cloud-mu 3.6.10 → 3.6.11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e73ecd2759df6ccc11710c83b0e3a2733eededf4ac6825bb0a76ab284aaf8887
-  data.tar.gz: 1717164c2388e7e7ba8a7cb66877242399468606524d9ea759e746a6a0fb9c00
+  metadata.gz: b68d83dd2e0b863871189a2d9468dd2ac80c95dd1a673dd1e08b68a7e6c3d551
+  data.tar.gz: 50b026f0cdf80c07842711db06e85b6bfb42953c05043ac1558e70cfccda13a9
 SHA512:
-  metadata.gz: 5a859e81138c136a6b49833ce6e63d6a619fe158d7b3f572b2f1e75466f6dd0e180e2df9c76a19f7e925efa67d3cb28c254531d6af731af7ea0aba1258566ce1
-  data.tar.gz: 8b9faa2e7f5c8408e888a74264f13a8bb679ddabb6fcf761ea2c2d28835be3e26f0eb5129d7ecfe6a6b16ab617d9331cc4e18992b7182e7f04ba578764215d9a
+  metadata.gz: 71b4a59e6221377619473dce422a1ba5546a66d27e50ec31138de6a6306fceb7c2ad32386156190d6da8a4a06d07bf815adbf580b104872a3030ec1a6c1fd156
+  data.tar.gz: a6169fc63299885e53800021fb75c4771d8d6b84dec76d1ec1e562e94c8a95d4ff3345cc3827cc1fc1f3c489fbe15d7cfdaca151070327df1906942763efe234

data/Berksfile

@@ -12,9 +12,8 @@ cookbook 'mu-mongo'
 cookbook 'mu-openvpn'
 cookbook 'mu-tools'
 cookbook 'mu-utility'
-cookbook 'nagios', '~> 11.2.2'
-#cookbook 'mu-nagios' , '~> 8.2.0', git: "https://github.com/cloudamatic/mu-nagios.git"
-cookbook 'firewall', path: 'cookbooks/firewall'
+cookbook 'nagios', '~> 12.1.201'
+#cookbook 'mu-nagios'
 cookbook 'chocolatey'
 cookbook 'seven_zip', '< 4.0'
 cookbook 'nginx', '< 12'

data/Berksfile.lock

@@ -1,8 +1,6 @@
 DEPENDENCIES
   awscli
   chocolatey
-  firewall
-    path: cookbooks/firewall
   mu-activedirectory
   mu-firewall
   mu-glusterfs
@@ -12,14 +10,14 @@ DEPENDENCIES
   mu-splunk
   mu-tools
   mu-utility
-  nagios (~> 11.2.2)
+  nagios (~> 12.1.201)
   nginx (< 12.0.0)
   seven_zip (< 4.0.0)
 
 GRAPH
   apache2 (9.0.6)
     yum-epel (>= 0.0.0)
-  apt (7.5.23)
+  apt (7.6.0)
   awscli (1.1.2)
     python (~> 1.4)
   bind (2.2.1)
@@ -33,8 +31,8 @@ GRAPH
   cpan (0.1.0)
   database (6.1.1)
     postgresql (>= 1.0.0)
-  firewall (6.3.7)
-  homebrew (5.4.9)
+  firewall (7.0.1)
+  homebrew (6.0.1)
   hostsfile (3.0.1)
   java (2.2.1)
     homebrew (>= 0.0.0)
@@ -50,8 +48,8 @@ GRAPH
     chef-vault (~> 3.1.1)
     windows (~> 5.1.1)
     yum-epel (~> 5.0.8)
-  mu-firewall (0.1.3)
-    firewall (~> 6.3.7)
+  mu-firewall (0.1.4)
+    firewall (~> 7.0.1)
   mu-glusterfs (0.1.0)
     mu-firewall (>= 0.0.0)
     yum (~> 5.1.0)
@@ -68,7 +66,7 @@ GRAPH
     mu-utility (>= 0.0.0)
     nagios (>= 0.0.0)
     nrpe (~> 2.0.3)
-    postfix (~> 5.3.1)
+    postfix (~> 6.0.29)
     s3fs (>= 0.0.0)
   mu-mongo (0.5.0)
     chef-vault (~> 3.1.1)
@@ -83,7 +81,6 @@ GRAPH
     chef-vault (~> 3.1.1)
     chocolatey (>= 0.0.0)
     database (~> 6.1.1)
-    firewall (>= 0.0.0)
     java (~> 2.2.0)
     mu-activedirectory (>= 0.0.0)
     mu-firewall (>= 0.0.0)
@@ -98,11 +95,11 @@ GRAPH
   mu-utility (0.6.0)
     mu-firewall (>= 0.0.0)
     windows (~> 5.1.1)
-  nagios (11.2.9)
+  nagios (12.1.201)
     apache2 (>= 9.0)
     nginx (>= 11.2)
     nrpe (>= 0.0.0)
-    php (>= 7.2)
+    php (>= 10.0)
     yum-epel (>= 0.0.0)
     zap (>= 0.6.0)
   nginx (11.5.3)
@@ -116,8 +113,8 @@ GRAPH
     cpan (>= 0.0.0)
     php (>= 0.0.0)
   packagecloud (2.0.8)
-  php (10.2.3)
-  postfix (5.3.1)
+  php (10.2.4)
+  postfix (6.0.29)
   postgresql (7.1.9)
   python (1.4.6)
     build-essential (>= 0.0.0)

data/bin/mu-aws-setup

@@ -167,11 +167,23 @@ if $opts[:sg]
   if !admin_sg.nil?
     MU.log "Using an existing Security Group, #{admin_sg}, already associated with this Mu server."
     open_ports.each { |port|
-      admin_sg.addRule(ranges, port: port, comment: "Mu Master service access")
+      begin
+        admin_sg.addRule(ranges, port: port, comment: "Mu Master service access")
+      rescue Aws::EC2::Errors::InvalidPermissionDuplicate
+      end
     }
-    admin_sg.addRule(["#{preferred_ip}/32"], port: 22, comment: "Mu Master service access")
-    admin_sg.addRule(["0.0.0.0/0"], port: 80, comment: "Mu Master service access")
-    admin_sg.addRule([admin_sg.cloud_id], comment: "Mu Master service access")
+    begin
+      admin_sg.addRule(["#{preferred_ip}/32"], port: 22, comment: "Mu Master service access")
+    rescue Aws::EC2::Errors::InvalidPermissionDuplicate
+    end
+    begin
+      admin_sg.addRule(["0.0.0.0/0"], port: 80, comment: "Mu Master service access")
+    rescue Aws::EC2::Errors::InvalidPermissionDuplicate
+    end
+    begin
+      admin_sg.addRule([admin_sg.cloud_id], comment: "Mu Master service access")
+    rescue Aws::EC2::Errors::InvalidPermissionDuplicate
+    end
   else
     cfg = {
       "name" => "Mu Master",

data/bin/mu-configure

@@ -39,6 +39,7 @@ CLEAN_ENV_STR = CLEAN_ENV.keys.map { |k|
 CHEF_CLIENT="/opt/chef/bin/chef-client"
 CHEF_CTL="env -i PATH=/opt/opscode/bin:/usr/bin:/bin chef-server-ctl"
 GIT_PATTERN = /(((git|ssh|http(s)?)|(git@[\w\.]+))(:(\/\/)?))?([\w\.@\:\/\-~]+)(\.git)?(\/)?/
+ENV['CHEF_LICENSE'] = "accept"
 
 
 #def _x(cmd)
@@ -1243,7 +1244,7 @@ ssl_verify_mode :verify_none
         "user" => "CN=mu_join_creds,#{$MU_CFG["ldap"]['user_ou']}"
       },
       "cfg_directory_adm" => {
-        "user" => "admin"
+        "user" => "cn=Directory Manager"
       },
       "root_dn_user" => {
         "user" => "CN=root_dn_user"

data/cloud-mu.gemspec

@@ -17,8 +17,8 @@ end
 
 Gem::Specification.new do |s|
   s.name        = 'cloud-mu'
-  s.version     = '3.6.10'
-  s.date        = '2024-11-28'
+  s.version     = '3.6.11'
+  s.date        = '2025-04-27'
   s.require_paths = ['modules']
   s.required_ruby_version = '>= 3'
   s.summary     = "The eGTLabs Mu toolkit for unified cloud deployments"

data/cookbooks/mu-firewall/Berksfile

@@ -6,4 +6,4 @@ metadata
 # Mu Cookbooks
 
 # Supermarket Cookbooks
-cookbook	'firewall', '~> 2.7.0'
+cookbook	'firewall', '~> 7.0.1'

data/cookbooks/mu-firewall/attributes/default.rb

@@ -1,5 +1,5 @@
-default['firewall']['allow_ssh'] = true
 default['firewall']['firewalld']['permanent'] = true
 default['firewall']['ipv6_enabled'] = false
 default['firewall']['allow_loopback'] = true
-force_default['firewall']['allow_established'] = true
+force_default['firewall']['allow_established'] = true
+force_default['firewall']['allow_ssh'] = true

data/cookbooks/mu-firewall/metadata.rb

@@ -7,10 +7,10 @@ long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
 source_url 'https://github.com/cloudamatic/mu'
 issues_url 'https://github.com/cloudamatic/mu/issues'
 chef_version '>= 12.1' if respond_to?(:chef_version)
-version          '0.1.3'
+version          '0.1.4'
 
-%w( amazon centos redhat windows ).each do |os|
+%w( amazon centos redhat ).each do |os|
 	supports os
 end
 
-depends	'firewall', '~> 6.3.7'
+depends	'firewall', '~> 7.0.1'

data/cookbooks/mu-firewall/recipes/default.rb

@@ -2,9 +2,18 @@
 # Cookbook Name:: mu-firewall
 # Recipe:: default
 #
-# Copyright 2016, YOUR_COMPANY_NAME
+# Copyright 2025, eGlobalTech
 #
 # All rights reserved - Do Not Redistribute
 #
 
-include_recipe 'firewall'
+if node['platform_family'] != "amazon" or node['platform_version'].to_i >= 2023
+
+  # The firewall cookbook needs this, and its chef_gem resource doesn't work
+  # for some reason.
+  execute "env -i /opt/chef/embedded/bin/gem install ruby-dbus" do
+    compile_time true
+  end
+
+  include_recipe 'firewall'
+end

data/cookbooks/mu-master/Berksfile

@@ -13,7 +13,7 @@ cookbook 's3fs'
 # Supermarket Cookbooks
 cookbook 'nagios'
 cookbook 'nrpe', '~> 2.0.3'
-cookbook 'postfix', '~> 5.3.1'
+cookbook 'postfix', '~> 6.0.29'
 cookbook 'bind', '~> 2.2.0'
 cookbook 'bind9-ng', '~> 0.1.0'
 #cookbook 'vault-cluster', '~> 2.1.0'

data/cookbooks/mu-master/attributes/default.rb

@@ -21,14 +21,27 @@ default['apache']['mod_ssl']['directives']['SSLProtocol'] = "all -SSLv2 -SSLv3"
 default['apache']['contact'] = $MU_CFG['mu_admin_email']
 default['apache']['traceenable'] = 'Off'
 
+default['apache']['version'] = "2.4"
 default["apache"]["listen"] = ["*:80", "*:443", "*:8443"]
 default['apache']['user'] = "apache"
 default['apache']['group'] = "apache"
 
-
 override["nagios"]["http_port"] = 8443
 default['nagios']['enable_ssl'] = true
 
+# The brain-dead Nagios cookbook configures itself with a checksum and version
+# flag for 4.1.1, then proceeds to concoct a URL for 4.4.6. Help it.
+default['nagios']['server']['source_url'] = "https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.5.8.tar.gz"
+default['nagios']['server']['checksum'] = "66b73bfc148c0763a64bbf849595d818"
+default['nagios']['server']['version'] = "66b73bfc148c0763a64bbf849595d818"
+
+
+if node['platform_family'] == "amazon" and node['platform_version'].split('.')[0] == "2023"
+  default['nagios']['php_packages'] = ["php8.3", "php8.3-devel", "php8.3-cli", "php8.3-modphp", "php-pear"]
+  default['nagios']['php_gd_package'] = "php8.3-gd"
+  default['nagios']['server']['dependencies'] = ["openssl-devel", "mailx", "gd-devel", "tar", "unzip"]
+end
+
 # We use key/value tags like sensible people, but Chef expects an array and
 # flattens the whole mess out, hence the weird form here.
 default['nagios']['exclude_tag_host'] = [ [ "nomonitor", true ] ]

data/cookbooks/mu-master/files/default/389ds-perl/ASDialogs.pm

@@ -0,0 +1,173 @@
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+# 
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+package ASDialogs;
+
+use strict;
+
+use DialogManager;
+use Setup;
+use Dialog;
+use DSUtil;
+
+my $asserveradmin = new Dialog (
+    $SILENT, # hidden
+    'none',
+    sub {
+        my $self = shift;
+        my $id = $self->{manager}->{inf}->{admin}->{ServerAdminID} ||
+            $self->{manager}->{inf}->{General}->{ConfigDirectoryAdminID};
+        if (isValidDN($id)) {
+            $id =~ s/^(.*)=.*/$1/;
+        }
+        $self->{manager}->{inf}->{admin}->{ServerAdminID} = $id;
+        my $pwd = $self->{manager}->{inf}->{admin}->{ServerAdminPwd} ||
+            $self->{manager}->{inf}->{General}->{ConfigDirectoryAdminPwd};
+        $self->{manager}->{inf}->{admin}->{ServerAdminPwd} = $pwd;
+        return $id;
+    },
+    sub {
+        return $DialogManager::NEXT;
+    },
+    ['none']
+);
+
+my $asport = new Dialog (
+    $TYPICAL,
+    'dialog_asport_text',
+    sub {
+        my $self = shift;
+        my $port = $self->{manager}->{inf}->{admin}->{Port};
+        if (!defined($port)) {
+            $port = 9830;
+            $self->{manager}->{setup}->{asorigport} = $port;
+        }
+        if (!$self->{manager}->{setup}->{reconfigas}) {
+            if (!portAvailable($port)) {
+                $port = getAvailablePort();
+            }
+        }
+        return $port;
+    },
+    sub {
+        my $self = shift;
+        my $ans = shift;
+        my $res = $DialogManager::SAME;
+        my $reconf = $self->{manager}->{setup}->{reconfigas};
+        if ($ans !~ /\d+/) {
+            $self->{manager}->alert("dialog_asport_error", $ans);
+        } elsif (!$reconf && !portAvailable($ans)) {
+            $self->{manager}->alert("dialog_asport_error", $ans);
+        } else {
+            $res = $DialogManager::NEXT;
+            $self->{manager}->{inf}->{admin}->{Port} = $ans;
+        }
+        return $res;
+    },
+    ['dialog_asport_prompt']
+);
+
+my $ashostip = new Dialog (
+    $CUSTOM,
+    'dialog_ashostip_text',
+    sub {
+        my $self = shift;
+        if (!defined($self->{manager}->{inf}->{admin}->{ServerIpAddress})) {
+            $self->{manager}->{inf}->{admin}->{ServerIpAddress} = "0.0.0.0";
+        }
+        return $self->{manager}->{inf}->{admin}->{ServerIpAddress};
+    },
+    sub {
+        my $self = shift;
+        my $ans = shift;
+        if ($ans && (length($ans) > 0)) {
+            $self->{manager}->{inf}->{admin}->{ServerIpAddress} = $ans;
+        } elsif (exists($self->{manager}->{inf}->{admin}->{ServerIpAddress})) {
+            delete $self->{manager}->{inf}->{admin}->{ServerIpAddress};
+        }
+        return $DialogManager::NEXT;
+    },
+    ['dialog_ashostip_prompt']
+);
+
+# must verify that the user or uid specified by the user to run the server as
+# is a valid uid
+sub verifyUserChoice {
+    my $self = shift;
+    my $ans = shift;
+    my $res = $DialogManager::NEXT;
+    # convert numeric uid to string
+    my $strans = $ans;
+    if ($ans =~ /^\d/) { # numeric - convert to string
+        $strans = getpwuid $ans;
+        if (!$strans) {
+            $self->{manager}->alert("dialog_assysuser_error", $ans);
+            return $DialogManager::SAME;
+        }
+    }
+    if ($> != 0) { # if not root, the user must be our uid
+        my $username = getLogin;
+        if ($strans ne $username) {
+            $self->{manager}->alert("dialog_assysuser_must_be_same", $username);
+            return $DialogManager::SAME;
+        }
+    } else { # user is root - verify id
+        my $nuid = getpwnam $strans;
+        if (!defined($nuid)) {
+            $self->{manager}->alert("dialog_assysuser_error", $ans);
+            return $DialogManager::SAME;
+        }
+        if (!$nuid) {
+            $self->{manager}->alert("dialog_assysuser_root_warning");
+        }
+    }
+    $self->{manager}->{inf}->{admin}->{SysUser} = $ans;
+    return $res;
+}
+
+my $assysuser = new Dialog (
+    $CUSTOM,
+    'dialog_assysuser_text',
+    sub {
+        my $self = shift;
+        my $user = $self->{manager}->{inf}->{admin}->{SysUser};
+        if (!defined($user)) {
+            $user = $self->{manager}->{inf}->{General}->{SuiteSpotUserID};
+        }
+        if (!defined($user)) {
+            if ($> == 0) { # if root, use the default user
+                $user = "nobody";
+            } else { # if not root, use the user's uid
+                $user = getLogin;
+            }
+        }
+        return $user;
+    },
+    sub {
+        my $self = shift;
+        my $ans = shift;
+        return verifyUserChoice($self, $ans);
+    },
+    ['dialog_assysuser_prompt']
+);
+
+sub getDialogs {
+    return ($asserveradmin, $asport, $ashostip, $assysuser);
+}
+
+1;