cloud-mu 3.5.0 → 3.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Berksfile +5 -2
- data/Berksfile.lock +135 -0
- data/ansible/roles/mu-base/README.md +33 -0
- data/ansible/roles/mu-base/defaults/main.yml +2 -0
- data/ansible/roles/mu-base/files/check_apm.cfg +1 -0
- data/ansible/roles/mu-base/files/check_apm.sh +18 -0
- data/ansible/roles/mu-base/files/check_disk.cfg +1 -0
- data/ansible/roles/mu-base/files/check_elastic_shards.cfg +1 -0
- data/ansible/roles/mu-base/files/check_elastic_shards.sh +12 -0
- data/ansible/roles/mu-base/files/check_logstash.cfg +1 -0
- data/ansible/roles/mu-base/files/check_logstash.sh +14 -0
- data/ansible/roles/mu-base/files/check_mem.cfg +1 -0
- data/ansible/roles/mu-base/files/check_updates.cfg +1 -0
- data/ansible/roles/mu-base/files/logrotate.conf +35 -0
- data/ansible/roles/mu-base/files/nrpe-apm-sudo +1 -0
- data/ansible/roles/mu-base/files/nrpe-elasticshards-sudo +2 -0
- data/ansible/roles/mu-base/handlers/main.yml +5 -0
- data/ansible/roles/mu-base/meta/main.yml +53 -0
- data/ansible/roles/mu-base/tasks/main.yml +113 -0
- data/ansible/roles/mu-base/templates/nrpe.cfg.j2 +231 -0
- data/ansible/roles/mu-base/tests/inventory +2 -0
- data/ansible/roles/mu-base/tests/test.yml +5 -0
- data/ansible/roles/mu-base/vars/main.yml +1 -0
- data/ansible/roles/mu-compliance/README.md +33 -0
- data/ansible/roles/mu-compliance/defaults/main.yml +2 -0
- data/ansible/roles/mu-compliance/files/U_MS_Windows_Server_2016_V2R1_STIG_SCAP_1-2_Benchmark.xml +15674 -0
- data/ansible/roles/mu-compliance/files/U_MS_Windows_Server_2019_V2R1_STIG_SCAP_1-2_Benchmark.xml +17553 -0
- data/ansible/roles/mu-compliance/handlers/main.yml +2 -0
- data/ansible/roles/mu-compliance/meta/main.yml +53 -0
- data/ansible/roles/mu-compliance/tasks/main.yml +45 -0
- data/ansible/roles/mu-compliance/tests/inventory +2 -0
- data/ansible/roles/mu-compliance/tests/test.yml +5 -0
- data/ansible/roles/mu-compliance/vars/main.yml +4 -0
- data/ansible/roles/mu-elastic/README.md +51 -0
- data/ansible/roles/mu-elastic/defaults/main.yml +2 -0
- data/ansible/roles/mu-elastic/files/jvm.options +93 -0
- data/ansible/roles/mu-elastic/handlers/main.yml +10 -0
- data/ansible/roles/mu-elastic/meta/main.yml +52 -0
- data/ansible/roles/mu-elastic/tasks/main.yml +186 -0
- data/ansible/roles/mu-elastic/templates/elasticsearch.yml.j2 +110 -0
- data/ansible/roles/mu-elastic/templates/kibana.yml.j2 +131 -0
- data/ansible/roles/mu-elastic/templates/password_set.expect.j2 +19 -0
- data/ansible/roles/mu-elastic/tests/inventory +2 -0
- data/ansible/roles/mu-elastic/tests/test.yml +5 -0
- data/ansible/roles/mu-elastic/vars/main.yml +2 -0
- data/ansible/roles/mu-logstash/README.md +51 -0
- data/ansible/roles/mu-logstash/defaults/main.yml +2 -0
- data/ansible/roles/mu-logstash/files/02-beats-input.conf +5 -0
- data/ansible/roles/mu-logstash/files/10-rails-filter.conf +16 -0
- data/ansible/roles/mu-logstash/files/jvm.options +84 -0
- data/ansible/roles/mu-logstash/files/logstash.yml +304 -0
- data/ansible/roles/mu-logstash/handlers/main.yml +20 -0
- data/ansible/roles/mu-logstash/meta/main.yml +52 -0
- data/ansible/roles/mu-logstash/tasks/main.yml +254 -0
- data/ansible/roles/mu-logstash/templates/20-cloudtrail.conf.j2 +28 -0
- data/ansible/roles/mu-logstash/templates/30-elasticsearch-output.conf.j2 +19 -0
- data/ansible/roles/mu-logstash/templates/apm-server.yml.j2 +33 -0
- data/ansible/roles/mu-logstash/templates/heartbeat.yml.j2 +29 -0
- data/ansible/roles/mu-logstash/templates/nginx/apm.conf.j2 +25 -0
- data/ansible/roles/mu-logstash/templates/nginx/default.conf.j2 +56 -0
- data/ansible/roles/mu-logstash/templates/nginx/elastic.conf.j2 +27 -0
- data/ansible/roles/mu-logstash/tests/inventory +2 -0
- data/ansible/roles/mu-logstash/tests/test.yml +5 -0
- data/ansible/roles/mu-logstash/vars/main.yml +2 -0
- data/ansible/roles/mu-rdp/README.md +33 -0
- data/ansible/roles/mu-rdp/meta/main.yml +53 -0
- data/ansible/roles/mu-rdp/tasks/main.yml +9 -0
- data/ansible/roles/mu-rdp/tests/inventory +2 -0
- data/ansible/roles/mu-rdp/tests/test.yml +5 -0
- data/ansible/roles/mu-windows/tasks/main.yml +3 -0
- data/bin/mu-ansible-secret +1 -1
- data/bin/mu-aws-setup +4 -3
- data/bin/mu-azure-setup +5 -5
- data/bin/mu-configure +25 -17
- data/bin/mu-firewall-allow-clients +1 -0
- data/bin/mu-gcp-setup +3 -3
- data/bin/mu-load-config.rb +1 -0
- data/bin/mu-node-manage +66 -33
- data/bin/mu-self-update +2 -2
- data/bin/mu-upload-chef-artifacts +6 -1
- data/bin/mu-user-manage +1 -1
- data/cloud-mu.gemspec +25 -23
- data/cookbooks/firewall/CHANGELOG.md +417 -224
- data/cookbooks/firewall/LICENSE +202 -0
- data/cookbooks/firewall/README.md +153 -126
- data/cookbooks/firewall/TODO.md +6 -0
- data/cookbooks/firewall/attributes/firewalld.rb +7 -0
- data/cookbooks/firewall/attributes/iptables.rb +3 -3
- data/cookbooks/firewall/chefignore +115 -0
- data/cookbooks/firewall/libraries/helpers.rb +5 -0
- data/cookbooks/firewall/libraries/helpers_firewalld.rb +1 -1
- data/cookbooks/firewall/libraries/helpers_firewalld_dbus.rb +72 -0
- data/cookbooks/firewall/libraries/helpers_iptables.rb +3 -3
- data/cookbooks/firewall/libraries/helpers_nftables.rb +170 -0
- data/cookbooks/firewall/libraries/helpers_ufw.rb +7 -0
- data/cookbooks/firewall/libraries/helpers_windows.rb +8 -9
- data/cookbooks/firewall/libraries/provider_firewall_firewalld.rb +9 -9
- data/cookbooks/firewall/libraries/provider_firewall_iptables.rb +7 -7
- data/cookbooks/firewall/libraries/provider_firewall_iptables_ubuntu.rb +12 -8
- data/cookbooks/firewall/libraries/provider_firewall_iptables_ubuntu1404.rb +13 -9
- data/cookbooks/firewall/libraries/provider_firewall_rule.rb +1 -1
- data/cookbooks/firewall/libraries/provider_firewall_ufw.rb +5 -5
- data/cookbooks/firewall/libraries/provider_firewall_windows.rb +4 -4
- data/cookbooks/firewall/libraries/resource_firewall_rule.rb +3 -3
- data/cookbooks/firewall/metadata.json +40 -1
- data/cookbooks/firewall/metadata.rb +15 -0
- data/cookbooks/firewall/recipes/default.rb +7 -7
- data/cookbooks/firewall/recipes/disable_firewall.rb +1 -1
- data/cookbooks/firewall/recipes/firewalld.rb +87 -0
- data/cookbooks/firewall/renovate.json +18 -0
- data/cookbooks/firewall/resources/firewalld.rb +28 -0
- data/cookbooks/firewall/resources/firewalld_config.rb +39 -0
- data/cookbooks/firewall/resources/firewalld_helpers.rb +106 -0
- data/cookbooks/firewall/resources/firewalld_icmptype.rb +88 -0
- data/cookbooks/firewall/resources/firewalld_ipset.rb +104 -0
- data/cookbooks/firewall/resources/firewalld_policy.rb +115 -0
- data/cookbooks/firewall/resources/firewalld_service.rb +98 -0
- data/cookbooks/firewall/resources/firewalld_zone.rb +118 -0
- data/cookbooks/firewall/resources/nftables.rb +71 -0
- data/cookbooks/firewall/resources/nftables_rule.rb +113 -0
- data/cookbooks/mu-activedirectory/Berksfile +1 -1
- data/cookbooks/mu-activedirectory/metadata.rb +1 -1
- data/cookbooks/mu-firewall/metadata.rb +2 -2
- data/cookbooks/mu-master/Berksfile +4 -3
- data/cookbooks/mu-master/attributes/default.rb +5 -2
- data/cookbooks/mu-master/files/default/check_elastic.sh +761 -0
- data/cookbooks/mu-master/files/default/check_kibana.rb +45 -0
- data/cookbooks/mu-master/libraries/mu.rb +24 -0
- data/cookbooks/mu-master/metadata.rb +5 -5
- data/cookbooks/mu-master/recipes/default.rb +31 -20
- data/cookbooks/mu-master/recipes/firewall-holes.rb +5 -0
- data/cookbooks/mu-master/recipes/init.rb +58 -19
- data/cookbooks/mu-master/recipes/update_nagios_only.rb +251 -178
- data/cookbooks/mu-master/templates/default/nagios.conf.erb +5 -11
- data/cookbooks/mu-master/templates/default/web_app.conf.erb +3 -0
- data/cookbooks/mu-php54/Berksfile +1 -1
- data/cookbooks/mu-php54/metadata.rb +2 -2
- data/cookbooks/mu-tools/Berksfile +2 -3
- data/cookbooks/mu-tools/attributes/default.rb +3 -4
- data/cookbooks/mu-tools/files/amazon/etc/bashrc +90 -0
- data/cookbooks/mu-tools/files/amazon/etc/login.defs +292 -0
- data/cookbooks/mu-tools/files/amazon/etc/profile +77 -0
- data/cookbooks/mu-tools/files/amazon/etc/security/limits.conf +63 -0
- data/cookbooks/mu-tools/files/amazon/etc/sysconfig/init +19 -0
- data/cookbooks/mu-tools/files/amazon/etc/sysctl.conf +82 -0
- data/cookbooks/mu-tools/files/amazon-2023/etc/login.defs +294 -0
- data/cookbooks/mu-tools/files/default/logrotate.conf +35 -0
- data/cookbooks/mu-tools/files/default/nrpe_conf_d.pp +0 -0
- data/cookbooks/mu-tools/libraries/helper.rb +21 -9
- data/cookbooks/mu-tools/metadata.rb +4 -4
- data/cookbooks/mu-tools/recipes/apply_security.rb +3 -2
- data/cookbooks/mu-tools/recipes/aws_api.rb +23 -5
- data/cookbooks/mu-tools/recipes/base_repositories.rb +4 -1
- data/cookbooks/mu-tools/recipes/gcloud.rb +56 -56
- data/cookbooks/mu-tools/recipes/nagios.rb +1 -1
- data/cookbooks/mu-tools/recipes/nrpe.rb +20 -2
- data/cookbooks/mu-tools/recipes/rsyslog.rb +12 -1
- data/cookbooks/mu-tools/recipes/set_local_fw.rb +1 -1
- data/data_bags/nagios_services/apm_backend_connect.json +5 -0
- data/data_bags/nagios_services/apm_listen.json +5 -0
- data/data_bags/nagios_services/elastic_shards.json +5 -0
- data/data_bags/nagios_services/logstash.json +5 -0
- data/data_bags/nagios_services/rhel7_updates.json +8 -0
- data/extras/image-generators/AWS/centos7.yaml +1 -0
- data/extras/image-generators/AWS/rhel7.yaml +21 -0
- data/extras/image-generators/AWS/win2k12r2.yaml +1 -0
- data/extras/image-generators/AWS/win2k16.yaml +1 -0
- data/extras/image-generators/AWS/win2k19.yaml +1 -0
- data/extras/list-stock-amis +0 -0
- data/extras/ruby_rpm/muby.spec +8 -5
- data/extras/vault_tools/export_vaults.sh +1 -1
- data/extras/vault_tools/recreate_vaults.sh +0 -0
- data/extras/vault_tools/test_vaults.sh +0 -0
- data/install/deprecated-bash-library.sh +1 -1
- data/install/installer +4 -2
- data/modules/mommacat.ru +3 -1
- data/modules/mu/adoption.rb +1 -1
- data/modules/mu/cloud/dnszone.rb +2 -2
- data/modules/mu/cloud/machine_images.rb +26 -25
- data/modules/mu/cloud/resource_base.rb +213 -182
- data/modules/mu/cloud/server_pool.rb +1 -1
- data/modules/mu/cloud/ssh_sessions.rb +7 -5
- data/modules/mu/cloud/wrappers.rb +2 -2
- data/modules/mu/cloud.rb +1 -1
- data/modules/mu/config/bucket.rb +1 -1
- data/modules/mu/config/function.rb +6 -1
- data/modules/mu/config/loadbalancer.rb +24 -2
- data/modules/mu/config/ref.rb +12 -0
- data/modules/mu/config/role.rb +1 -1
- data/modules/mu/config/schema_helpers.rb +42 -9
- data/modules/mu/config/server.rb +43 -27
- data/modules/mu/config/tail.rb +19 -10
- data/modules/mu/config.rb +6 -5
- data/modules/mu/defaults/AWS.yaml +78 -114
- data/modules/mu/deploy.rb +9 -2
- data/modules/mu/groomer.rb +12 -4
- data/modules/mu/groomers/ansible.rb +104 -20
- data/modules/mu/groomers/chef.rb +15 -6
- data/modules/mu/master.rb +9 -4
- data/modules/mu/mommacat/daemon.rb +4 -2
- data/modules/mu/mommacat/naming.rb +1 -2
- data/modules/mu/mommacat/storage.rb +7 -2
- data/modules/mu/mommacat.rb +33 -6
- data/modules/mu/providers/aws/database.rb +161 -8
- data/modules/mu/providers/aws/dnszone.rb +11 -6
- data/modules/mu/providers/aws/endpoint.rb +81 -6
- data/modules/mu/providers/aws/firewall_rule.rb +254 -172
- data/modules/mu/providers/aws/function.rb +65 -3
- data/modules/mu/providers/aws/loadbalancer.rb +39 -28
- data/modules/mu/providers/aws/log.rb +2 -1
- data/modules/mu/providers/aws/role.rb +25 -7
- data/modules/mu/providers/aws/server.rb +36 -12
- data/modules/mu/providers/aws/server_pool.rb +237 -127
- data/modules/mu/providers/aws/storage_pool.rb +7 -1
- data/modules/mu/providers/aws/user.rb +1 -1
- data/modules/mu/providers/aws/userdata/linux.erb +6 -2
- data/modules/mu/providers/aws/userdata/windows.erb +7 -5
- data/modules/mu/providers/aws/vpc.rb +49 -25
- data/modules/mu/providers/aws.rb +13 -8
- data/modules/mu/providers/azure/container_cluster.rb +1 -1
- data/modules/mu/providers/azure/loadbalancer.rb +2 -2
- data/modules/mu/providers/azure/server.rb +5 -2
- data/modules/mu/providers/azure/userdata/linux.erb +1 -1
- data/modules/mu/providers/azure.rb +11 -8
- data/modules/mu/providers/cloudformation/dnszone.rb +1 -1
- data/modules/mu/providers/google/container_cluster.rb +15 -2
- data/modules/mu/providers/google/folder.rb +2 -1
- data/modules/mu/providers/google/function.rb +130 -4
- data/modules/mu/providers/google/habitat.rb +2 -1
- data/modules/mu/providers/google/loadbalancer.rb +407 -160
- data/modules/mu/providers/google/role.rb +16 -3
- data/modules/mu/providers/google/server.rb +5 -1
- data/modules/mu/providers/google/user.rb +25 -18
- data/modules/mu/providers/google/userdata/linux.erb +1 -1
- data/modules/mu/providers/google/vpc.rb +53 -7
- data/modules/mu/providers/google.rb +39 -39
- data/modules/mu.rb +8 -8
- data/modules/tests/elk.yaml +46 -0
- data/test/mu-master-test/controls/all_in_one.rb +1 -1
- metadata +207 -112
- data/cookbooks/firewall/CONTRIBUTING.md +0 -2
- data/cookbooks/firewall/MAINTAINERS.md +0 -19
- data/cookbooks/firewall/libraries/matchers.rb +0 -30
- data/extras/image-generators/AWS/rhel71.yaml +0 -17
@@ -113,6 +113,7 @@ module MU
|
|
113
113
|
}
|
114
114
|
rescue MU::Groomer::RunError => e
|
115
115
|
MU.log "Proceeding after failed initial Groomer run, but #{member.instance_id} may not behave as expected!", MU::WARN, details: e.inspect
|
116
|
+
pp e.backtrace
|
116
117
|
rescue StandardError => e
|
117
118
|
if !member.nil? and !done
|
118
119
|
MU.log "Aborted before I could finish setting up #{@config['name']}, cleaning it up. Stack trace will print once cleanup is complete.", MU::WARN if !@deploy.nocleanup
|
@@ -592,6 +593,12 @@ module MU
|
|
592
593
|
}
|
593
594
|
}
|
594
595
|
},
|
596
|
+
"shutdown_behavior" => {
|
597
|
+
"type" => "string",
|
598
|
+
"description" => "(Instance Templates only) Behavior when an instance is shut down at OS level",
|
599
|
+
"default" => "terminate",
|
600
|
+
"enum" => ["stop", "terminate"]
|
601
|
+
},
|
595
602
|
"generate_iam_role" => {
|
596
603
|
"type" => "boolean",
|
597
604
|
"default" => true,
|
@@ -826,6 +833,15 @@ module MU
|
|
826
833
|
},
|
827
834
|
"ingress_rules" => MU::Cloud.resourceClass("AWS", "FirewallRule").ingressRuleAddtlSchema
|
828
835
|
}
|
836
|
+
# Derpy hack: Make launch_template a valid basis key, largely the
|
837
|
+
# same schema as launch_config, just to cue us on which thing to
|
838
|
+
# build.
|
839
|
+
schema["basis"] = {
|
840
|
+
"properties" => {
|
841
|
+
"launch_template" => MU::Config::ServerPool.schema["properties"]["basis"]["properties"]["launch_config"].dup
|
842
|
+
}
|
843
|
+
}
|
844
|
+
|
829
845
|
[toplevel_required, schema]
|
830
846
|
end
|
831
847
|
|
@@ -893,8 +909,14 @@ module MU
|
|
893
909
|
end
|
894
910
|
}
|
895
911
|
|
896
|
-
if
|
897
|
-
launch = pool["basis"]["launch_config"]
|
912
|
+
if pool["basis"]["launch_config"] or pool["basis"]["launch_template"]
|
913
|
+
launch = if pool["basis"]["launch_config"]
|
914
|
+
MU.log "Launch Configurations are being sunsetted by AWS. You should switch to Launch Templates.", MU::WARN
|
915
|
+
sleep 10
|
916
|
+
pool["basis"]["launch_config"]
|
917
|
+
else
|
918
|
+
pool["basis"]["launch_template"]
|
919
|
+
end
|
898
920
|
launch['iam_policies'] ||= pool['iam_policies']
|
899
921
|
|
900
922
|
launch['size'] = MU::Cloud.resourceClass("AWS", "Server").validateInstanceType(launch["size"], pool["region"])
|
@@ -915,11 +937,10 @@ module MU
|
|
915
937
|
}
|
916
938
|
MU::Cloud.resourceClass("AWS", "Server").generateStandardRole(pool, configurator)
|
917
939
|
|
918
|
-
launch["
|
919
|
-
if launch["server"].nil? and launch["instance_id"].nil? and launch["ami_id"].nil?
|
940
|
+
if launch["server"].nil? and launch["instance_id"].nil? and launch["image_id"].nil?
|
920
941
|
img_id = MU::Cloud.getStockImage("AWS", platform: pool['platform'], region: pool['region'])
|
921
942
|
if img_id
|
922
|
-
launch['
|
943
|
+
launch['image_id'] = configurator.getTail("pool"+pool['name']+"AMI", value: img_id, prettyname: "pool"+pool['name']+"AMI", cloudtype: "AWS::EC2::Image::Id")
|
923
944
|
|
924
945
|
else
|
925
946
|
ok = false
|
@@ -1094,7 +1115,7 @@ module MU
|
|
1094
1115
|
launch_configuration_name: resource_id
|
1095
1116
|
)
|
1096
1117
|
rescue Aws::AutoScaling::Errors::ValidationError => e
|
1097
|
-
MU.log "No such Launch Configuration #{resource_id}"
|
1118
|
+
MU.log "No such Launch Configuration #{resource_id}", MU::DEBUG
|
1098
1119
|
rescue Aws::AutoScaling::Errors::InternalFailure => e
|
1099
1120
|
if retries < 5
|
1100
1121
|
MU.log "Got #{e.inspect} while removing Launch Configuration #{resource_id}.", MU::WARN
|
@@ -1104,6 +1125,14 @@ module MU
|
|
1104
1125
|
MU.log "Failed to delete Launch Configuration #{resource_id}", MU::ERR
|
1105
1126
|
end
|
1106
1127
|
end
|
1128
|
+
|
1129
|
+
retries = 0
|
1130
|
+
begin
|
1131
|
+
MU.log "Removing Launch Template #{resource_id}"
|
1132
|
+
MU::Cloud::AWS.ec2(region: region, credentials: credentials).delete_launch_template(launch_template_name: resource_id)
|
1133
|
+
rescue Aws::EC2::Errors::InvalidLaunchTemplateNameNotFoundException => e
|
1134
|
+
MU.log "No such Launch Template #{resource_id}", MU::DEBUG
|
1135
|
+
end
|
1107
1136
|
}
|
1108
1137
|
return nil
|
1109
1138
|
end
|
@@ -1111,31 +1140,58 @@ module MU
|
|
1111
1140
|
private
|
1112
1141
|
|
1113
1142
|
def createUpdateLaunchConfig
|
1114
|
-
return if !@config['basis'] or
|
1143
|
+
return if !@config['basis'] or !(@config['basis']["launch_config"] or @config['basis']["launch_template"])
|
1115
1144
|
|
1116
1145
|
instance_secret = Password.random(50)
|
1117
1146
|
@deploy.saveNodeSecret("default", instance_secret, "instance_secret")
|
1147
|
+
|
1148
|
+
launch_chunk = if @config['basis']['launch_config']
|
1149
|
+
@config['basis']['launch_config']
|
1150
|
+
else
|
1151
|
+
@config['basis']['launch_template']
|
1152
|
+
end
|
1153
|
+
|
1154
|
+
if !launch_chunk['image_id'] and !launch_chunk['ami_id']
|
1155
|
+
pp launch_chunk
|
1156
|
+
raise "missing image_id from launch somehow"
|
1157
|
+
end
|
1158
|
+
|
1159
|
+
launch_chunk['image_id'] ||= launch_chunk['ami_id']
|
1118
1160
|
|
1119
|
-
if
|
1161
|
+
if !launch_chunk["server"].nil?
|
1120
1162
|
#XXX this isn't how we find these; use findStray or something
|
1121
|
-
if @deploy.deployment["images"].nil? or @deploy.deployment["images"][
|
1122
|
-
raise MuError, "#{@mu_name} needs an AMI from server #{
|
1163
|
+
if @deploy.deployment["images"].nil? or @deploy.deployment["images"][launch_chunk["server"]].nil?
|
1164
|
+
raise MuError, "#{@mu_name} needs an AMI from server #{launch_chunk["server"]}, but I don't see one anywhere"
|
1123
1165
|
end
|
1124
|
-
|
1125
|
-
MU.log "Using AMI '#{
|
1126
|
-
elsif
|
1127
|
-
|
1166
|
+
launch_chunk["image_id"] = @deploy.deployment["images"][launch_chunk["server"]]["image_id"]
|
1167
|
+
MU.log "Using AMI '#{launch_chunk["image_id"]}' from sibling server #{launch_chunk["server"]} in ServerPool #{@mu_name}"
|
1168
|
+
elsif !launch_chunk["instance_id"].nil?
|
1169
|
+
launch_chunk["image_id"] = MU::Cloud.resourceClass("AWS", "Server").createImage(
|
1128
1170
|
name: @mu_name,
|
1129
|
-
instance_id:
|
1171
|
+
instance_id: launch_chunk["instance_id"],
|
1130
1172
|
credentials: @credentials,
|
1131
1173
|
region: @region
|
1132
1174
|
)[@region]
|
1133
1175
|
end
|
1134
|
-
MU::Cloud.resourceClass("AWS", "Server").waitForAMI(@config['basis']['launch_config']["ami_id"].to_s, credentials: @credentials)
|
1135
1176
|
|
1136
|
-
|
1137
|
-
|
1138
|
-
|
1177
|
+
if launch_chunk["image_id"]
|
1178
|
+
MU::Cloud.resourceClass("AWS", "Server").waitForAMI(launch_chunk["image_id"].to_s, credentials: @credentials)
|
1179
|
+
end
|
1180
|
+
|
1181
|
+
|
1182
|
+
oldlaunch = if @config['basis']['launch_template']
|
1183
|
+
begin
|
1184
|
+
MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).describe_launch_templates(
|
1185
|
+
launch_template_names: [@mu_name]
|
1186
|
+
).launch_templates.first
|
1187
|
+
rescue Aws::EC2::Errors::InvalidLaunchTemplateNameNotFoundException
|
1188
|
+
nil
|
1189
|
+
end
|
1190
|
+
else
|
1191
|
+
MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).describe_launch_configurations(
|
1192
|
+
launch_configuration_names: [@mu_name]
|
1193
|
+
).launch_configurations.first
|
1194
|
+
end
|
1139
1195
|
|
1140
1196
|
userdata = MU::Cloud.fetchUserdata(
|
1141
1197
|
platform: @config["platform"],
|
@@ -1160,10 +1216,10 @@ module MU
|
|
1160
1216
|
)
|
1161
1217
|
|
1162
1218
|
# Figure out which devices are embedded in the AMI already.
|
1163
|
-
image = MU::Cloud::AWS.ec2.describe_images(image_ids: [
|
1219
|
+
image = MU::Cloud::AWS.ec2.describe_images(image_ids: [launch_chunk["image_id"]]).images.first
|
1164
1220
|
|
1165
1221
|
if image.nil?
|
1166
|
-
raise "#{
|
1222
|
+
raise "#{launch_chunk["image_id"]} does not exist, cannot update/create launch config #{@mu_name}"
|
1167
1223
|
end
|
1168
1224
|
|
1169
1225
|
ext_disks = {}
|
@@ -1179,8 +1235,8 @@ module MU
|
|
1179
1235
|
end
|
1180
1236
|
|
1181
1237
|
storage = []
|
1182
|
-
if
|
1183
|
-
|
1238
|
+
if !launch_chunk["storage"].nil?
|
1239
|
+
launch_chunk["storage"].each { |vol|
|
1184
1240
|
if ext_disks.has_key?(vol["device"])
|
1185
1241
|
if ext_disks[vol["device"]].has_key?(:snapshot_id)
|
1186
1242
|
vol.delete("encrypted")
|
@@ -1194,151 +1250,205 @@ module MU
|
|
1194
1250
|
storage.concat(MU::Cloud.resourceClass("AWS", "Server").ephemeral_mappings)
|
1195
1251
|
|
1196
1252
|
if !oldlaunch.nil?
|
1197
|
-
|
1198
|
-
|
1199
|
-
|
1200
|
-
|
1201
|
-
|
1202
|
-
|
1203
|
-
|
1253
|
+
if @config['basis']['launch_template']
|
1254
|
+
MU.log "XXX LAUNCH TEMPLATE ADD A NEW VERSION", MU::ERR
|
1255
|
+
else
|
1256
|
+
olduserdata = Base64.decode64(oldlaunch.user_data)
|
1257
|
+
if userdata == olduserdata and
|
1258
|
+
oldlaunch.image_id == launch_chunk["image_id"] and
|
1259
|
+
oldlaunch.ebs_optimized == launch_chunk["ebs_optimized"] and
|
1260
|
+
oldlaunch.instance_type == launch_chunk["size"] and
|
1261
|
+
oldlaunch.instance_monitoring.enabled == launch_chunk["monitoring"]
|
1262
|
+
# XXX check more things
|
1204
1263
|
# launch.block_device_mappings != storage
|
1205
1264
|
# XXX block device comparison isn't this simple
|
1206
|
-
|
1207
|
-
|
1265
|
+
return
|
1266
|
+
end
|
1208
1267
|
|
1209
|
-
|
1210
|
-
|
1268
|
+
# Put our Autoscale group onto a temporary launch config
|
1269
|
+
try_ami = oldlaunch.image_id
|
1270
|
+
begin
|
1211
1271
|
|
1212
|
-
|
1213
|
-
|
1214
|
-
|
1215
|
-
|
1216
|
-
|
1217
|
-
|
1218
|
-
|
1219
|
-
|
1220
|
-
|
1221
|
-
|
1222
|
-
|
1223
|
-
|
1224
|
-
|
1225
|
-
|
1226
|
-
|
1227
|
-
|
1228
|
-
|
1229
|
-
|
1272
|
+
MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).create_launch_configuration(
|
1273
|
+
launch_configuration_name: @mu_name+"-TMP",
|
1274
|
+
user_data: Base64.encode64(olduserdata),
|
1275
|
+
image_id: try_ami,
|
1276
|
+
key_name: oldlaunch.key_name,
|
1277
|
+
security_groups: oldlaunch.security_groups,
|
1278
|
+
instance_type: oldlaunch.instance_type,
|
1279
|
+
block_device_mappings: storage,
|
1280
|
+
instance_monitoring: oldlaunch.instance_monitoring,
|
1281
|
+
iam_instance_profile: oldlaunch.iam_instance_profile,
|
1282
|
+
ebs_optimized: oldlaunch.ebs_optimized,
|
1283
|
+
associate_public_ip_address: oldlaunch.associate_public_ip_address
|
1284
|
+
)
|
1285
|
+
rescue ::Aws::AutoScaling::Errors::ValidationError => e
|
1286
|
+
if e.message.match(/Member must have length less than or equal to (\d+)/)
|
1287
|
+
MU.log "Userdata script too long updating #{@mu_name} Launch Config (#{Base64.encode64(userdata).size.to_s}/#{Regexp.last_match[1]} bytes)", MU::ERR
|
1288
|
+
elsif e.message.match(/AMI cannot be described/) and try_ami == oldlaunch.image_id and try_ami != launch_chunk["image_id"]
|
1289
|
+
try_ami = launch_chunk["image_id"]
|
1290
|
+
retry
|
1291
|
+
else
|
1292
|
+
MU.log "Error saving copy of old #{@mu_name} Launch Config: #{e.message}", MU::ERR
|
1293
|
+
end
|
1294
|
+
raise e.message
|
1230
1295
|
end
|
1231
|
-
raise e.message
|
1232
|
-
end
|
1233
1296
|
|
1234
1297
|
|
1235
|
-
|
1236
|
-
|
1237
|
-
|
1238
|
-
|
1239
|
-
|
1240
|
-
|
1241
|
-
|
1242
|
-
|
1298
|
+
MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).update_auto_scaling_group(
|
1299
|
+
auto_scaling_group_name: @mu_name,
|
1300
|
+
launch_configuration_name: @mu_name+"-TMP"
|
1301
|
+
)
|
1302
|
+
# ...now back to an identical one with the "real" name
|
1303
|
+
MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).delete_launch_configuration(
|
1304
|
+
launch_configuration_name: @mu_name
|
1305
|
+
)
|
1306
|
+
end
|
1243
1307
|
end
|
1244
1308
|
|
1245
|
-
# Now to build the new one
|
1246
1309
|
sgs = []
|
1247
1310
|
if @dependencies.has_key?("firewall_rule")
|
1248
1311
|
@dependencies['firewall_rule'].values.each { |sg|
|
1249
1312
|
sgs << sg.cloud_id
|
1250
1313
|
}
|
1251
1314
|
end
|
1252
|
-
|
1253
|
-
launch_options = {
|
1254
|
-
:launch_configuration_name => @mu_name,
|
1255
|
-
:user_data => Base64.encode64(userdata),
|
1256
|
-
:image_id => @config["basis"]["launch_config"]["ami_id"],
|
1257
|
-
:key_name => @deploy.ssh_key_name,
|
1258
|
-
:security_groups => sgs,
|
1259
|
-
:instance_type => @config["basis"]["launch_config"]["size"],
|
1260
|
-
:block_device_mappings => storage,
|
1261
|
-
:instance_monitoring => {:enabled => @config["basis"]["launch_config"]["monitoring"]},
|
1262
|
-
:ebs_optimized => @config["basis"]["launch_config"]["ebs_optimized"]
|
1263
|
-
}
|
1264
|
-
if @config["vpc"] or @config["vpc_zone_identifier"]
|
1265
|
-
launch_options[:associate_public_ip_address] = @config["associate_public_ip"]
|
1266
|
-
end
|
1267
|
-
["kernel_id", "ramdisk_id", "spot_price"].each { |arg|
|
1268
|
-
if @config['basis']['launch_config'][arg]
|
1269
|
-
launch_options[arg.to_sym] = @config['basis']['launch_config'][arg]
|
1270
|
-
end
|
1271
|
-
}
|
1272
|
-
rolename = nil
|
1273
|
-
|
1274
1315
|
['generate_iam_role', 'iam_policies', 'canned_iam_policies', 'iam_role'].each { |field|
|
1275
|
-
if
|
1276
|
-
@config[field] =
|
1316
|
+
if launch_chunk
|
1317
|
+
@config[field] = launch_chunk[field]
|
1277
1318
|
else
|
1278
|
-
|
1319
|
+
launch_chunk[field] = @config[field]
|
1279
1320
|
end
|
1280
1321
|
}
|
1281
|
-
|
1282
|
-
@config['iam_role'] = @config['basis']['launch_config']['iam_role'] = launch_options[:iam_instance_profile] = MU::Cloud.resourceClass("AWS", "Server").getIAMProfile(
|
1322
|
+
@config['iam_role'] = launch_chunk['iam_role'] = MU::Cloud.resourceClass("AWS", "Server").getIAMProfile(
|
1283
1323
|
@config['name'],
|
1284
1324
|
@deploy,
|
1285
|
-
generated:
|
1286
|
-
role_name:
|
1325
|
+
generated: launch_chunk['generate_iam_role'],
|
1326
|
+
role_name: launch_chunk['iam_role'],
|
1287
1327
|
region: @region,
|
1288
1328
|
credentials: @credentials
|
1289
1329
|
).values.first
|
1290
1330
|
|
1291
|
-
|
1292
|
-
|
1293
|
-
|
1294
|
-
|
1295
|
-
|
1296
|
-
|
1331
|
+
if @config['basis']['launch_config']
|
1332
|
+
@config['basis']['launch_config']['iam_role'] = @config['iam_role']
|
1333
|
+
launch_options = {
|
1334
|
+
:launch_configuration_name => @mu_name,
|
1335
|
+
:user_data => Base64.encode64(userdata),
|
1336
|
+
:image_id => launch_chunk["image_id"],
|
1337
|
+
:key_name => @deploy.ssh_key_name,
|
1338
|
+
:iam_instance_profile => @config['iam_role'],
|
1339
|
+
:security_groups => sgs,
|
1340
|
+
:instance_type => launch_chunk["size"],
|
1341
|
+
:block_device_mappings => storage,
|
1342
|
+
:instance_monitoring => {:enabled => launch_chunk["monitoring"]},
|
1343
|
+
:ebs_optimized => launch_chunk["ebs_optimized"]
|
1344
|
+
}
|
1345
|
+
if @config["vpc"] or @config["vpc_zone_identifier"]
|
1346
|
+
launch_options[:associate_public_ip_address] = @config["associate_public_ip"]
|
1297
1347
|
end
|
1298
|
-
|
1299
|
-
|
1300
|
-
|
1348
|
+
["kernel_id", "ramdisk_id", "spot_price"].each { |arg|
|
1349
|
+
if launch_chunk[arg]
|
1350
|
+
launch_options[arg.to_sym] = launch_chunk[arg]
|
1351
|
+
end
|
1352
|
+
}
|
1353
|
+
rolename = nil
|
1354
|
+
|
1355
|
+
lc_attempts = 0
|
1356
|
+
begin
|
1357
|
+
MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).create_launch_configuration(launch_options)
|
1358
|
+
rescue Aws::AutoScaling::Errors::ValidationError => e
|
1359
|
+
if lc_attempts > 3
|
1360
|
+
MU.log "Got error while creating #{@mu_name} Launch Config#{@credentials ? " with credentials #{@credentials}" : ""}: #{e.message}, retrying in 5s", MU::WARN, details: launch_options.reject { |k,_v | k == :user_data }
|
1361
|
+
end
|
1362
|
+
sleep 5
|
1363
|
+
lc_attempts += 1
|
1364
|
+
retry
|
1365
|
+
end
|
1366
|
+
MU.log "Launch Configuration #{@mu_name} created"
|
1367
|
+
elsif !oldlaunch # XXX actually just generate a version instead of a whole new template
|
1368
|
+
@config['basis']['launch_template']['iam_role'] = @config['iam_role']
|
1369
|
+
launch_options = {
|
1370
|
+
:launch_template_name => @mu_name,
|
1371
|
+
:version_description => "initial",
|
1372
|
+
:launch_template_data => {
|
1373
|
+
:image_id => launch_chunk["image_id"],
|
1374
|
+
:instance_type => launch_chunk["size"],
|
1375
|
+
:block_device_mappings => storage,
|
1376
|
+
:key_name => @deploy.ssh_key_name,
|
1377
|
+
:security_group_ids => sgs,
|
1378
|
+
:instance_initiated_shutdown_behavior => @config['shutdown_behavior'],
|
1379
|
+
:metadata_options => {
|
1380
|
+
:http_tokens => "optional",
|
1381
|
+
:http_endpoint => "enabled",
|
1382
|
+
:instance_metadata_tags => "enabled"
|
1383
|
+
},
|
1384
|
+
:iam_instance_profile => {
|
1385
|
+
:name => @config['iam_role']
|
1386
|
+
},
|
1387
|
+
:ebs_optimized => launch_chunk["ebs_optimized"],
|
1388
|
+
:monitoring => {:enabled => launch_chunk["monitoring"]},
|
1389
|
+
:tag_specifications => [
|
1390
|
+
:resource_type => "instance",
|
1391
|
+
:tags => @tags.keys.map { |t| { key: t, value: @tags[t] } }
|
1392
|
+
],
|
1393
|
+
:user_data => Base64.encode64(userdata),
|
1394
|
+
},
|
1395
|
+
}
|
1396
|
+
["kernel_id", "ramdisk_id"].each { |arg|
|
1397
|
+
if launch_chunk[arg]
|
1398
|
+
launch_options[:launch_template_data][arg.to_sym] = launch_chunk[arg]
|
1399
|
+
end
|
1400
|
+
}
|
1401
|
+
lt_attempts = 0
|
1402
|
+
resp = nil
|
1403
|
+
begin
|
1404
|
+
resp = MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).create_launch_template(launch_options)
|
1405
|
+
pp resp
|
1406
|
+
if !resp or !resp.launch_template or resp.launch_template.empty? or (resp and resp.warning and resp.warning.errors)
|
1407
|
+
MU.log "Got error while creating #{@mu_name} Launch Template#{@credentials ? " with credentials #{@credentials}" : ""}: #{resp.warning.errors.first.message} (deleting then retrying in 5s)", MU::WARN, details: launch_options
|
1408
|
+
MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).delete_launch_template(launch_template_id: resp.launch_template.launch_template_id)
|
1409
|
+
sleep 5
|
1410
|
+
lt_attempts += 1
|
1411
|
+
end
|
1412
|
+
end while lt_attempts < 5 and resp and resp.warning and resp.warning.errors
|
1413
|
+
MU.log "Launch Template #{@mu_name} created"
|
1301
1414
|
end
|
1302
1415
|
|
1303
1416
|
if !oldlaunch.nil?
|
1304
|
-
|
1305
|
-
|
1306
|
-
|
1307
|
-
|
1308
|
-
|
1309
|
-
|
1310
|
-
|
1311
|
-
|
1312
|
-
|
1313
|
-
|
1314
|
-
|
1417
|
+
if @config['basis']['launch_template']
|
1418
|
+
MU.log "XXX LAUNCH TEMPLATE MAKE ASG USE NEW VERSION", MU::ERR
|
1419
|
+
else
|
1420
|
+
# Tell the ASG to use the new LaunchConfig, and nuke the old one
|
1421
|
+
MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).update_auto_scaling_group(
|
1422
|
+
auto_scaling_group_name: @mu_name,
|
1423
|
+
launch_configuration_name: @mu_name
|
1424
|
+
)
|
1425
|
+
MU::Cloud::AWS.autoscale(region: @region, credentials: @credentials).delete_launch_configuration(
|
1426
|
+
launch_configuration_name: @mu_name+"-TMP"
|
1427
|
+
)
|
1428
|
+
MU.log "Launch Configuration #{@mu_name} replaced"
|
1429
|
+
end
|
1315
1430
|
end
|
1316
1431
|
|
1317
1432
|
end
|
1318
1433
|
|
1434
|
+
|
1435
|
+
|
1436
|
+
|
1319
1437
|
def buildOptionsHash
|
1320
1438
|
asg_options = {
|
1321
1439
|
:auto_scaling_group_name => @mu_name,
|
1322
|
-
:launch_configuration_name => @mu_name,
|
1323
1440
|
:default_cooldown => @config["default_cooldown"],
|
1324
1441
|
:health_check_type => @config["health_check_type"],
|
1325
1442
|
:health_check_grace_period => @config["health_check_grace_period"],
|
1326
|
-
:tags => []
|
1327
1443
|
}
|
1444
|
+
asg_options[:tags] = @tags.keys.map { |t| { key: t, value: @tags[t], propagate_at_launch: true } }
|
1328
1445
|
|
1329
|
-
|
1330
|
-
asg_options[:
|
1331
|
-
|
1332
|
-
|
1333
|
-
|
1334
|
-
|
1335
|
-
asg_options[:tags] << {key: name, value: value, propagate_at_launch: true}
|
1336
|
-
}
|
1337
|
-
end
|
1338
|
-
|
1339
|
-
if @config['tags']
|
1340
|
-
@config['tags'].each { |tag|
|
1341
|
-
asg_options[:tags] << {key: tag['key'], value: tag['value'], propagate_at_launch: true}
|
1446
|
+
if @config['basis']['launch_config']
|
1447
|
+
asg_options[:launch_configuration_name] = @mu_name
|
1448
|
+
else
|
1449
|
+
asg_options[:launch_template] = {
|
1450
|
+
:launch_template_name => @mu_name,
|
1451
|
+
:version => "$Default"
|
1342
1452
|
}
|
1343
1453
|
end
|
1344
1454
|
|
@@ -31,7 +31,8 @@ module MU
|
|
31
31
|
MU.log "Creating storage pool #{@mu_name}"
|
32
32
|
resp = MU::Cloud::AWS.efs(region: @region, credentials: @credentials).create_file_system(
|
33
33
|
creation_token: @mu_name,
|
34
|
-
performance_mode: @config['storage_type']
|
34
|
+
performance_mode: @config['storage_type'],
|
35
|
+
encrypted: @config['encrypt']
|
35
36
|
)
|
36
37
|
|
37
38
|
attempts = 0
|
@@ -438,6 +439,11 @@ module MU
|
|
438
439
|
def self.schema(_config)
|
439
440
|
toplevel_required = []
|
440
441
|
schema = {
|
442
|
+
"encrypt" => {
|
443
|
+
"type" => "boolean",
|
444
|
+
"description" => "Encrypt EFS data at rest",
|
445
|
+
"default" => true
|
446
|
+
},
|
441
447
|
"ingress_rules" => {
|
442
448
|
"type" => "array",
|
443
449
|
"description" => "Firewall rules to apply to our mountpoints",
|
@@ -82,7 +82,7 @@ module MU
|
|
82
82
|
MU.log "User #{@mu_name}'s AWS Console password can be retrieved from: https://#{$MU_CFG['public_address']}/scratchpad/#{scratchitem}", MU::SUMMARY
|
83
83
|
rescue Aws::IAM::Errors::PasswordPolicyViolation => e
|
84
84
|
if retries < 1
|
85
|
-
pw = MU.
|
85
|
+
pw = MU.generatePassword
|
86
86
|
retries += 1
|
87
87
|
sleep 1
|
88
88
|
retry
|
@@ -32,13 +32,17 @@ done
|
|
32
32
|
|
33
33
|
if ping -c 5 8.8.8.8 > /dev/null; then
|
34
34
|
if [ -f /etc/debian_version ];then
|
35
|
+
export DEBIAN_FRONTEND="noninteractive"
|
35
36
|
if ! grep '^/bin/sh /var/lib/cloud/instance/user-data.txt$' /etc/rc.local > /dev/null;then
|
36
37
|
echo "/bin/sh /var/lib/cloud/instance/user-data.txt" >> /etc/rc.local
|
37
38
|
fi
|
38
39
|
apt-get update -y
|
39
40
|
if [ ! -f /usr/bin/pip ] ;then /usr/bin/apt-get --fix-missing -y install python-pip;fi
|
40
41
|
if [ ! -f /usr/bin/curl ] ;then /usr/bin/apt-get --fix-missing -y install curl;fi
|
41
|
-
AWSCLI=/usr/
|
42
|
+
AWSCLI=/usr/bin/aws
|
43
|
+
if [ ! -x /usr/bin/aws ];then
|
44
|
+
apt-get -y install awscli
|
45
|
+
fi
|
42
46
|
<% if !$mu.skipApplyUpdates %>
|
43
47
|
set +e
|
44
48
|
if [ ! -f /.mu-installer-ran-updates ];then
|
@@ -147,7 +151,7 @@ fi
|
|
147
151
|
umask 0077
|
148
152
|
|
149
153
|
if [ ! -f /opt/chef/embedded/bin/ruby ];then
|
150
|
-
curl https://
|
154
|
+
curl https://omnitruck.chef.io/install.sh > chef-install.sh
|
151
155
|
set +e
|
152
156
|
# We may run afoul of a synchronous bootstrap process doing the same thing. So
|
153
157
|
# wait until we've managed to run successfully.
|
@@ -11,8 +11,8 @@ $cygwin_dir = "$basedir/cygwin"
|
|
11
11
|
$username = (whoami).Split('\')[1]
|
12
12
|
$WebClient = New-Object System.Net.WebClient
|
13
13
|
$awsmeta = "http://169.254.169.254/latest"
|
14
|
-
$pydir = 'c:\bin\python\
|
15
|
-
$pyv = '
|
14
|
+
$pydir = 'c:\bin\python\python310'
|
15
|
+
$pyv = '3.10.5'
|
16
16
|
$env:Path += ";$pydir\Scripts;$pydir"
|
17
17
|
|
18
18
|
function log
|
@@ -91,12 +91,12 @@ If ([Environment]::OSVersion.Version.Major -lt 10) {
|
|
91
91
|
<% end %>
|
92
92
|
|
93
93
|
If (!(Test-Path "$pydir\python.exe")){
|
94
|
-
If (!(Test-Path $tmp\python-$pyv.
|
94
|
+
If (!(Test-Path $tmp\python-$pyv.exe)){
|
95
95
|
log "Downloading Python installer"
|
96
|
-
$WebClient.DownloadFile("https://www.python.org/ftp/python/$pyv/python-$pyv.
|
96
|
+
$WebClient.DownloadFile("https://www.python.org/ftp/python/$pyv/python-$pyv-amd64.exe","$tmp/python-$pyv.exe")
|
97
97
|
}
|
98
98
|
log "Running Python installer"
|
99
|
-
(Start-Process -FilePath
|
99
|
+
(Start-Process -FilePath "$tmp/python-$pyv.exe" -ArgumentList "/quiet InstallAllUsers=1 PrependPath=1 TargetDir=$pydir" -Wait -Passthru).ExitCode
|
100
100
|
}
|
101
101
|
|
102
102
|
If (!(Test-Path "$pydir\Scripts\aws.cmd")){
|
@@ -109,6 +109,8 @@ If (!(Test-Path "$pydir\Scripts\aws.cmd")){
|
|
109
109
|
pip install awscli
|
110
110
|
}
|
111
111
|
|
112
|
+
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName $server -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0)
|
113
|
+
|
112
114
|
function removeChef($location){
|
113
115
|
$install_chef = $false
|
114
116
|
$my_chef = (Get-ItemProperty $location | Where-Object {$_.DisplayName -like "chef client*"}).DisplayName
|