cloud-mu 3.1.4 → 3.1.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 63e9eb2d1b4db9fe4dc96bfdc81fc6ae47c6e0b6afa1113226ebf4d798a4990a
-  data.tar.gz: 60ea7c4c936d2f66e300705b1cbaaca178476581ad106d05f7f48dac310f2003
+  metadata.gz: a2a3a37b9669c04e28e4b5a0d2f80a2de02478dabac733c90e9d36dae452528c
+  data.tar.gz: 654354392527c27ac2825bce89b992f209577cbf97dbdce29ceeb23565cf733d
 SHA512:
-  metadata.gz: f7862eacf10e60e1ee974b7a518177baf4d16271724d4ad9b0fd02a27dd3a7a9b5de5caa04aa6ce5bfe171449ffcbebdafd0012c2299c4ac2e39442fbbd0fcfd
-  data.tar.gz: a72c384253bc6b1649060ca33ceaafb28a1f9fb9d5cd699af2bcc63f7b1bbad3efb9ca1b67fbcc08b4fed0efa2d7f533ef3556abb15ed977490912f09e6350de
+  metadata.gz: d09fbaa85a8bfa880b35aad227367a4b156635d847ca9f697a7e6cbc93600b0b59fd495dd180e2d6955f160dab83f81335e7d47a6c2027c6598fd8b82da97c2a
+  data.tar.gz: b49216fcc464945f3f27b0927c59b3e41b906ddaf09f7b87433a37eec54330462cf246058fa9959d3d1ec90ee1570fc3921bc7e0da0a1552c1d4664832e4d42e

data/ansible/roles/mu-windows/README.md

@@ -0,0 +1,33 @@
+Role Name
+=========
+
+Used during image builds for Windows 2012R2, 2016, and 2019. Runs all updates and installs chocolatey, git, openssh, and ruby.
+
+Requirements
+------------
+
+Windows host with internet connectivity and no other major services running.
+
+License
+-------
+
+Copyright:: Copyright (c) 2020 eGlobalTech, Inc., all rights reserved
+
+Licensed under the BSD-3 license (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License in the root of the project or at
+
+    http://egt-labs.com/mu/LICENSE.html
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+Author Information
+------------------
+
+Current developers: John Stange, Robert Patt-Corner, Ryan Bolyard
+
+egt-labs-admins@egt-labs.com

data/ansible/roles/mu-windows/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for mu-windows

data/ansible/roles/mu-windows/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for mu-windows

data/ansible/roles/mu-windows/meta/main.yml

@@ -0,0 +1,53 @@
+galaxy_info:
+  author: your name
+  description: your description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.4
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
+  

data/ansible/roles/mu-windows/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+- name: Install all updates with automatic reboots
+  win_updates:
+    reboot: yes
+    reboot_timeout: 1800
+
+- name: Install git
+  win_chocolatey:
+    name: git
+    state: present
+
+- name: Install ruby
+  win_chocolatey:
+    name: ruby
+    state: present
+
+- name: Install openssh
+  win_chocolatey:
+    name: openssh
+    state: present

data/ansible/roles/mu-windows/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

data/ansible/roles/mu-windows/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - mu-windows

data/ansible/roles/mu-windows/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for mu-windows

data/cloud-mu.gemspec

@@ -17,8 +17,8 @@ end
 
 Gem::Specification.new do |s|
   s.name        = 'cloud-mu'
-  s.version     = '3.1.4'
-  s.date        = '2020-02-14'
+  s.version     = '3.1.5'
+  s.date        = '2020-03-03'
   s.require_paths = ['modules']
   s.required_ruby_version = '>= 2.4'
   s.summary     = "The eGTLabs Mu toolkit for unified cloud deployments"
@@ -52,6 +52,7 @@ EOF
   s.add_runtime_dependency 'net-ssh-multi', '~> 1.2', '>= 1.2.1'
   s.add_runtime_dependency 'netaddr', '~> 2.0'
   s.add_runtime_dependency 'nokogiri', "~> 1.10"
+  s.add_runtime_dependency 'openssl-oaep', "~> 0.1"
   s.add_runtime_dependency 'optimist', "~> 3.0"
   s.add_runtime_dependency 'rack', "~> 2.0"
   s.add_runtime_dependency 'ruby-graphviz', "~> 1.2"
@@ -61,5 +62,6 @@ EOF
   s.add_runtime_dependency 'slack-notifier', "~> 2.3"
   s.add_runtime_dependency 'solve', '~> 4.0'
   s.add_runtime_dependency 'thin', "~> 1.7"
+  s.add_runtime_dependency 'winrm', "~> 2.3", ">= 2.3.4"
   s.add_runtime_dependency 'yard', "~> 0.9"
 end

data/cookbooks/mu-tools/recipes/selinux.rb

@@ -4,7 +4,8 @@
 #
 # Copyright:: 2019, The Authors, All Rights Reserved.
 
-if !node['application_attributes']['skip_recipes'].include?('selinux')
+if !node['application_attributes']['skip_recipes'].include?('selinux') and
+   (platform_family?("rhel") or platform_family?("amazon"))
 
   selinux_state "SELinux Enforcing" do
     action :enforcing

data/cookbooks/mu-tools/recipes/windows-client.rb

@@ -184,153 +184,149 @@ if !node['application_attributes']['skip_recipes'].include?('windows-client')
 #        end
 #      }
 
-        reboot "Cygwin LSA" do
-          action :nothing
-          reason "Enabling Cygwin LSA support"
-        end
-
-        powershell_script "Configuring Cygwin LSA support" do
-          code <<-EOH
-            Invoke-Expression '& #{cygwindir}/bin/bash.exe --login -c "echo yes | /bin/cyglsa-config"'
-          EOH
-          not_if {
-            lsa_found = false
-            if registry_key_exists?("HKLM\\SYSTEM\\CurrentControlSet\\Control\\Lsa")
-              registry_get_values("HKLM\\SYSTEM\\CurrentControlSet\\Control\\Lsa").each { |val|
-                if val[:name] == "Authentication Packages"
-                  lsa_found = true if val[:data].grep(/cyglsa64\.dll/)
-                  break
-                end
-              }
-            end
-            lsa_found
-          }
-          notifies :reboot_now, "reboot[Cygwin LSA]", :immediately
-        end
-
-        powershell_script "enable Cygwin sshd" do
-          code <<-EOH
-            Invoke-Expression -Debug '& #{cygwindir}/bin/bash.exe --login -c "ssh-host-config -y -c ntsec -w ''#{sshd_password}'' -u #{sshd_user}"'
-            Invoke-Expression -Debug '& #{cygwindir}/bin/bash.exe --login -c "sed -i.bak ''s/#.*StrictModes.*yes/StrictModes no/'' /etc/sshd_config"'
-            Invoke-Expression -Debug '& #{cygwindir}/bin/bash.exe --login -c "sed -i.bak ''s/#.*PasswordAuthentication.*yes/PasswordAuthentication no/'' /etc/sshd_config"'
-            Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "chown #{sshd_user} /var/empty /var/log/sshd.log /etc/ssh*; chmod 755 /var/empty"'
-          EOH
-          sensitive true
-          not_if %Q{Get-Service "sshd"}
-        end
-        powershell_script "set unix-style Cygwin sshd permissions" do
-          code <<-EOH
-            if((Get-WmiObject win32_computersystem).partofdomain){
-              Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "mkpasswd -d > /etc/passwd"'
-              Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "mkgroup -l -d > /etc/group"'
-            } else {
-              Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "mkpasswd -l > /etc/passwd"'
-              Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "mkgroup -l > /etc/group"'
-            }
-            Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "chown #{sshd_user} /var/empty /var/log/sshd.log /etc/ssh*; chmod 755 /var/empty"'
-          EOH
-        end
-
-        include_recipe 'mu-activedirectory'
-
-        ::Chef::Recipe.send(:include, Chef::Mixin::PowershellOut)
-
-        template "c:/bin/cygwin/etc/sshd_config" do
-          source "sshd_config.erb"
-          mode 0644
-          cookbook "mu-tools"
-          ignore_failure true
-        end
-
-        ec2config_user= windows_vault[node['windows_ec2config_username_field']]
-        ec2config_password = windows_vault[node['windows_ec2config_password_field']]
-        login_dom = "."
-
-        if in_domain?
-
-          ad_vault = chef_vault_item(node['ad']['domain_admin_vault'], node['ad']['domain_admin_item'])
-          login_dom = node['ad']['netbios_name']
-
-          windows_users node['ad']['computer_name'] do
-            username ad_vault[node['ad']['domain_admin_username_field']]
-            password ad_vault[node['ad']['domain_admin_password_field']]
-            domain_name node['ad']['domain_name']
-            netbios_name node['ad']['netbios_name']
-            dc_ips node['ad']['dc_ips']
-            ssh_user sshd_user
-            ssh_password sshd_password
-            ec2config_user ec2config_user
-            ec2config_password ec2config_password
-          end
-
-          aws_windows "ec2" do
-            username ec2config_user
-            service_username "#{node['ad']['netbios_name']}\\#{ec2config_user}"
-            password ec2config_password
-          end
-
-          scheduled_tasks "tasks" do
-            username ad_vault[node['ad']['domain_admin_username_field']]
-            password ad_vault[node['ad']['domain_admin_password_field']]
-          end
-
-          sshd_service "sshd" do
-            service_username "#{node['ad']['netbios_name']}\\#{sshd_user}"
-            username sshd_user
-            password sshd_password
-          end
-
-          begin
-            resources('service[sshd]')
-          escue Chef::Exceptions::ResourceNotFound
-            service "sshd" do
-              action [:enable, :start]
-              sensitive true
-            end
-          end
-        else
-          windows_users node['hostname'] do
-            username node['windows_admin_username']
-            password windows_vault[node['windows_auth_password_field']]
-            ssh_user sshd_user
-            ssh_password sshd_password
-            ec2config_user ec2config_user
-            ec2config_password ec2config_password
-          end
-
-          aws_windows "ec2" do
-            username ec2config_user
-            service_username ".\\#{ec2config_user}"
-            password ec2config_password
-          end
-
-          scheduled_tasks "tasks" do
-            username node['windows_admin_username']
-            password windows_vault[node['windows_auth_password_field']]
-          end
-
-          sshd_service "sshd" do
-            username sshd_user
-            service_username ".\\#{sshd_user}"
-            password sshd_password
-        end
-        begin
-          resources('service[sshd]')
-        rescue Chef::Exceptions::ResourceNotFound
-          service "Cygwin sshd as '#{sshd_user}'" do
-						service_name "sshd"
-            action [:enable, :start]
-            sensitive true
-          end
-        end
-      end
+#        reboot "Cygwin LSA" do
+#          action :nothing
+#          reason "Enabling Cygwin LSA support"
+#        end
+#
+#        powershell_script "Configuring Cygwin LSA support" do
+#          code <<-EOH
+#            Invoke-Expression '& #{cygwindir}/bin/bash.exe --login -c "echo yes | /bin/cyglsa-config"'
+#          EOH
+#          not_if {
+#            lsa_found = false
+#            if registry_key_exists?("HKLM\\SYSTEM\\CurrentControlSet\\Control\\Lsa")
+#              registry_get_values("HKLM\\SYSTEM\\CurrentControlSet\\Control\\Lsa").each { |val|
+#                if val[:name] == "Authentication Packages"
+#                  lsa_found = true if val[:data].grep(/cyglsa64\.dll/)
+#                  break
+#                end
+#              }
+#            end
+#            lsa_found
+#          }
+#          notifies :reboot_now, "reboot[Cygwin LSA]", :immediately
+#        end
+#
+#        powershell_script "enable Cygwin sshd" do
+#          code <<-EOH
+#            Invoke-Expression -Debug '& #{cygwindir}/bin/bash.exe --login -c "ssh-host-config -y -c ntsec -w ''#{sshd_password}'' -u #{sshd_user}"'
+#            Invoke-Expression -Debug '& #{cygwindir}/bin/bash.exe --login -c "sed -i.bak ''s/#.*StrictModes.*yes/StrictModes no/'' /etc/sshd_config"'
+#            Invoke-Expression -Debug '& #{cygwindir}/bin/bash.exe --login -c "sed -i.bak ''s/#.*PasswordAuthentication.*yes/PasswordAuthentication no/'' /etc/sshd_config"'
+#            Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "chown #{sshd_user} /var/empty /var/log/sshd.log /etc/ssh*; chmod 755 /var/empty"'
+#          EOH
+#          sensitive true
+#          not_if %Q{Get-Service "sshd"}
+#        end
+#        powershell_script "set unix-style Cygwin sshd permissions" do
+#          code <<-EOH
+#            if((Get-WmiObject win32_computersystem).partofdomain){
+#              Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "mkpasswd -d > /etc/passwd"'
+#              Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "mkgroup -l -d > /etc/group"'
+#            } else {
+#              Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "mkpasswd -l > /etc/passwd"'
+#              Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "mkgroup -l > /etc/group"'
+#            }
+#            Invoke-Expression -Debug '& #{cygwindir}/bin/bash --login -c "chown #{sshd_user} /var/empty /var/log/sshd.log /etc/ssh*; chmod 755 /var/empty"'
+#          EOH
+#        end
+#
+#        include_recipe 'mu-activedirectory'
+#
+#        ::Chef::Recipe.send(:include, Chef::Mixin::PowershellOut)
+#
+#        template "c:/bin/cygwin/etc/sshd_config" do
+#          source "sshd_config.erb"
+#          mode 0644
+#          cookbook "mu-tools"
+#          ignore_failure true
+#        end
+#
+#        ec2config_user= windows_vault[node['windows_ec2config_username_field']]
+#        ec2config_password = windows_vault[node['windows_ec2config_password_field']]
+#        login_dom = "."
+#
+#        if in_domain?
+#
+#          ad_vault = chef_vault_item(node['ad']['domain_admin_vault'], node['ad']['domain_admin_item'])
+#          login_dom = node['ad']['netbios_name']
+#
+#          windows_users node['ad']['computer_name'] do
+#            username ad_vault[node['ad']['domain_admin_username_field']]
+#            password ad_vault[node['ad']['domain_admin_password_field']]
+#            domain_name node['ad']['domain_name']
+#            netbios_name node['ad']['netbios_name']
+#            dc_ips node['ad']['dc_ips']
+#            ssh_user sshd_user
+#            ssh_password sshd_password
+#            ec2config_user ec2config_user
+#            ec2config_password ec2config_password
+#          end
+#
+#          aws_windows "ec2" do
+#            username ec2config_user
+#            service_username "#{node['ad']['netbios_name']}\\#{ec2config_user}"
+#            password ec2config_password
+#          end
+#
+#          scheduled_tasks "tasks" do
+#            username ad_vault[node['ad']['domain_admin_username_field']]
+#            password ad_vault[node['ad']['domain_admin_password_field']]
+#          end
+#
+#          sshd_service "sshd" do
+#            service_username "#{node['ad']['netbios_name']}\\#{sshd_user}"
+#            username sshd_user
+#            password sshd_password
+#          end
+#
+#          begin
+#            resources('service[sshd]')
+#          escue Chef::Exceptions::ResourceNotFound
+#            service "sshd" do
+#              action [:enable, :start]
+#              sensitive true
+#            end
+#          end
+#        else
+#          windows_users node['hostname'] do
+#            username node['windows_admin_username']
+#            password windows_vault[node['windows_auth_password_field']]
+#            ssh_user sshd_user
+#            ssh_password sshd_password
+#            ec2config_user ec2config_user
+#            ec2config_password ec2config_password
+#          end
+#
+#          aws_windows "ec2" do
+#            username ec2config_user
+#            service_username ".\\#{ec2config_user}"
+#            password ec2config_password
+#          end
+#
+#          scheduled_tasks "tasks" do
+#            username node['windows_admin_username']
+#            password windows_vault[node['windows_auth_password_field']]
+#          end
+#
+#          sshd_service "sshd" do
+#            username sshd_user
+#            service_username ".\\#{sshd_user}"
+#            password sshd_password
+#        end
+#        begin
+#          resources('service[sshd]')
+#        rescue Chef::Exceptions::ResourceNotFound
+#          service "Cygwin sshd as '#{sshd_user}'" do
+#						service_name "sshd"
+#            action [:enable, :start]
+#            sensitive true
+#          end
+#        end
+#      end
     end
 
     else
       Chef::Log.info("mu-tools::windows-client: Unsupported platform #{node['platform']}")
   end
 end
-# Copyright:: Copyright (c) 2014 eGlobalTech, Inc., all rights reserved
-#
-# Cookbook Name:: mu-tools
-# Recipe:: windows-client