Merge pull request #74 from cloudamatic/winrm_more_like_rm_windows

cloudamatic · Dec 8, 2017 · d3570e4 · d3570e4
2 parents 37d5e20 + 7f39312
commit d3570e4
Show file tree

Hide file tree

Showing 51 changed files with 1,692 additions and 2,180 deletions.
diff --git a/Berksfile b/Berksfile
@@ -42,3 +42,5 @@ cookbook 'runit', '~> 1.7'
 cookbook 's3fs', path: "#{cookbookPath}/s3fs"
 cookbook 'zipfile', '~> 0.1.0'
 #cookbook 'hashicorp-vault', '~> 2.5.0', git: "https://github.com/johnbellone/vault-cookbook"
+cookbook 'demo', path: "#{siteCookbookPath}/demo"
+cookbook 'windows', '= 3.2.0'
diff --git a/Berksfile.lock b/Berksfile.lock
@@ -4,7 +4,10 @@ DEPENDENCIES
   awscli
     path: cookbooks/awscli
   build-essential (~> 8.0)
+  chef-vault (< 3.0.0)
   chef_nginx (~> 6.1.1)
+  demo
+    path: site_cookbooks/demo
   freebsd (~> 0.1.9)
   gunicorn (~> 1.1.2)
   logrotate (~> 1.9.2)
@@ -42,11 +45,29 @@ DEPENDENCIES
   runit (~> 1.7)
   s3fs
     path: cookbooks/s3fs
+  windows (= 3.2.0)
   zipfile (~> 0.1.0)
 
 GRAPH
   apache2 (3.3.1)
-  apt (6.1.3)
+  application (5.2.0)
+    poise (~> 2.4)
+    poise-service (~> 1.0)
+  application_python (4.0.0)
+    application (~> 5.0)
+    poise (~> 2.0)
+    poise-python (~> 1.0)
+    poise-service (~> 1.0)
+  application_ruby (4.1.0)
+    application (~> 5.0)
+    poise (~> 2.0)
+    poise-ruby (~> 2.1)
+    poise-service (~> 1.0)
+  apt (6.1.4)
+  ark (3.1.0)
+    build-essential (>= 0.0.0)
+    seven_zip (>= 0.0.0)
+    windows (>= 0.0.0)
   aws (2.9.3)
     ohai (>= 2.1.0)
   awscli (0.2.1)
@@ -56,8 +77,7 @@ GRAPH
     mingw (>= 1.1)
     seven_zip (>= 0.0.0)
   chef-sugar (3.4.0)
-  chef-vault (3.0.0)
-    compat_resource (>= 12.16.3)
+  chef-vault (2.1.1)
   chef_nginx (6.1.1)
     build-essential (>= 0.0.0)
     compat_resource (>= 12.16.3)
@@ -79,15 +99,24 @@ GRAPH
   cpan (0.0.37)
   database (6.1.1)
     postgresql (>= 1.0.0)
-  dmg (4.0.0)
+  demo (0.3.0)
+    application (>= 0.0.0)
+    application_python (>= 0.0.0)
+    application_ruby (>= 0.0.0)
+    chef-vault (>= 0.0.0)
+    chef_nginx (>= 0.0.0)
+    git (>= 0.0.0)
+    mysql (>= 0.0.0)
+    nodejs (>= 0.0.0)
+    php (>= 0.0.0)
+    ruby_build (>= 0.0.0)
   dpkg_autostart (0.2.0)
   firewall (2.6.2)
     chef-sugar (>= 0.0.0)
   freebsd (0.1.10)
-  git (6.1.0)
+  git (8.0.0)
     build-essential (>= 0.0.0)
-    dmg (>= 0.0.0)
-    yum-epel (>= 0.0.0)
+    homebrew (>= 0.0.0)
   golang (1.7.0)
   gunicorn (1.1.6)
     python (>= 0.0.0)
@@ -98,12 +127,12 @@ GRAPH
     poise-service (~> 1.1)
     rubyzip (~> 1.0)
   homebrew (4.2.0)
-  hostsfile (2.4.5)
+  hostsfile (3.0.1)
   java (1.50.0)
     apt (>= 0.0.0)
     homebrew (>= 0.0.0)
     windows (>= 0.0.0)
-  jenkins (5.0.3)
+  jenkins (5.0.4)
     compat_resource (>= 12.16.3)
     dpkg_autostart (>= 0.0.0)
     runit (>= 1.7)
@@ -174,6 +203,7 @@ GRAPH
     chef-vault (>= 0.0.0)
     database (>= 0.0.0)
     java (>= 0.0.0)
+    mu-activedirectory (>= 0.0.0)
     mu-firewall (>= 0.0.0)
     mu-splunk (>= 0.0.0)
     mu-utility (>= 0.0.0)
@@ -185,7 +215,7 @@ GRAPH
     yum-epel (>= 0.0.0)
   mu-utility (0.6.0)
     windows (>= 0.0.0)
-  mysql (8.4.0)
+  mysql (8.5.1)
   mysql-chef_gem (0.0.5)
     build-essential (>= 0.0.0)
     mysql (>= 0.0.0)
@@ -203,19 +233,23 @@ GRAPH
     perl (>= 0.0.0)
     runit (>= 0.0.0)
     yum-epel (>= 0.0.0)
+  nodejs (4.0.0)
+    ark (>= 2.0.2)
+    build-essential (>= 0.0.0)
+    compat_resource (>= 12.16)
   nrpe (2.0.2)
     build-essential (>= 0.0.0)
     yum-epel (>= 0.0.0)
-  nssm (3.0.2)
+  nssm (4.0.0)
     windows (>= 0.0.0)
-  ohai (5.1.0)
+  ohai (5.2.0)
   openssl (7.1.0)
   oracle-instantclient (1.1.0)
     build-essential (>= 0.0.0)
     cpan (>= 0.0.0)
     php (>= 0.0.0)
   packagecloud (0.3.0)
-  perl (5.2.0)
+  perl (5.2.1)
     windows (>= 3.0)
   php (4.5.0)
     build-essential (>= 0.0.0)
@@ -224,16 +258,28 @@ GRAPH
   poise (2.8.1)
   poise-archive (1.5.0)
     poise (~> 2.6)
+  poise-languages (2.1.1)
+    poise (~> 2.5)
+    poise-archive (~> 1.0)
+  poise-python (1.6.0)
+    poise (~> 2.7)
+    poise-languages (~> 2.0)
+  poise-ruby (2.3.0)
+    poise (~> 2.0)
+    poise-languages (~> 2.0)
   poise-service (1.5.2)
     poise (~> 2.0)
-  postfix (5.0.3)
+  postfix (5.1.1)
   postgresql (6.1.1)
     build-essential (>= 2.0.0)
     compat_resource (>= 12.16.3)
     openssl (>= 4.0)
   python (1.4.7)
     build-essential (>= 0.0.0)
     yum-epel (>= 0.0.0)
+  ruby_build (1.1.0)
+    git (>= 0.0.0)
+    yum-epel (>= 0.0.0)
   rubyzip (1.3.1)
     poise (~> 2.2)
   runit (1.8.0)
@@ -252,11 +298,11 @@ GRAPH
     consul-cluster (~> 2.0)
     hashicorp-vault (~> 2.1)
     ssl_certificate (~> 1.11)
-  windows (3.1.1)
+  windows (3.2.0)
     ohai (>= 4.0.0)
   yum (3.13.0)
   yum-epel (2.1.2)
     compat_resource (>= 12.16.3)
-  zap (0.15.1)
+  zap (1.1.0)
   zipfile (0.1.0)
   zypper (0.4.0)
diff --git a/bin/mu-aws-setup b/bin/mu-aws-setup
@@ -40,9 +40,10 @@ Usage:
   EOS
   opt :ip, "Attempt to configure the IP requested in the CHEF_PUBLIC_IP environment variable, or if none is set, to associate an arbitrary Elastic IP.", :require => false, :default => false, :type => :boolean
   opt :sg, "Attempt to configure a Security Group with appropriate permissions.", :require => false, :default => false, :type => :boolean
-  opt :logs, "Ensure the presence of an S3 bucket prefixed with 'Mu_Logs' for use with CloudTrails, syslog, etc.", :require => false, :default => false, :type => :boolean
+  opt :logs, "Ensure the presence of a cloud storage bucket for use with CloudTrails, syslog, deploy secrets, node SSL certificates, etc.", :require => false, :default => false, :type => :boolean
   opt :dns, "Ensure the presence of a private DNS Zone called for internal amongst Mu resources.", :require => false, :default => false, :type => :boolean
   opt :uploadlogs, "Push today's log files to the S3 bucket created by the -l option.", :require => false, :default => false, :type => :boolean
+  opt :ephemeral, "Make sure all of our instance store (ephemeral) block devices are mapped and available.", :require => false, :default => false, :type => :boolean
 end
 
 my_instance_id = MU::Cloud::AWS.getAWSMetaData("instance-id")
@@ -52,6 +53,20 @@ instance = resp.reservations.first.instances.first
 
 preferred_ip = MU.mu_public_ip
 
+if $opts[:ephemeral]
+  if instance.instance_type.match(/^(t2|m4)\./)
+    MU.log "t2 and m4 instance types do not have ephemeral volumes, skipping setup", MU::WARN
+  else
+#    instance.block_device_mappings.each { |dev|
+#      next if dev.ebs
+#    }
+    MU::Cloud::AWS.ec2.modify_instance_attribute(
+      instance_id: instance.instance_id,
+      block_device_mappings: MU::Cloud::AWS::Server.ephemeral_mappings
+    )
+  end
+end
+
 # Create a security group, or manipulate an existing one, so that we have all
 # of the appropriate network holes.
 if $opts[:sg]
@@ -186,6 +201,15 @@ if $opts[:logs]
       body: "#{key}"
     )
   end
+  if File.exists?("#{MU.mySSLDir}/Mu_CA.pem")
+    MU.log "Putting the Mu Master's public SSL certificate into #{$bucketname}/Mu_CA.pem"
+    MU::Cloud::AWS.s3.put_object(
+      bucket: $bucketname,
+      key: "Mu_CA.pem",
+      body: File.read("#{MU.mySSLDir}/Mu_CA.pem"),
+  		acl: "public-read",
+    )
+  end
 
 #	MU.log "Uploading Mu_CA.pem to #{$bucketname}"
 #	MU::Cloud::AWS.s3.put_object(
@@ -196,8 +220,8 @@ if $opts[:logs]
 #	)
 
   resp = MU::Cloud::AWS.s3.list_objects(
-      bucket: $bucketname,
-      prefix: "log_vol_ebs_key"
+    bucket: $bucketname,
+    prefix: "log_vol_ebs_key"
   )
   owner = MU.structToHash(resp.contents.first.owner)