448
+ else
1449
+ asg_options[:launch_template] = {
1450
+ :launch_template_name => @mu_name,
1451
+ :version => "$Default"
1342
1452
  }
1343
1453
  end
1344
1454
 
@@ -31,7 +31,8 @@ module MU
31
31
  MU.log "Creating storage pool #{@mu_name}"
32
32
  resp = MU::Cloud::AWS.efs(region: @region, credentials: @credentials).create_file_system(
33
33
  creation_token: @mu_name,
34
- performance_mode: @config['storage_type']
34
+ performance_mode: @config['storage_type'],
35
+ encrypted: @config['encrypt']
35
36
  )
36
37
 
37
38
  attempts = 0
@@ -438,6 +439,11 @@ module MU
438
439
  def self.schema(_config)
439
440
  toplevel_required = []
440
441
  schema = {
442
+ "encrypt" => {
443
+ "type" => "boolean",
444
+ "description" => "Encrypt EFS data at rest",
445
+ "default" => true
446
+ },
441
447
  "ingress_rules" => {
442
448
  "type" => "array",
443
449
  "description" => "Firewall rules to apply to our mountpoints",
@@ -82,7 +82,7 @@ module MU
82
82
  MU.log "User #{@mu_name}'s AWS Console password can be retrieved from: https://#{$MU_CFG['public_address']}/scratchpad/#{scratchitem}", MU::SUMMARY
83
83
  rescue Aws::IAM::Errors::PasswordPolicyViolation => e
84
84
  if retries < 1
85
- pw = MU.generateWindowsPassword
85
+ pw = MU.generatePassword
86
86
  retries += 1
87
87
  sleep 1
88
88
  retry
@@ -32,13 +32,17 @@ done
32
32
 
33
33
  if ping -c 5 8.8.8.8 > /dev/null; then
34
34
  if [ -f /etc/debian_version ];then
35
+ export DEBIAN_FRONTEND="noninteractive"
35
36
  if ! grep '^/bin/sh /var/lib/cloud/instance/user-data.txt$' /etc/rc.local > /dev/null;then
36
37
  echo "/bin/sh /var/lib/cloud/instance/user-data.txt" >> /etc/rc.local
37
38
  fi
38
39
  apt-get update -y
39
40
  if [ ! -f /usr/bin/pip ] ;then /usr/bin/apt-get --fix-missing -y install python-pip;fi
40
41
  if [ ! -f /usr/bin/curl ] ;then /usr/bin/apt-get --fix-missing -y install curl;fi
41
- AWSCLI=/usr/local/bin/aws
42
+ AWSCLI=/usr/bin/aws
43
+ if [ ! -x /usr/bin/aws ];then
44
+ apt-get -y install awscli
45
+ fi
42
46
  <% if !$mu.skipApplyUpdates %>
43
47
  set +e
44
48
  if [ ! -f /.mu-installer-ran-updates ];then
@@ -147,7 +151,7 @@ fi
147
151
  umask 0077
148
152
 
149
153
  if [ ! -f /opt/chef/embedded/bin/ruby ];then
150
- curl https://www.chef.io/chef/install.sh > chef-install.sh
154
+ curl https://omnitruck.chef.io/install.sh > chef-install.sh
151
155
  set +e
152
156
  # We may run afoul of a synchronous bootstrap process doing the same thing. So
153
157
  # wait until we've managed to run successfully.
@@ -11,8 +11,8 @@ $cygwin_dir = "$basedir/cygwin"
11
11
  $username = (whoami).Split('\')[1]
12
12
  $WebClient = New-Object System.Net.WebClient
13
13
  $awsmeta = "http://169.254.169.254/latest"
14
- $pydir = 'c:\bin\python\python27'
15
- $pyv = '2.7.14'
14
+ $pydir = 'c:\bin\python\python310'
15
+ $pyv = '3.10.5'
16
16
  $env:Path += ";$pydir\Scripts;$pydir"
17
17
 
18
18
  function log
@@ -91,12 +91,12 @@ If ([Environment]::OSVersion.Version.Major -lt 10) {
91
91
  <% end %>
92
92
 
93
93
  If (!(Test-Path "$pydir\python.exe")){
94
- If (!(Test-Path $tmp\python-$pyv.msi)){
94
+ If (!(Test-Path $tmp\python-$pyv.exe)){
95
95
  log "Downloading Python installer"
96
- $WebClient.DownloadFile("https://www.python.org/ftp/python/$pyv/python-$pyv.msi","$tmp/python-$pyv.msi")
96
+ $WebClient.DownloadFile("https://www.python.org/ftp/python/$pyv/python-$pyv-amd64.exe","$tmp/python-$pyv.exe")
97
97
  }
98
98
  log "Running Python installer"
99
- (Start-Process -FilePath msiexec -ArgumentList "/i $tmp\python-$pyv.msi /qn ALLUSERS=1 TARGETDIR=$pydir" -Wait -Passthru).ExitCode
99
+ (Start-Process -FilePath "$tmp/python-$pyv.exe" -ArgumentList "/quiet InstallAllUsers=1 PrependPath=1 TargetDir=$pydir" -Wait -Passthru).ExitCode
100
100
  }
101
101
 
102
102
  If (!(Test-Path "$pydir\Scripts\aws.cmd")){
@@ -109,6 +109,8 @@ If (!(Test-Path "$pydir\Scripts\aws.cmd")){
109
109
  pip install awscli
110
110
  }
111
111
 
112
+ (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName $server -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0)
113
+
112
114
  function removeChef($location){
113
115
  $install_chef = $false
114
116
  $my_chef = (Get-ItemProperty $location | Where-Object {$_.DisplayName -like "chef client*"}).DisplayName