RubyGems - cloud-mu - Versions diffs - 3.5.0 → 3.6.3 - Mend

cloud-mu 3.5.0 → 3.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (245) hide show

checksums.yaml +4 -4
data/Berksfile +5 -2
data/Berksfile.lock +135 -0
data/ansible/roles/mu-base/README.md +33 -0
data/ansible/roles/mu-base/defaults/main.yml +2 -0
data/ansible/roles/mu-base/files/check_apm.cfg +1 -0
data/ansible/roles/mu-base/files/check_apm.sh +18 -0
data/ansible/roles/mu-base/files/check_disk.cfg +1 -0
data/ansible/roles/mu-base/files/check_elastic_shards.cfg +1 -0
data/ansible/roles/mu-base/files/check_elastic_shards.sh +12 -0
data/ansible/roles/mu-base/files/check_logstash.cfg +1 -0
data/ansible/roles/mu-base/files/check_logstash.sh +14 -0
data/ansible/roles/mu-base/files/check_mem.cfg +1 -0
data/ansible/roles/mu-base/files/check_updates.cfg +1 -0
data/ansible/roles/mu-base/files/logrotate.conf +35 -0
data/ansible/roles/mu-base/files/nrpe-apm-sudo +1 -0
data/ansible/roles/mu-base/files/nrpe-elasticshards-sudo +2 -0
data/ansible/roles/mu-base/handlers/main.yml +5 -0
data/ansible/roles/mu-base/meta/main.yml +53 -0
data/ansible/roles/mu-base/tasks/main.yml +113 -0
data/ansible/roles/mu-base/templates/nrpe.cfg.j2 +231 -0
data/ansible/roles/mu-base/tests/inventory +2 -0
data/ansible/roles/mu-base/tests/test.yml +5 -0
data/ansible/roles/mu-base/vars/main.yml +1 -0
data/ansible/roles/mu-compliance/README.md +33 -0
data/ansible/roles/mu-compliance/defaults/main.yml +2 -0
data/ansible/roles/mu-compliance/files/U_MS_Windows_Server_2016_V2R1_STIG_SCAP_1-2_Benchmark.xml +15674 -0
data/ansible/roles/mu-compliance/files/U_MS_Windows_Server_2019_V2R1_STIG_SCAP_1-2_Benchmark.xml +17553 -0
data/ansible/roles/mu-compliance/handlers/main.yml +2 -0
data/ansible/roles/mu-compliance/meta/main.yml +53 -0
data/ansible/roles/mu-compliance/tasks/main.yml +45 -0
data/ansible/roles/mu-compliance/tests/inventory +2 -0
data/ansible/roles/mu-compliance/tests/test.yml +5 -0
data/ansible/roles/mu-compliance/vars/main.yml +4 -0
data/ansible/roles/mu-elastic/README.md +51 -0
data/ansible/roles/mu-elastic/defaults/main.yml +2 -0
data/ansible/roles/mu-elastic/files/jvm.options +93 -0
data/ansible/roles/mu-elastic/handlers/main.yml +10 -0
data/ansible/roles/mu-elastic/meta/main.yml +52 -0
data/ansible/roles/mu-elastic/tasks/main.yml +186 -0
data/ansible/roles/mu-elastic/templates/elasticsearch.yml.j2 +110 -0
data/ansible/roles/mu-elastic/templates/kibana.yml.j2 +131 -0
data/ansible/roles/mu-elastic/templates/password_set.expect.j2 +19 -0
data/ansible/roles/mu-elastic/tests/inventory +2 -0
data/ansible/roles/mu-elastic/tests/test.yml +5 -0
data/ansible/roles/mu-elastic/vars/main.yml +2 -0
data/ansible/roles/mu-logstash/README.md +51 -0
data/ansible/roles/mu-logstash/defaults/main.yml +2 -0
data/ansible/roles/mu-logstash/files/02-beats-input.conf +5 -0
data/ansible/roles/mu-logstash/files/10-rails-filter.conf +16 -0
data/ansible/roles/mu-logstash/files/jvm.options +84 -0
data/ansible/roles/mu-logstash/files/logstash.yml +304 -0
data/ansible/roles/mu-logstash/handlers/main.yml +20 -0
data/ansible/roles/mu-logstash/meta/main.yml +52 -0
data/ansible/roles/mu-logstash/tasks/main.yml +254 -0
data/ansible/roles/mu-logstash/templates/20-cloudtrail.conf.j2 +28 -0
data/ansible/roles/mu-logstash/templates/30-elasticsearch-output.conf.j2 +19 -0
data/ansible/roles/mu-logstash/templates/apm-server.yml.j2 +33 -0
data/ansible/roles/mu-logstash/templates/heartbeat.yml.j2 +29 -0
data/ansible/roles/mu-logstash/templates/nginx/apm.conf.j2 +25 -0
data/ansible/roles/mu-logstash/templates/nginx/default.conf.j2 +56 -0
data/ansible/roles/mu-logstash/templates/nginx/elastic.conf.j2 +27 -0
data/ansible/roles/mu-logstash/tests/inventory +2 -0
data/ansible/roles/mu-logstash/tests/test.yml +5 -0
data/ansible/roles/mu-logstash/vars/main.yml +2 -0
data/ansible/roles/mu-rdp/README.md +33 -0
data/ansible/roles/mu-rdp/meta/main.yml +53 -0
data/ansible/roles/mu-rdp/tasks/main.yml +9 -0
data/ansible/roles/mu-rdp/tests/inventory +2 -0
data/ansible/roles/mu-rdp/tests/test.yml +5 -0
data/ansible/roles/mu-windows/tasks/main.yml +3 -0
data/bin/mu-ansible-secret +1 -1
data/bin/mu-aws-setup +4 -3
data/bin/mu-azure-setup +5 -5
data/bin/mu-configure +25 -17
data/bin/mu-firewall-allow-clients +1 -0
data/bin/mu-gcp-setup +3 -3
data/bin/mu-load-config.rb +1 -0
data/bin/mu-node-manage +66 -33
data/bin/mu-self-update +2 -2
data/bin/mu-upload-chef-artifacts +6 -1
data/bin/mu-user-manage +1 -1
data/cloud-mu.gemspec +25 -23
data/cookbooks/firewall/CHANGELOG.md +417 -224
data/cookbooks/firewall/LICENSE +202 -0
data/cookbooks/firewall/README.md +153 -126
data/cookbooks/firewall/TODO.md +6 -0
data/cookbooks/firewall/attributes/firewalld.rb +7 -0
data/cookbooks/firewall/attributes/iptables.rb +3 -3
data/cookbooks/firewall/chefignore +115 -0
data/cookbooks/firewall/libraries/helpers.rb +5 -0
data/cookbooks/firewall/libraries/helpers_firewalld.rb +1 -1
data/cookbooks/firewall/libraries/helpers_firewalld_dbus.rb +72 -0
data/cookbooks/firewall/libraries/helpers_iptables.rb +3 -3
data/cookbooks/firewall/libraries/helpers_nftables.rb +170 -0
data/cookbooks/firewall/libraries/helpers_ufw.rb +7 -0
data/cookbooks/firewall/libraries/helpers_windows.rb +8 -9
data/cookbooks/firewall/libraries/provider_firewall_firewalld.rb +9 -9
data/cookbooks/firewall/libraries/provider_firewall_iptables.rb +7 -7
data/cookbooks/firewall/libraries/provider_firewall_iptables_ubuntu.rb +12 -8
data/cookbooks/firewall/libraries/provider_firewall_iptables_ubuntu1404.rb +13 -9
data/cookbooks/firewall/libraries/provider_firewall_rule.rb +1 -1
data/cookbooks/firewall/libraries/provider_firewall_ufw.rb +5 -5
data/cookbooks/firewall/libraries/provider_firewall_windows.rb +4 -4
data/cookbooks/firewall/libraries/resource_firewall_rule.rb +3 -3
data/cookbooks/firewall/metadata.json +40 -1
data/cookbooks/firewall/metadata.rb +15 -0
data/cookbooks/firewall/recipes/default.rb +7 -7
data/cookbooks/firewall/recipes/disable_firewall.rb +1 -1
data/cookbooks/firewall/recipes/firewalld.rb +87 -0
data/cookbooks/firewall/renovate.json +18 -0
data/cookbooks/firewall/resources/firewalld.rb +28 -0
data/cookbooks/firewall/resources/firewalld_config.rb +39 -0
data/cookbooks/firewall/resources/firewalld_helpers.rb +106 -0
data/cookbooks/firewall/resources/firewalld_icmptype.rb +88 -0
data/cookbooks/firewall/resources/firewalld_ipset.rb +104 -0
data/cookbooks/firewall/resources/firewalld_policy.rb +115 -0
data/cookbooks/firewall/resources/firewalld_service.rb +98 -0
data/cookbooks/firewall/resources/firewalld_zone.rb +118 -0
data/cookbooks/firewall/resources/nftables.rb +71 -0
data/cookbooks/firewall/resources/nftables_rule.rb +113 -0
data/cookbooks/mu-activedirectory/Berksfile +1 -1
data/cookbooks/mu-activedirectory/metadata.rb +1 -1
data/cookbooks/mu-firewall/metadata.rb +2 -2
data/cookbooks/mu-master/Berksfile +4 -3
data/cookbooks/mu-master/attributes/default.rb +5 -2
data/cookbooks/mu-master/files/default/check_elastic.sh +761 -0
data/cookbooks/mu-master/files/default/check_kibana.rb +45 -0
data/cookbooks/mu-master/libraries/mu.rb +24 -0
data/cookbooks/mu-master/metadata.rb +5 -5
data/cookbooks/mu-master/recipes/default.rb +31 -20
data/cookbooks/mu-master/recipes/firewall-holes.rb +5 -0
data/cookbooks/mu-master/recipes/init.rb +58 -19
data/cookbooks/mu-master/recipes/update_nagios_only.rb +251 -178
data/cookbooks/mu-master/templates/default/nagios.conf.erb +5 -11
data/cookbooks/mu-master/templates/default/web_app.conf.erb +3 -0
data/cookbooks/mu-php54/Berksfile +1 -1
data/cookbooks/mu-php54/metadata.rb +2 -2
data/cookbooks/mu-tools/Berksfile +2 -3
data/cookbooks/mu-tools/attributes/default.rb +3 -4
data/cookbooks/mu-tools/files/amazon/etc/bashrc +90 -0
data/cookbooks/mu-tools/files/amazon/etc/login.defs +292 -0
data/cookbooks/mu-tools/files/amazon/etc/profile +77 -0
data/cookbooks/mu-tools/files/amazon/etc/security/limits.conf +63 -0
data/cookbooks/mu-tools/files/amazon/etc/sysconfig/init +19 -0
data/cookbooks/mu-tools/files/amazon/etc/sysctl.conf +82 -0
data/cookbooks/mu-tools/files/amazon-2023/etc/login.defs +294 -0
data/cookbooks/mu-tools/files/default/logrotate.conf +35 -0
data/cookbooks/mu-tools/files/default/nrpe_conf_d.pp +0 -0
data/cookbooks/mu-tools/libraries/helper.rb +21 -9
data/cookbooks/mu-tools/metadata.rb +4 -4
data/cookbooks/mu-tools/recipes/apply_security.rb +3 -2
data/cookbooks/mu-tools/recipes/aws_api.rb +23 -5
data/cookbooks/mu-tools/recipes/base_repositories.rb +4 -1
data/cookbooks/mu-tools/recipes/gcloud.rb +56 -56
data/cookbooks/mu-tools/recipes/nagios.rb +1 -1
data/cookbooks/mu-tools/recipes/nrpe.rb +20 -2
data/cookbooks/mu-tools/recipes/rsyslog.rb +12 -1
data/cookbooks/mu-tools/recipes/set_local_fw.rb +1 -1
data/data_bags/nagios_services/apm_backend_connect.json +5 -0
data/data_bags/nagios_services/apm_listen.json +5 -0
data/data_bags/nagios_services/elastic_shards.json +5 -0
data/data_bags/nagios_services/logstash.json +5 -0
data/data_bags/nagios_services/rhel7_updates.json +8 -0
data/extras/image-generators/AWS/centos7.yaml +1 -0
data/extras/image-generators/AWS/rhel7.yaml +21 -0
data/extras/image-generators/AWS/win2k12r2.yaml +1 -0
data/extras/image-generators/AWS/win2k16.yaml +1 -0
data/extras/image-generators/AWS/win2k19.yaml +1 -0
data/extras/list-stock-amis +0 -0
data/extras/ruby_rpm/muby.spec +8 -5
data/extras/vault_tools/export_vaults.sh +1 -1
data/extras/vault_tools/recreate_vaults.sh +0 -0
data/extras/vault_tools/test_vaults.sh +0 -0
data/install/deprecated-bash-library.sh +1 -1
data/install/installer +4 -2
data/modules/mommacat.ru +3 -1
data/modules/mu/adoption.rb +1 -1
data/modules/mu/cloud/dnszone.rb +2 -2
data/modules/mu/cloud/machine_images.rb +26 -25
data/modules/mu/cloud/resource_base.rb +213 -182
data/modules/mu/cloud/server_pool.rb +1 -1
data/modules/mu/cloud/ssh_sessions.rb +7 -5
data/modules/mu/cloud/wrappers.rb +2 -2
data/modules/mu/cloud.rb +1 -1
data/modules/mu/config/bucket.rb +1 -1
data/modules/mu/config/function.rb +6 -1
data/modules/mu/config/loadbalancer.rb +24 -2
data/modules/mu/config/ref.rb +12 -0
data/modules/mu/config/role.rb +1 -1
data/modules/mu/config/schema_helpers.rb +42 -9
data/modules/mu/config/server.rb +43 -27
data/modules/mu/config/tail.rb +19 -10
data/modules/mu/config.rb +6 -5
data/modules/mu/defaults/AWS.yaml +78 -114
data/modules/mu/deploy.rb +9 -2
data/modules/mu/groomer.rb +12 -4
data/modules/mu/groomers/ansible.rb +104 -20
data/modules/mu/groomers/chef.rb +15 -6
data/modules/mu/master.rb +9 -4
data/modules/mu/mommacat/daemon.rb +4 -2
data/modules/mu/mommacat/naming.rb +1 -2
data/modules/mu/mommacat/storage.rb +7 -2
data/modules/mu/mommacat.rb +33 -6
data/modules/mu/providers/aws/database.rb +161 -8
data/modules/mu/providers/aws/dnszone.rb +11 -6
data/modules/mu/providers/aws/endpoint.rb +81 -6
data/modules/mu/providers/aws/firewall_rule.rb +254 -172
data/modules/mu/providers/aws/function.rb +65 -3
data/modules/mu/providers/aws/loadbalancer.rb +39 -28
data/modules/mu/providers/aws/log.rb +2 -1
data/modules/mu/providers/aws/role.rb +25 -7
data/modules/mu/providers/aws/server.rb +36 -12
data/modules/mu/providers/aws/server_pool.rb +237 -127
data/modules/mu/providers/aws/storage_pool.rb +7 -1
data/modules/mu/providers/aws/user.rb +1 -1
data/modules/mu/providers/aws/userdata/linux.erb +6 -2
data/modules/mu/providers/aws/userdata/windows.erb +7 -5
data/modules/mu/providers/aws/vpc.rb +49 -25
data/modules/mu/providers/aws.rb +13 -8
data/modules/mu/providers/azure/container_cluster.rb +1 -1
data/modules/mu/providers/azure/loadbalancer.rb +2 -2
data/modules/mu/providers/azure/server.rb +5 -2
data/modules/mu/providers/azure/userdata/linux.erb +1 -1
data/modules/mu/providers/azure.rb +11 -8
data/modules/mu/providers/cloudformation/dnszone.rb +1 -1
data/modules/mu/providers/google/container_cluster.rb +15 -2
data/modules/mu/providers/google/folder.rb +2 -1
data/modules/mu/providers/google/function.rb +130 -4
data/modules/mu/providers/google/habitat.rb +2 -1
data/modules/mu/providers/google/loadbalancer.rb +407 -160
data/modules/mu/providers/google/role.rb +16 -3
data/modules/mu/providers/google/server.rb +5 -1
data/modules/mu/providers/google/user.rb +25 -18
data/modules/mu/providers/google/userdata/linux.erb +1 -1
data/modules/mu/providers/google/vpc.rb +53 -7
data/modules/mu/providers/google.rb +39 -39
data/modules/mu.rb +8 -8
data/modules/tests/elk.yaml +46 -0
data/test/mu-master-test/controls/all_in_one.rb +1 -1
metadata +207 -112
data/cookbooks/firewall/CONTRIBUTING.md +0 -2
data/cookbooks/firewall/MAINTAINERS.md +0 -19
data/cookbooks/firewall/libraries/matchers.rb +0 -30
data/extras/image-generators/AWS/rhel71.yaml +0 -17

data/bin/mu-aws-setup CHANGED Viewed

@@ -239,10 +239,10 @@ end
 if $opts[:optdisk] and !File.open("/etc/mtab").read.match(/ \/opt[\s\/]/)
   wd = Dir.getwd
   Dir.chdir("/")
-  if File.exists?("/opt/opscode/bin/chef-server-ctl")
+  if File.exist?("/opt/opscode/bin/chef-server-ctl")
     system("/opt/opscode/bin/chef-server-ctl stop")
   end
-  if !File.exists?("/sbin/mkfs.xfs")
+  if !File.exist?("/sbin/mkfs.xfs")
     system("/usr/bin/yum -y install xfsprogs")
   end
   MU::Master.disk("/dev/xvdj", "/opt_tmp", 30)
@@ -251,6 +251,7 @@ if $opts[:optdisk] and !File.open("/etc/mtab").read.match(/ \/opt[\s\/]/)
     MU.log "Failed to retrieve UUID of block device xvdj", MU::ERR, details: MU::Cloud::AWS.realDevicePath("/dev/xvdj")
     exit 1
   end
   MU.log "Moving contents of /opt to /opt_tmp", MU::NOTICE
   system("/bin/mv /opt/* /opt_tmp/")
   exit 1 if $?.exitstatus != 0
@@ -260,7 +261,7 @@ if $opts[:optdisk] and !File.open("/etc/mtab").read.match(/ \/opt[\s\/]/)
   system("echo '#{uuid} /opt xfs defaults 0 0' >> /etc/fstab")
   system("/bin/mount -a")
   exit 1 if $?.exitstatus != 0
-  if File.exists?("/opt/opscode/bin/chef-server-ctl")
+  if File.exist?("/opt/opscode/bin/chef-server-ctl")
     system("/opt/opscode/bin/chef-server-ctl start")
   end
   Dir.chdir(wd)

data/bin/mu-azure-setup CHANGED Viewed

@@ -47,12 +47,12 @@ Usage:
   opt :optdisk, "Create a block volume for /opt and slide our installation onto it", :require => false, :default => false, :type => :boolean
 end
-if MU::Cloud::Azure.hosted? and !$MU_CFG['google']
+if MU::Cloud::Azure.hosted? and !$MU_CFG['azure']
   new_cfg = $MU_CFG.dup
   cfg_blob = MU::Cloud::Azure.hosted_config
   if cfg_blob
     cfg_blob['log_bucket_name'] ||= $MU_CFG['hostname']
-    new_cfg["google"] = { "default" => cfg_blob }
+    new_cfg["azure"] = { "default" => cfg_blob }
     MU.log "Adding auto-detected Azure stanza to #{cfgPath}", MU::NOTICE
     if new_cfg != $MU_CFG or !cfgExists?
       MU.log "Generating #{cfgPath}"
@@ -251,10 +251,10 @@ if $opts[:optdisk] and !File.open("/etc/mtab").read.match(/ \/opt[\s\/]/)
 #  myname = MU::Cloud::Google.getGoogleMetaData("instance/name")
 #  wd = Dir.getwd
 #  Dir.chdir("/")
-#  if File.exists?("/opt/opscode/bin/chef-server-ctl")
+#  if File.exist?("/opt/opscode/bin/chef-server-ctl")
 #    system("/opt/opscode/bin/chef-server-ctl stop")
 #  end
-#  if !File.exists?("/sbin/mkfs.xfs")
+#  if !File.exist?("/sbin/mkfs.xfs")
 #    system("/usr/bin/yum -y install xfsprogs")
 #  end
 #  MU::Master.disk(myname+"-mu-opt", "/opt_tmp", 30)
@@ -272,7 +272,7 @@ if $opts[:optdisk] and !File.open("/etc/mtab").read.match(/ \/opt[\s\/]/)
 #  system("echo '#{uuid} /opt xfs defaults 0 0' >> /etc/fstab")
 #  system("/bin/mount -a")
 #  exit 1 if $?.exitstatus != 0
-#  if File.exists?("/opt/opscode/bin/chef-server-ctl")
+#  if File.exist?("/opt/opscode/bin/chef-server-ctl")
 #    system("/opt/opscode/bin/chef-server-ctl start")
 #  end
 #  Dir.chdir(wd)

data/bin/mu-configure CHANGED Viewed

@@ -49,6 +49,9 @@ GIT_PATTERN = /(((git|ssh|http(s)?)|(git@[\w\.]+))(:(\/\/)?))?([\w\.@\:\/\-~]+)(
 def _system(cmd)
   puts cmd.bold
   system(CLEAN_ENV, cmd)
+  if $? != 0
+    exit 1
+  end
 end
 $IN_GEM = false
@@ -103,30 +106,29 @@ $possible_addresses = []
 $impossible_addresses = ['127.0.0.1', 'localhost']
 begin
   sys_name = Socket.gethostname
-  official, aliases = Socket.gethostbyname(sys_name)
   $possible_addresses << sys_name
-  $possible_addresses << official
-  $possible_addresses.concat(aliases)
-rescue SocketError
-  # don't let them use the default hostname if it doesn't resolve
-  $impossible_addresses << sys_name
+  addrinfo = Addrinfo.ip(sys_name)
+  official = addrinfo.getnameinfo.first
+  $possible_addresses << official if official and official != sys_name
 end
 Socket.getifaddrs.each { |iface|
   if iface.addr and iface.addr.ipv4?
     $possible_addresses << iface.addr.ip_address
-    begin
-      addrinfo = Socket.gethostbyaddr(iface.addr.ip_address.split(/\./).map { |o| o.to_i }.pack("CCCC"))
-      $possible_addresses << addrinfo.first if !addrinfo.first.nil?
-    rescue SocketError
-      # usually no name to look up; that's ok
-    end
+    addrinfo = Addrinfo.ip(iface.addr.ip_address)
+    $possible_addresses << addrinfo.getnameinfo.first if addrinfo.getnameinfo.first
   end
 }
 if $IN_AWS
   ["local-ipv4", "public-ipv4"].each { |addr|
     ip = URI.open("http://169.254.169.254/latest/meta-data/#{addr}").read.chomp
-    $possible_addresses.unshift(ip) if ip and ip =~ /^\d+\.\d+\.\d+\.\d+/
+    if ip and ip =~ /^\d+\.\d+\.\d+\.\d+/
+      $possible_addresses.unshift(ip)
+      addrinfo = Addrinfo.ip(ip)
+      $possible_addresses << addrinfo.getnameinfo.first if addrinfo.getnameinfo.first
+    end
   }
 elsif $IN_GOOGLE
   ["ip", "access-configs/0/external-ip"].each { |addr|
@@ -184,6 +186,12 @@ $CONFIGURABLES = {
     "desc" => "Disable the Momma Cat grooming daemon. Nodes which require asynchronous Ansible/Chef bootstraps will not function. This option is only honored in gem-based installations.",
     "boolean" => true
   },
+  "disable_nagios" => {
+    "title" => "Disable Nagios",
+    "default" => false,
+    "desc" => "Disable Nagios monitoring",
+    "boolean" => true
+  },
   "adopt_change_notify" => {
     "title" => "Adoption Change Notifications",
     "subtree" => {
@@ -557,8 +565,8 @@ if !$NOOP
     end
     exit 1 if $?.exitstatus != 0
   end
-  _system("cd #{MU_BASE}/lib/modules && umask 0022 && /usr/local/ruby-current/bin/bundle install")
-  _system("cd #{MU_BASE}/lib/modules && umask 0022 && /opt/chef/embedded/bin/bundle install")
+  _system("cd #{MU_BASE}/lib/modules && umask 0022 && env -i PATH=/usr/local/ruby-current/bin:/bin:/usr/bin /usr/local/ruby-current/bin/bundle install")
+  _system("cd #{MU_BASE}/lib/modules && umask 0022 && env -i PATH=/opt/chef/embedded/bin:/bin:/usr/bin /opt/chef/embedded/bin/bundle install")
   KNIFE_TEMPLATE = "log_level                :info
 log_location             STDOUT
@@ -1377,7 +1385,7 @@ ssl_verify_mode :verify_none
   if AMROOT and ($INITIALIZE or $CHANGES.include?("chefartifacts"))
     MU.log "Purging and re-uploading all Chef artifacts", MU::NOTICE
     %x{/sbin/service iptables stop} if $INITIALIZE
-    if File.exists?("#{CHEF_CTL}")
+    if File.exist?("#{CHEF_CTL}")
       _system("#{CHEF_CTL} start")
     end
     output = %x{MU_INSTALLDIR=#{MU_BASE} MU_LIBDIR=#{MU_BASE}/lib MU_DATADIR=#{MU_BASE}/var #{MU_BASE}/lib/bin/mu-upload-chef-artifacts}
@@ -1498,7 +1506,7 @@ ssl_verify_mode :verify_none
   end
   begin
-    if File.exists?("#{CHEF_CTL}")
+    if File.exist?("#{CHEF_CTL}")
       _system("#{CHEF_CTL} start")
     end
     MU::Groomer::Chef.getSecret(vault: "secrets", item: "consul")

data/bin/mu-firewall-allow-clients CHANGED Viewed

@@ -23,6 +23,7 @@ end
 require 'rubygems'
 require 'bundler/setup'
+require File.expand_path(File.dirname(__FILE__))+"/mu-load-config.rb"
 require 'mu'
 # XXX this should be rolled into mu-aws-setup

data/bin/mu-gcp-setup CHANGED Viewed

@@ -140,10 +140,10 @@ if $opts[:optdisk] and !File.open("/etc/mtab").read.match(/ \/opt[\s\/]/)
   myname = MU::Cloud::Google.getGoogleMetaData("instance/name")
   wd = Dir.getwd
   Dir.chdir("/")
-  if File.exists?("/opt/opscode/bin/chef-server-ctl")
+  if File.exist?("/opt/opscode/bin/chef-server-ctl")
     system("/opt/opscode/bin/chef-server-ctl stop")
   end
-  if !File.exists?("/sbin/mkfs.xfs")
+  if !File.exist?("/sbin/mkfs.xfs")
     system("/usr/bin/yum -y install xfsprogs")
   end
   MU::Master.disk(myname+"-mu-opt", "/opt_tmp", 30)
@@ -161,7 +161,7 @@ if $opts[:optdisk] and !File.open("/etc/mtab").read.match(/ \/opt[\s\/]/)
   system("echo '#{uuid} /opt xfs defaults 0 0' >> /etc/fstab")
   system("/bin/mount -a")
   exit 1 if $?.exitstatus != 0
-  if File.exists?("/opt/opscode/bin/chef-server-ctl")
+  if File.exist?("/opt/opscode/bin/chef-server-ctl")
     system("/opt/opscode/bin/chef-server-ctl start")
   end
   Dir.chdir(wd)

data/bin/mu-load-config.rb CHANGED Viewed

@@ -75,6 +75,7 @@ def loadMuConfig(default_cfg_overrides = nil)
       "chain" => "/opt/mu/var/ssl/Mu_CA.pem"
     },
     "mu_admin_email" => "root@localhost",
+    "disable_nagios" => false,
     "allow_invade_foreign_vpcs" => false,
     "mu_repo" => "cloudamatic/mu.git",
     "public_address" => Socket.gethostname || "localhost",

data/bin/mu-node-manage CHANGED Viewed

@@ -60,14 +60,15 @@ end
 Thread.abort_on_exception = true
 master_pid = Process.pid
-$children = {}
+CHILDREN = {}
+SUMMARIES = []
 signals = Signal.list
 signals.keys.each { |sig|
   # Ruby 2.3 doesn't want to trap these
   next if ["ILL", "FPE", "KILL", "BUS", "SEGV", "STOP", "VTALRM"].include?(sig)
   Signal.trap(signals[sig]) do
     if Process.pid == master_pid
-      $children.each_pair { |pid, node|
+      CHILDREN.each_pair { |pid, node|
         if ["INT", "TERM", "EXIT", "ABRT"].include?(sig)
           Process.kill("KILL", pid) # aka --dammit
         else
@@ -153,7 +154,11 @@ if do_nodes.size > 0
 else
   do_nodes = avail_nodes
 end
-do_nodes.sort!
+if do_nodes
+  do_nodes.uniq!
+  do_nodes.sort!
+end
 #do_nodes.sort!{ |x,y| (x[$opts[:info]] <=> y[$opts[:info]]) }
@@ -181,6 +186,7 @@ exit 1 if !ok
 def reGroom(deploys = MU::MommaCat.listDeploys, nodes = [], vaults_only: false, groomeronly: false)
   badnodes = []
   count = 0
+  pipes = {}
   deploys.each { |muid|
     mommacat = MU::MommaCat.new(muid)
     next if mommacat.kittens.nil? or mommacat.kittens['servers'].nil?
@@ -192,7 +198,10 @@ def reGroom(deploys = MU::MommaCat.listDeploys, nodes = [], vaults_only: false,
             fw.groom
           }
           count = count + 1
+          # pipe to get our MU::SUMMARY messages across process boundaries
+          reader, writer = IO.pipe
           child = Process.fork {
+            reader.close
             begin
               type = "server"
               type = "server_pool" if server.config.has_key?("basis")
@@ -206,28 +215,41 @@ def reGroom(deploys = MU::MommaCat.listDeploys, nodes = [], vaults_only: false,
               else
                 mommacat.groomNode(server.cloud_id, nodeclass, type, mu_name: mu_name)
               end
+              if MU.summary
+                MU.summary.each { |msg|
+                  writer.puts msg
+                }
+              end
+              writer.close
             rescue Exception => e
+              writer.close
               MU.log e.inspect, MU::ERR, details: e.backtrace
               exit 1
             end
           }
-          $children[child] = mu_name
+          writer.close
+          CHILDREN[child] = mu_name
+          pipes[child] = reader
         }
-        while $children.size >= $opts[:concurrent]-1
+        while CHILDREN.size >= $opts[:concurrent]-1
           child = Process.wait
+          SUMMARIES.concat(pipes[child].readlines)
+          pipes[child].close
           if !$?.success?
-            badnodes << $children[child]
+            badnodes << CHILDREN[child]
           end
-          $children.delete(child)
+          CHILDREN.delete(child)
         end
       }
     }
   }
   Process.waitall.each { |child|
+    SUMMARIES.concat(pipes[child[0]].readlines)
+    pipes[child[0]].close
     if !child[1].success?
-      badnodes << $children[child[0]]
+      badnodes << CHILDREN[child[0]]
     end
-  }
+  }
   if badnodes.size > 0
     MU.log "Not all Momma Cat runs exited cleanly", MU::WARN, details: badnodes
@@ -347,19 +369,19 @@ def runCommand(deploys = MU::MommaCat.listDeploys, nodes = [], cmd = nil, print_
         puts "#{nodename} - #{output}" if print_output and output.match(/[^\s]/)
       }
-      $children[child] = nodename
-      while $children.size >= $opts[:concurrent] - 1
+      CHILDREN[child] = nodename
+      while CHILDREN.size >= $opts[:concurrent] - 1
         child = Process.wait
         if !$?.success?
-          badnodes << $children[child]
+          badnodes << CHILDREN[child]
         end
-        $children.delete(child)
+        CHILDREN.delete(child)
       end
     }
   }
   Process.waitall.each { |child|
     if !child[1].success?
-      badnodes << $children[child[0]]
+      badnodes << CHILDREN[child[0]]
     end
   }
@@ -401,10 +423,10 @@ def updateAWSMetaData(deploys = MU::MommaCat.listDeploys, nodes = [])
         end
 #        MU::Cloud::AWS::Server.createIAMProfile(pool_name, base_profile: server['iam_role'], extra_policies: server['iam_policies'])
-        pool_obj = mommacat.findLitterMate(type: "server_pool", mu_name: pool_name)
-        pool_obj.groom
+        pool_obj = mommacat.findLitterMate(type: "server_pool", mu_name: pool_name, credentials: server['credentials'], debug: true)
+        pool_obj.groom if pool_obj
-        resp = MU::Cloud::AWS.autoscale.describe_auto_scaling_groups(
+        resp = MU::Cloud::AWS.autoscale(credentials: server['credentials'], region: server['region']).describe_auto_scaling_groups(
             auto_scaling_group_names: [pool_name]
         )
@@ -413,7 +435,7 @@ def updateAWSMetaData(deploys = MU::MommaCat.listDeploys, nodes = [])
           next
         end
         resp.auto_scaling_groups.each { |asg|
-          launch = MU::Cloud::AWS.autoscale.describe_launch_configurations(
+          launch = MU::Cloud::AWS.autoscale(credentials: server['credentials'], region: server['region']).describe_launch_configurations(
             launch_configuration_names: [asg.launch_configuration_name]
           ).launch_configurations.first
@@ -430,14 +452,16 @@ def updateAWSMetaData(deploys = MU::MommaCat.listDeploys, nodes = [])
               "publicIP" => MU.mu_public_ip,
               "resourceName" => svr_class,
               "windowsAdminName" => server['windows_admin_username'],
+              "adminBucketName" => MU::Cloud::AWS.adminBucketName(server['credentials']),
               "skipApplyUpdates" => server['skipinitialupdates'],
+              "chefVersion" => MU.chefVersion,
               "resourceType" => "server_pool"
             },
             custom_append: server['userdata_script']
           )
           # Figure out which devices are embedded in the AMI already.
-          image = MU::Cloud::AWS.ec2.describe_images(image_ids: [server["basis"]["launch_config"]["ami_id"]]).images.first
+          image = MU::Cloud::AWS.ec2(credentials: server['credentials'], region: server['region']).describe_images(image_ids: [server["basis"]["launch_config"]["ami_id"]]).images.first
           if image.nil?
             MU.log "#{server["basis"]["launch_config"]["ami_id"]} does not exist, skipping launch config #{asg.launch_configuration_name}", MU::ERR
@@ -483,7 +507,7 @@ def updateAWSMetaData(deploys = MU::MommaCat.listDeploys, nodes = [])
           # Put our Autoscale group onto a temporary launch config
           begin
-            MU::Cloud::AWS.autoscale.create_launch_configuration(
+            MU::Cloud::AWS.autoscale(credentials: server['credentials'], region: server['region']).create_launch_configuration(
               launch_configuration_name: pool_name+"-TMP",
               user_data: Base64.encode64(userdata),
               image_id: server["basis"]["launch_config"]["ami_id"],
@@ -505,16 +529,16 @@ def updateAWSMetaData(deploys = MU::MommaCat.listDeploys, nodes = [])
             next
           end
-          MU::Cloud::AWS.autoscale.update_auto_scaling_group(
+          MU::Cloud::AWS.autoscale(credentials: server['credentials'], region: server['region']).update_auto_scaling_group(
             auto_scaling_group_name: pool_name,
             launch_configuration_name: pool_name+"-TMP"
           )
           # ...now back to an identical one with the "real" name
-          MU::Cloud::AWS.autoscale.delete_launch_configuration(
+          MU::Cloud::AWS.autoscale(credentials: server['credentials'], region: server['region']).delete_launch_configuration(
               launch_configuration_name: pool_name
           )
-          MU::Cloud::AWS.autoscale.create_launch_configuration(
+          MU::Cloud::AWS.autoscale(credentials: server['credentials'], region: server['region']).create_launch_configuration(
               launch_configuration_name: pool_name,
               user_data: Base64.encode64(userdata),
               image_id: server["basis"]["launch_config"]["ami_id"],
@@ -527,11 +551,11 @@ def updateAWSMetaData(deploys = MU::MommaCat.listDeploys, nodes = [])
               ebs_optimized: server["basis"]["launch_config"]["ebs_optimized"],
               associate_public_ip_address: launch.associate_public_ip_address
           )
-          MU::Cloud::AWS.autoscale.update_auto_scaling_group(
+          MU::Cloud::AWS.autoscale(credentials: server['credentials'], region: server['region']).update_auto_scaling_group(
             auto_scaling_group_name: pool_name,
             launch_configuration_name: pool_name
           )
-          MU::Cloud::AWS.autoscale.delete_launch_configuration(
+          MU::Cloud::AWS.autoscale(credentials: server['credentials'], region: server['region']).delete_launch_configuration(
             launch_configuration_name: pool_name+"-TMP"
           )
@@ -549,7 +573,7 @@ def updateAWSMetaData(deploys = MU::MommaCat.listDeploys, nodes = [])
       end
       id = server['cloud_id']
       id = server['instance_id'] if id.nil?
-      desc = MU::Cloud::AWS.ec2(region: server['region']).describe_instances(instance_ids: [id]).reservations.first.instances.first
+      desc = MU::Cloud::AWS.ec2(credentials: server['conf']['credentials'], region: server['region']).describe_instances(instance_ids: [id]).reservations.first.instances.first
       server['conf']["platform"] = "linux" if !server['conf'].has_key?("platform")
       next if nodes.size > 0 and !nodes.include?(nodename)
@@ -563,7 +587,7 @@ def updateAWSMetaData(deploys = MU::MommaCat.listDeploys, nodes = [])
         server_obj = mommacat.findLitterMate(type: "server", mu_name: nodename)
         server_obj.groom
       end
-      olduserdata = Base64.decode64(MU::Cloud::AWS.ec2(region: server['region']).describe_instance_attribute(
+      olduserdata = Base64.decode64(MU::Cloud::AWS.ec2(credentials: server['conf']['credentials'], region: server['region']).describe_instance_attribute(
         instance_id: id,
         attribute: "userData"
       ).user_data.value)
@@ -576,9 +600,12 @@ def updateAWSMetaData(deploys = MU::MommaCat.listDeploys, nodes = [])
               "muID" => muid,
               "muUser" => MU.chef_user,
               "publicIP" => MU.mu_public_ip,
+              "mommaCatPort" => MU.mommaCatPort,
               "resourceName" => server['conf']['name'],
               "windowsAdminName" => server['conf']['windows_admin_username'],
+              "adminBucketName" => MU::Cloud::AWS.adminBucketName(server['conf']['credentials']),
               "skipApplyUpdates" => server['conf']['skipinitialupdates'],
+              "chefVersion" => MU.chefVersion,
               "resourceType" => mytype
           },
           custom_append: server['userdata_script']
@@ -600,7 +627,7 @@ def updateAWSMetaData(deploys = MU::MommaCat.listDeploys, nodes = [])
       MU.log "Updating #{nodename} userdata (#{server["conf"]["platform"]})"
       begin
-        MU::Cloud::AWS.ec2(region: server['region']).modify_instance_attribute(
+        MU::Cloud::AWS.ec2(credentials: server['conf']['credentials'], region: server['region']).modify_instance_attribute(
           instance_id: id,
           attribute: "userData",
           value: Base64.encode64(userdata)
@@ -656,20 +683,20 @@ def chefUpgrade(deploys = MU::MommaCat.listDeploys, nodes = [])
         rescue Exception
         end
       }
-      $children[child] = nodename
-      while $children.size >= $opts[:concurrent]-1
+      CHILDREN[child] = nodename
+      while CHILDREN.size >= $opts[:concurrent]-1
         child = Process.wait
         if !$?.success?
-          badnodes << $children[child]
+          badnodes << CHILDREN[child]
         end
-        $children.delete(child)
+        CHILDREN.delete(child)
       end
     }
   }
   Process.waitall.each { |child|
     if !child[1].success?
-      badnodes << $children[child[0]]
+      badnodes << CHILDREN[child[0]]
     end
   }
@@ -700,3 +727,9 @@ elsif $opts[:mode] == "userdata" or $opts[:mode] == "awsmeta"
 # Need Google equiv and to select nodes correctly based on what cloud they're in
   updateAWSMetaData(do_deploys, do_nodes)
 end
+if !SUMMARIES.empty?
+  SUMMARIES.sort.uniq.each { |msg|
+    puts msg
+  }
+end

data/bin/mu-self-update CHANGED Viewed

@@ -159,7 +159,7 @@ git config branch.${branch}.merge refs/heads/$branch
 CHEF_CLIENT_VERSION=`grep '^CHEF_CLIENT_VERSION=' /opt/mu/lib/install/installer |cut -d\" -f2`
 # Make sure any new bootstrappy stuff has been applied
-chef-apply /opt/mu/lib/cookbooks/mu-master/recipes/init.rb
+PATH="/opt/chef/embedded/bin:${PATH}" /opt/chef/bin/chef-apply /opt/mu/lib/cookbooks/mu-master/recipes/init.rb
 # Make sure bundler will use a recent git binary
 if [ -d /usr/local/git-current ];then
@@ -213,7 +213,7 @@ else
   fi
 fi
-/opt/chef/bin/chef-apply $MU_LIBDIR/cookbooks/mu-master/recipes/init.rb
+PATH="/opt/chef/embedded/bin:${PATH}" /opt/chef/bin/chef-apply $MU_LIBDIR/cookbooks/mu-master/recipes/init.rb
 /bin/rm -rf $MU_DATADIR/tmp/cookbook_changes.$$
 /bin/rm -rf $MU_DATADIR/tmp/berks_changes.$$

data/bin/mu-upload-chef-artifacts CHANGED Viewed

@@ -20,7 +20,12 @@ set -e
 #################################################
 scriptpath="`dirname $0`"
-knife="/opt/chef/bin/knife"
+# Chef can't pick a lane
+if [ -x "/opt/chef/bin/knife" ];then
+  knife="/opt/chef/bin/knife"
+elif [ -x "/opt/chef/embedded/bin/knife" ];then
+  knife="/opt/chef/embedded/bin/knife"
+fi
 USER=`whoami`
 STARTDIR=`pwd`

data/bin/mu-user-manage CHANGED Viewed

@@ -120,7 +120,7 @@ end
 $password = nil
 if $opts[:generate_password]
-  $password = MU.generateWindowsPassword
+  $password = MU.generatePassword
 elsif $opts[:password]
   $password = $opts[:password]
 elsif $opts[:interactive]

data/cloud-mu.gemspec CHANGED Viewed

@@ -17,8 +17,8 @@ end
 Gem::Specification.new do |s|
   s.name        = 'cloud-mu'
-  s.version     = '3.5.0'
-  s.date        = '2021-01-18'
+  s.version     = '3.6.3'
+  s.date        = '2024-11-26'
   s.require_paths = ['modules']
   s.required_ruby_version = '>= 2.4'
   s.summary     = "The eGTLabs Mu toolkit for unified cloud deployments"
@@ -31,39 +31,41 @@ EOF
   s.authors     = ["John Stange", "Robert Patt-Corner", "Ryan Bolyard", "Zach Rowe"]
   s.email       = 'eGTLabs@eglobaltech.com'
   s.files       = build_file_list(whereami)
-  if Dir.exists?(whereami+"/bin")
+  if Dir.exist?(whereami+"/bin")
     s.executables = Dir.entries(whereami+"/bin").reject { |f| File.directory?(f) }
   end
   s.homepage    =
     'https://github.com/cloudamatic/mu'
   s.license       = 'BSD-3-Clause-Attribution'
-  s.add_runtime_dependency 'addressable', '~> 2.5'
-  s.add_runtime_dependency "aws-sdk", "~> 3.0"
-  s.add_runtime_dependency 'azure_sdk', '~> 0.65'
-  s.add_runtime_dependency 'bundler', "~> 2.1.4"
-  s.add_runtime_dependency 'chronic_duration', "~> 0.10"
+  s.add_runtime_dependency 'addressable'#, '~> 2.5'
+#  s.add_runtime_dependency "aws-sdk-core", "< 3.132" # need to pin this so Chef doesn't twist itself in knots
+  s.add_runtime_dependency "aws-sdk", "~> 3"
+#  s.add_runtime_dependency 'azure_sdk', '~> 0.65'
+  s.add_runtime_dependency 'bundler'#, "~> 2.2"
+  s.add_runtime_dependency 'chronic_duration'#, "~> 0.10"
   s.add_runtime_dependency 'color', "~> 1.8"
   s.add_runtime_dependency 'colorize', "~> 0.8"
-  s.add_runtime_dependency 'erubis', "~> 2.7"
-  s.add_runtime_dependency 'google-api-client', "~> 0.50.0"
-  s.add_runtime_dependency 'googleauth', "~> 0.6"
+  s.add_runtime_dependency 'erubis'#, "~> 2.7"
+  s.add_runtime_dependency 'faraday-multipart', "<= 1.0.4"
+  s.add_runtime_dependency 'google-api-client', "~> 0.53.0"
+  s.add_runtime_dependency 'googleauth', "~> 1.2.0"
   s.add_runtime_dependency 'inifile', "~> 3.0"
   s.add_runtime_dependency 'json-schema', "~> 2.8"
-  s.add_runtime_dependency 'net-ldap', "~> 0.16"
-  s.add_runtime_dependency 'net-ssh', "~> 4.2"
-  s.add_runtime_dependency 'net-ssh-multi', '~> 1.2', '>= 1.2.1'
-  s.add_runtime_dependency 'netaddr', '~> 2.0'
-  s.add_runtime_dependency 'nokogiri', "~> 1.10"
+  s.add_runtime_dependency 'net-ldap'#, "~> 0.16"
+  s.add_runtime_dependency 'net-ssh', "~> 7.2"
+  s.add_runtime_dependency 'net-ssh-multi'#, '~> 1.2', '>= 1.2.1'
+  s.add_runtime_dependency 'netaddr'#, '~> 2.0'
+  s.add_runtime_dependency 'nokogiri'#, "~> 1.10"
   s.add_runtime_dependency 'openssl-oaep', "~> 0.1"
-  s.add_runtime_dependency 'optimist', "~> 3.0"
-  s.add_runtime_dependency 'rack', "~> 2.0"
+  s.add_runtime_dependency 'optimist'#, "~> 3.0"
+  s.add_runtime_dependency 'rack'#, "~> 2.0"
   s.add_runtime_dependency 'ruby-graphviz', "~> 1.2"
-  s.add_runtime_dependency 'rubocop', '~> 0.58'
-  s.add_runtime_dependency 'rubyzip', "~> 2.3"
+  s.add_runtime_dependency 'rubocop'#, '~> 0.58'
+  s.add_runtime_dependency 'rubyzip'#, "~> 2.3"
   s.add_runtime_dependency 'simple-password-gen', "~> 0.1"
   s.add_runtime_dependency 'slack-notifier', "~> 2.3"
-  s.add_runtime_dependency 'solve', '~> 4.0'
-  s.add_runtime_dependency 'thin', "~> 1.7"
+  s.add_runtime_dependency 'solve'#, '~> 4.0'
+  s.add_runtime_dependency 'thin'#, "~> 1.7"
   s.add_runtime_dependency 'winrm', "~> 2.3", ">= 2.3.4"
-  s.add_runtime_dependency 'yard', "~> 0.9"
+  s.add_runtime_dependency 'yard'#, "~> 0.9"
 end