ufo 4.5.3 → 4.5.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +19 -0
- data/README.md +2 -2
- data/docs/_docs/extras/ecs-network-mode.md +17 -3
- data/docs/_docs/ssl_errors.md +41 -0
- data/docs/_docs/ufo-env-extra.md +2 -0
- data/docs/_includes/subnav.html +1 -1
- data/docs/_reference/ufo-docker-compile.md +19 -0
- data/docs/_reference/ufo-docker.md +1 -0
- data/docs/utils/ssl-doctor.rb +89 -0
- data/docs/utils/test-aws-api-access.rb +11 -0
- data/docs/utils/update-cert-chains.sh +11 -0
- data/lib/cfn/stack.yml +1 -3
- data/lib/template/.ufo/settings/cfn/default.yml.tt +4 -3
- data/lib/template/.ufo/settings/network/default.yml.tt +1 -2
- data/lib/template/.ufo/variables/development.rb +2 -1
- data/lib/template/.ufo/variables/production.rb +1 -1
- data/lib/ufo/cancel.rb +1 -1
- data/lib/ufo/core.rb +1 -1
- data/lib/ufo/docker.rb +7 -0
- data/lib/ufo/docker/builder.rb +11 -1
- data/lib/ufo/help/docker/compile.md +3 -0
- data/lib/ufo/stack.rb +6 -2
- data/lib/ufo/version.rb +1 -1
- data/spec/fixtures/dockerfiles/Dockerfile.erb +1 -0
- data/spec/lib/cli_spec.rb +6 -0
- metadata +11 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 77c464a6ac76c7f5178cac5a8e7f03b55567fdc0878958a55d4855c3b04e956b
|
4
|
+
data.tar.gz: 7ff44130767630f6f6cd889cb1ba878585e1913dde1ecca1b61cbf4b4899d100
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b445b6971da33ee4f7cf4e25eb099bdd314fcaa0616fd7acce582e19ddf6cc08656d861d6b5b7d08541444a3273fbdd54ce51a4397bc4656ddee9b99ecd2ccbd
|
7
|
+
data.tar.gz: 9e9beaf6fd336e4d6e457f2641985bfe011f38fae8ff51715e36e56b7bc1e45a0a6e3f0af380034d2f23a235fbf4090e7cdb028dba92477c7d91dd196537328b
|
data/CHANGELOG.md
CHANGED
@@ -3,6 +3,25 @@
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
4
4
|
This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
|
5
5
|
|
6
|
+
## [4.5.8]
|
7
|
+
- #91 added helper scripts to dianose and resolve the SSL issues - added docs to help explain and save the user time and research
|
8
|
+
- improve cancel command
|
9
|
+
- update /up check starter example
|
10
|
+
|
11
|
+
## [4.5.7]
|
12
|
+
- #88 update starter variables template with += example
|
13
|
+
|
14
|
+
## [4.5.6]
|
15
|
+
- fix outgoing egress rule to allow ping
|
16
|
+
|
17
|
+
## [4.5.5]
|
18
|
+
- adjust default health check thresholds in skeleton
|
19
|
+
- improve error handling for UPDATE\_ROLLBACK\_FAILED state
|
20
|
+
|
21
|
+
## [4.5.4]
|
22
|
+
- #85 `ufo docker compile` command. ability to compile Dockerfile from Dockerfile.erb w/o building
|
23
|
+
- #86 slight improvement to `ufo docker compile`
|
24
|
+
|
6
25
|
## [4.5.3]
|
7
26
|
- fix error exit code when unable to find task definition
|
8
27
|
- fix upgrade for empty base setting
|
data/README.md
CHANGED
@@ -20,7 +20,7 @@ See [ufoships.com](http://ufoships.com) for full documentation.
|
|
20
20
|
|
21
21
|
## Important
|
22
22
|
|
23
|
-
If you are
|
23
|
+
If you are upgrading, please refer to the [Upgrading docs](https://ufoships.com/docs/upgrading/)
|
24
24
|
|
25
25
|
## Installation
|
26
26
|
|
@@ -42,7 +42,7 @@ Congratulations, you have successfully used ufo to deploy to an ECS service.
|
|
42
42
|
|
43
43
|
## Load Balancer Support
|
44
44
|
|
45
|
-
Ufo can also create a load balancer as part of creating the ECS service if you wish. Underneath the hood, ufo uses CloudFormation to create the load balancer. More information can be found at the [load balancer support docs](
|
45
|
+
Ufo can also create a load balancer as part of creating the ECS service if you wish. Underneath the hood, ufo uses CloudFormation to create the load balancer. More information can be found at the [load balancer support docs](https://ufoships.com/docs/extras/load-balancer/).
|
46
46
|
|
47
47
|
## Articles
|
48
48
|
|
@@ -3,15 +3,25 @@ title: ECS Network Mode
|
|
3
3
|
nav_order: 26
|
4
4
|
---
|
5
5
|
|
6
|
-
## Pros and Cons:
|
6
|
+
## Pros and Cons: bridge network mode
|
7
7
|
|
8
8
|
With network bridge mode, the Docker containers of multiple services share the EC2 container instance's security group. So you have less granular control over opening ports for specific services only. For example, let’s say service A and B both are configured use bridge network mode. If you open up port 3000 for service A, it will also open up port 3000 for service B because they use the same security group at the EC2 instance level.
|
9
9
|
|
10
10
|
One advantage of bridge mode is you can use dynamic port mapping and do not have to worry about network card limits.
|
11
11
|
|
12
|
-
|
12
|
+
## Pros and Cons: awsvpc mode
|
13
13
|
|
14
|
-
|
14
|
+
With awsvpc network mode, you must consider the limit of ethernet cards for the instance type. If the instance supports ENI Trunking, then this is limit is decently large. However, if the instance does not support ENI Trunking, then the ENI limit is rather small.
|
15
|
+
|
16
|
+
For ENI Trunking Task limits per instance: [Elastic Network Interface Trunking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-instance-eni.html)
|
17
|
+
|
18
|
+
For example, a m5.large instance has a limit of 10 tasks per instance.
|
19
|
+
For EC2 instances that do not support ENI Trunking,
|
20
|
+
the table that lists the limits are under section the aws EC2 docs under [IP Addresses Per Network Interface Per Instance Type](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html)
|
21
|
+
|
22
|
+
For example, a t3.small instance has a limit of 3 ethernet cards. This means, at most, you can run 2 ECS tasks on that instance in awsvpc network mode, since one network card is already used by the host.
|
23
|
+
|
24
|
+
In awsvpc mode, each ECS task gets its own network card. The advantage is there’s more granular control of the permissions per ECS service. For example, when service A and B are using awsvpc mode, they can have different security groups associated with them. In this mode, ufo creates a security group and sets up the permissions so the load balancer can talk to the containers. You can also add additional security groups to the `.ufo/settings/network/default.yml` config.
|
15
25
|
|
16
26
|
The following table summarizes the pros and cons:
|
17
27
|
|
@@ -20,4 +30,8 @@ Network mode | Pros | Cons
|
|
20
30
|
bridge | The numbers of containers you can run will not be limited due to EC2 instance network cards limits. | Less fine grain security control over security group permissions with multiple ECS services.
|
21
31
|
awsvpc | Fine grain security group permissions for each ECS service. | The number of containers can be limited by the number of network cards the EC2 instance type supports.
|
22
32
|
|
33
|
+
## Recommendation
|
34
|
+
|
35
|
+
It is generally recommended to use awsvpc mode with ENI trunking supported instances. You get the best of both worlds in this situation: a strong security posture as well as container density.
|
36
|
+
|
23
37
|
{% include prev_next.md %}
|
@@ -0,0 +1,41 @@
|
|
1
|
+
---
|
2
|
+
Title: SSL Errors
|
3
|
+
# nav_order:
|
4
|
+
---
|
5
|
+
|
6
|
+
UFO uses the AWS Ruby SDK and the underlying default SSL certificate chain configured in your active Ruby and
|
7
|
+
OpenSSL to communicate to your AWS environment. This means that you _must correctly configure_ your Ruby and OpenSSL to have all the needed ROOT certificates for UFO to be able to communicate to AWS - _especially_ if you are behind a proxy or a corporate SSL-Proxy.
|
8
|
+
|
9
|
+
If you are behind a corporate SSL proxy and you have not updated system, OpenSSL and Ruby certificate chains to include the needed corporate root certificates, you will see errors, such as:
|
10
|
+
|
11
|
+
```
|
12
|
+
Seahorse::Client::NetworkingError: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)
|
13
|
+
~/.rbenv/versions/2.6.0/lib/ruby/2.6.0/net/protocol.rb:44:in `connect_nonblock'
|
14
|
+
~/.rbenv/versions/2.6.0/lib/ruby/2.6.0/net/protocol.rb:44:in `ssl_socket_connect'
|
15
|
+
~/.rbenv/versions/2.6.0/lib/ruby/2.6.0/net/http.rb:996:in `connect'
|
16
|
+
~/.rbenv/versions/2.6.0/lib/ruby/2.6.0/net/http.rb:930:in `do_start'
|
17
|
+
~/.rbenv/versions/2.6.0/lib/ruby/2.6.0/net/http.rb:925:in `start'
|
18
|
+
```
|
19
|
+
|
20
|
+
## Helper Scripts
|
21
|
+
|
22
|
+
The `docs/utils` directory has a few scripts that should be able to help you resolve these issues and track down which certs are giving you problems.
|
23
|
+
|
24
|
+
- `ssl-doctor.rb` is from the very useful examples at <https://github.com/mislav/ssl-tools>, and it can help you find the missing ROOT cert in your certificate chain and give suggestion on getting OpenSSL working correctly.
|
25
|
+
- `update-cert-chains.sh` will help you update your Ruby and OpenSSL chains by adding in the missing ROOT cert and also pulling in the OSX System Root to your rbenv environment.
|
26
|
+
- `test-aws-api-access.rb` should now return a list of the S3 buckets for the current AWS profile that is active.
|
27
|
+
|
28
|
+
## Trouble-shooting
|
29
|
+
|
30
|
+
### Update Brew and OpenSSL
|
31
|
+
|
32
|
+
- `brew update`
|
33
|
+
- `brew upgrade openssl`
|
34
|
+
|
35
|
+
### Use the Helper Scripts to find the trouble spot
|
36
|
+
|
37
|
+
Once you have updated OpenSSL and your `brew` packages, use the helper scripts above to see if you can track down the missing certificate in your certificate chain.
|
38
|
+
|
39
|
+
The `update-cert-chain.sh` file was created using the suggestions from <https://gemfury.com/help/could-not-verify-ssl-certificate/>. Please review the information at <https://gemfury.com/help/could-not-verify-ssl-certificate/> if the `Helper Scripts` above do not fully resolve your issue.
|
40
|
+
|
41
|
+
The `test-aws-api-access.rb` uses examples from the <https://docs.aws.amazon.com/sdk-for-ruby/v3/developer-guide/quick-start-guide.html> for using and configuring the Ruby AWS SDK on your system.
|
data/docs/_docs/ufo-env-extra.md
CHANGED
@@ -3,6 +3,8 @@ title: UFO_ENV_EXTRA
|
|
3
3
|
nav_order: 21
|
4
4
|
---
|
5
5
|
|
6
|
+
<div class="video-box"><div class="video-container"><iframe src="https://www.youtube.com/embed/UVQuwQGToYE" frameborder="0" allowfullscreen=""></iframe></div></div>
|
7
|
+
|
6
8
|
Ufo has an concept of extra environments. This is controlled by the `UFO_ENV_EXTRA` variable. By setting `UFO_ENV_EXTRA` you can create additional identical ECS services or environments.
|
7
9
|
|
8
10
|
ufo ship demo-web # creates a demo-web ecs service
|
data/docs/_includes/subnav.html
CHANGED
@@ -58,7 +58,7 @@
|
|
58
58
|
<li><a href="{% link _docs/more/why-cloudformation.md %}">Why CloudFormation</a></li>
|
59
59
|
<li><a href="{% link _docs/more/customize-cloudformation.md %}">Customize CloudFormation</a></li>
|
60
60
|
<li><a href="{% link _docs/more/stuck-cloudformation.md %}">Stuck CloudFormation</a></li>
|
61
|
-
<li><a href="{% link _docs/more/run-in-pieces.md %}">Run In
|
61
|
+
<li><a href="{% link _docs/more/run-in-pieces.md %}">Run In Steps</a></li>
|
62
62
|
<li><a href="{% link _docs/more/single-task.md %}">Run Single Task</a></li>
|
63
63
|
<li><a href="{% link _docs/more/migrations.md %}">Database Migrations</a></li>
|
64
64
|
<li><a href="{% link _docs/more/automated-cleanup.md %}">Automated Cleanup</a></li>
|
@@ -0,0 +1,19 @@
|
|
1
|
+
---
|
2
|
+
title: ufo docker compile
|
3
|
+
reference: true
|
4
|
+
---
|
5
|
+
|
6
|
+
## Usage
|
7
|
+
|
8
|
+
ufo docker compile
|
9
|
+
|
10
|
+
## Description
|
11
|
+
|
12
|
+
Compile Dockerfile.erb
|
13
|
+
|
14
|
+
The `ufo docker compile` compiles the Dockerfile using the Dockerfile.erb in the current project folder. Example:
|
15
|
+
|
16
|
+
ufo docker compile
|
17
|
+
|
18
|
+
|
19
|
+
|
@@ -23,6 +23,7 @@ docker subcommands
|
|
23
23
|
* [ufo docker base]({% link _reference/ufo-docker-base.md %}) - Build docker image from `Dockerfile.base` and update current `Dockerfile`.
|
24
24
|
* [ufo docker build]({% link _reference/ufo-docker-build.md %}) - Build docker image.
|
25
25
|
* [ufo docker clean]({% link _reference/ufo-docker-clean.md %}) - Clean up old images. Keeps a specified amount.
|
26
|
+
* [ufo docker compile]({% link _reference/ufo-docker-compile.md %}) - Compile Dockerfile.erb
|
26
27
|
* [ufo docker name]({% link _reference/ufo-docker-name.md %}) - Display the full docker image with tag that was last generated.
|
27
28
|
* [ufo docker push]({% link _reference/ufo-docker-push.md %}) - Push the docker image.
|
28
29
|
|
@@ -0,0 +1,89 @@
|
|
1
|
+
# Usage: ruby doctor.rb [HOST=status.github.com[:PORT=443]]
|
2
|
+
# see: https://github.com/mislav/ssl-tools
|
3
|
+
require 'rbconfig'
|
4
|
+
require 'net/https'
|
5
|
+
|
6
|
+
if ARGV[0] =~ /^[^-]/
|
7
|
+
host, port = ARGV[0].split(':', 2)
|
8
|
+
else
|
9
|
+
host = 'status.github.com'
|
10
|
+
end
|
11
|
+
port ||= 443
|
12
|
+
|
13
|
+
ruby = File.join(RbConfig::CONFIG['bindir'], RbConfig::CONFIG['ruby_install_name'])
|
14
|
+
ruby_version = RUBY_VERSION
|
15
|
+
if patch = RbConfig::CONFIG['PATCHLEVEL']
|
16
|
+
ruby_version += "-p#{patch}"
|
17
|
+
end
|
18
|
+
puts "%s (%s)" % [ruby, ruby_version]
|
19
|
+
|
20
|
+
openssl_dir = OpenSSL::X509::DEFAULT_CERT_AREA
|
21
|
+
mac_openssl = '/System/Library/OpenSSL' == openssl_dir
|
22
|
+
puts "%s: %s" % [OpenSSL::OPENSSL_VERSION, openssl_dir]
|
23
|
+
[OpenSSL::X509::DEFAULT_CERT_DIR_ENV, OpenSSL::X509::DEFAULT_CERT_FILE_ENV].each do |key|
|
24
|
+
puts "%s=%s" % [key, ENV[key].to_s.inspect]
|
25
|
+
end
|
26
|
+
|
27
|
+
ca_file = ENV[OpenSSL::X509::DEFAULT_CERT_FILE_ENV] || OpenSSL::X509::DEFAULT_CERT_FILE
|
28
|
+
ca_path = (ENV[OpenSSL::X509::DEFAULT_CERT_DIR_ENV] || OpenSSL::X509::DEFAULT_CERT_DIR).chomp('/')
|
29
|
+
|
30
|
+
puts "\nHEAD https://#{host}:#{port}"
|
31
|
+
http = Net::HTTP.new(host, port)
|
32
|
+
http.use_ssl = true
|
33
|
+
|
34
|
+
# Explicitly setting cert_store like this is not needed in most cases but it
|
35
|
+
# seems necessary in edge cases such as when using `verify_callback` in some
|
36
|
+
# combination of Ruby + OpenSSL versions.
|
37
|
+
http.cert_store = OpenSSL::X509::Store.new
|
38
|
+
http.cert_store.set_default_paths
|
39
|
+
|
40
|
+
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
41
|
+
failed_cert = failed_cert_reason = nil
|
42
|
+
|
43
|
+
if mac_openssl
|
44
|
+
warn "warning: will not be able show failed certificate info on OS X's OpenSSL"
|
45
|
+
# This drives me absolutely nuts. It seems that on Rubies compiled against OS X's
|
46
|
+
# system OpenSSL, the mere fact of defining a `verify_callback` makes the
|
47
|
+
# cert verification fail for requests that would otherwise be successful.
|
48
|
+
else
|
49
|
+
http.verify_callback = lambda { |verify_ok, store_context|
|
50
|
+
if !verify_ok
|
51
|
+
failed_cert = store_context.current_cert
|
52
|
+
failed_cert_reason = "%d: %s" % [ store_context.error, store_context.error_string ]
|
53
|
+
end
|
54
|
+
verify_ok
|
55
|
+
}
|
56
|
+
end
|
57
|
+
|
58
|
+
user_agent = "net/http #{ruby_version}"
|
59
|
+
req = Net::HTTP::Head.new('/', 'user-agent' => user_agent)
|
60
|
+
|
61
|
+
begin
|
62
|
+
res = http.start { http.request(req) }
|
63
|
+
abort res.inspect if res.code.to_i >= 500
|
64
|
+
puts "OK"
|
65
|
+
rescue Errno::ECONNREFUSED
|
66
|
+
puts "Error: connection refused"
|
67
|
+
exit 1
|
68
|
+
rescue OpenSSL::SSL::SSLError => e
|
69
|
+
puts "#{e.class}: #{e.message}"
|
70
|
+
|
71
|
+
if failed_cert
|
72
|
+
puts "\nThe server presented a certificate that could not be verified:"
|
73
|
+
puts " subject: #{failed_cert.subject}"
|
74
|
+
puts " issuer: #{failed_cert.issuer}"
|
75
|
+
puts " error code %s" % failed_cert_reason
|
76
|
+
end
|
77
|
+
|
78
|
+
ca_file_missing = !File.exist?(ca_file) && !mac_openssl
|
79
|
+
ca_path_empty = Dir["#{ca_path}/*"].empty?
|
80
|
+
|
81
|
+
if ca_file_missing || ca_path_empty
|
82
|
+
puts "\nPossible causes:"
|
83
|
+
puts " `%s' does not exist" % ca_file if ca_file_missing
|
84
|
+
puts " `%s/' is empty" % ca_path if ca_path_empty
|
85
|
+
end
|
86
|
+
|
87
|
+
exit 1
|
88
|
+
end
|
89
|
+
|
@@ -0,0 +1,11 @@
|
|
1
|
+
# usage 'ruby s3-cert-chain-test.rb'
|
2
|
+
# see: https://docs.aws.amazon.com/sdk-for-ruby/v3/developer-guide/quick-start-guide.html
|
3
|
+
|
4
|
+
require 'aws-sdk-s3' # v2: require 'aws-sdk'
|
5
|
+
#Aws.use_bundled_cert!
|
6
|
+
|
7
|
+
s3 = Aws::S3::Resource.new(region: 'us-east-1')
|
8
|
+
|
9
|
+
s3.buckets.limit(50).each do |b|
|
10
|
+
puts "#{b.name}"
|
11
|
+
end
|
@@ -0,0 +1,11 @@
|
|
1
|
+
#!/bin/bash
|
2
|
+
|
3
|
+
cert_file=$(ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE' 2>/dev/null)
|
4
|
+
echo 'What is the uri to your organizations root certificate chain?'
|
5
|
+
read -p 'org_root_chain: ' org_root_chain
|
6
|
+
echo "$org_root_chain"
|
7
|
+
curl "$org_root_chain" -o org_chain.txt
|
8
|
+
cat org_chain.txt >> "$cert_file"
|
9
|
+
mkdir -p "${cert_file%/*}"
|
10
|
+
security find-certificate -a -p /Library/Keychains/System.keychain > "$cert_file"
|
11
|
+
security find-certificate -a -p /System/Library/Keychains/SystemRootCertificates.keychain >> "$cert_file"
|
data/lib/cfn/stack.yml
CHANGED
@@ -237,9 +237,7 @@ Resources:
|
|
237
237
|
# Outbound access: instance needs access to internet to pull down image
|
238
238
|
# or else get CannotPullContainerError
|
239
239
|
SecurityGroupEgress:
|
240
|
-
- IpProtocol:
|
241
|
-
FromPort: '0'
|
242
|
-
ToPort: '65535'
|
240
|
+
- IpProtocol: "-1"
|
243
241
|
CidrIp: 0.0.0.0/0
|
244
242
|
Description: outbound traffic
|
245
243
|
Tags:
|
@@ -18,11 +18,12 @@ target_group:
|
|
18
18
|
# network elb: TCP
|
19
19
|
# so we can keep this commented out, unless we need HTTPS at the app level
|
20
20
|
# Health check settings are supported by application load balancer only:
|
21
|
-
# health_check_path: /
|
22
|
-
#
|
21
|
+
# health_check_path: /up # health check
|
22
|
+
health_check_interval_seconds: 10 # default: 30. Network ELB can only take 10 or 30
|
23
|
+
healthy_threshold_count: 2
|
24
|
+
unhealthy_threshold_count: 2 # default: 10
|
23
25
|
# health_check_protocol: HTTP # HTTP or HTTPS
|
24
26
|
# health_check_port: traffic-port
|
25
|
-
# unhealthy_threshold_count: 10
|
26
27
|
target_group_attributes:
|
27
28
|
- key: deregistration_delay.timeout_seconds
|
28
29
|
value: 10
|
@@ -9,8 +9,7 @@ elb_subnets: # defaults to same subnets as ecs_subnets when not set
|
|
9
9
|
- <%= subnet %>
|
10
10
|
<% end -%>
|
11
11
|
|
12
|
-
# Optional additional existing security group ids to add on top of the ones created
|
13
|
-
# by ufo.
|
12
|
+
# Optional additional existing security group ids to add on top of the ones created by ufo.
|
14
13
|
# elb_security_groups:
|
15
14
|
# - sg-aaa
|
16
15
|
# ecs_security_groups:
|
@@ -1,7 +1,8 @@
|
|
1
1
|
# Example ufo/variables/development.rb
|
2
2
|
# More info on how variables work: http://ufoships.com/docs/variables/
|
3
3
|
@cpu = 256
|
4
|
-
|
4
|
+
# Refer to https://github.com/tongueroo/ufo/issues/87 as to why the += is used
|
5
|
+
@environment += helper.env_vars(%Q[
|
5
6
|
RAILS_ENV=development
|
6
7
|
SECRET_KEY_BASE=secret
|
7
8
|
])
|
data/lib/ufo/cancel.rb
CHANGED
@@ -12,7 +12,7 @@ module Ufo
|
|
12
12
|
if stack.stack_status == "CREATE_IN_PROGRESS"
|
13
13
|
cloudformation.delete_stack(stack_name: @stack_name)
|
14
14
|
puts "Canceling stack creation."
|
15
|
-
elsif stack.stack_status
|
15
|
+
elsif stack.stack_status == "UPDATE_IN_PROGRESS"
|
16
16
|
cloudformation.cancel_update_stack(stack_name: @stack_name)
|
17
17
|
puts "Canceling stack update."
|
18
18
|
else
|
data/lib/ufo/core.rb
CHANGED
@@ -36,7 +36,7 @@ module Ufo
|
|
36
36
|
end
|
37
37
|
memoize :env_extra
|
38
38
|
|
39
|
-
# Overrides AWS_PROFILE based on the Ufo.env if set in
|
39
|
+
# Overrides AWS_PROFILE based on the Ufo.env if set in .ufo/settings.yml
|
40
40
|
# 2-way binding.
|
41
41
|
def set_aws_profile!
|
42
42
|
return if ENV['TEST']
|
data/lib/ufo/docker.rb
CHANGED
@@ -9,6 +9,13 @@ module Ufo
|
|
9
9
|
push if options[:push]
|
10
10
|
end
|
11
11
|
|
12
|
+
desc "compile", "Compile Dockerfile.erb"
|
13
|
+
long_desc Help.text("docker:compile")
|
14
|
+
def compile
|
15
|
+
builder = Docker::Builder.new(options)
|
16
|
+
builder.compile
|
17
|
+
end
|
18
|
+
|
12
19
|
desc "push IMAGE", "Push the docker image."
|
13
20
|
long_desc Help.text("docker:push")
|
14
21
|
option :push, type: :boolean, default: false
|
data/lib/ufo/docker/builder.rb
CHANGED
@@ -82,7 +82,17 @@ class Ufo::Docker
|
|
82
82
|
end
|
83
83
|
|
84
84
|
def compile_dockerfile_erb
|
85
|
-
Compiler.new("#{Ufo.root}/#{@dockerfile}").compile
|
85
|
+
Compiler.new("#{Ufo.root}/#{@dockerfile}").compile # This path does not have .erb
|
86
|
+
end
|
87
|
+
private :compile_dockerfile_erb
|
88
|
+
|
89
|
+
def compile
|
90
|
+
erb_path = "#{Ufo.root}/#{@dockerfile}.erb"
|
91
|
+
if File.exist?(erb_path)
|
92
|
+
compile_dockerfile_erb
|
93
|
+
else
|
94
|
+
puts "File #{erb_path.color(:green)} does not exist. Cannot compile it if it doesnt exist"
|
95
|
+
end
|
86
96
|
end
|
87
97
|
|
88
98
|
def check_dockerfile_exists
|
data/lib/ufo/stack.rb
CHANGED
@@ -185,7 +185,11 @@ module Ufo
|
|
185
185
|
def handle_stack_error(e)
|
186
186
|
case e.message
|
187
187
|
when /state and can not be updated/
|
188
|
-
puts "The #{@stack_name} stack is in
|
188
|
+
puts "The #{@stack_name} stack is in a state that cannot be updated. Deleted the stack and try again."
|
189
|
+
puts "ERROR: #{e.message}"
|
190
|
+
if message.include?('UPDATE_ROLLBACK_FAILED')
|
191
|
+
puts "You might be able to do a 'Continue Update Rollback' and skip some resources to get the stack back into a good state."
|
192
|
+
end
|
189
193
|
region = `aws configure get region`.strip rescue 'us-east-1'
|
190
194
|
url = "https://console.aws.amazon.com/cloudformation/home?region=#{region}"
|
191
195
|
puts "Here's the CloudFormation console url: #{url}"
|
@@ -203,7 +207,7 @@ module Ufo
|
|
203
207
|
end
|
204
208
|
|
205
209
|
def updatable?(stack)
|
206
|
-
stack.stack_status =~ /_COMPLETE$/
|
210
|
+
stack.stack_status =~ /_COMPLETE$/ || stack.stack_status == 'UPDATE_ROLLBACK_FAILED'
|
207
211
|
end
|
208
212
|
end
|
209
213
|
end
|
data/lib/ufo/version.rb
CHANGED
@@ -0,0 +1 @@
|
|
1
|
+
FROM ruby:2.5.0
|
data/spec/lib/cli_spec.rb
CHANGED
@@ -15,6 +15,12 @@ describe Ufo::CLI do
|
|
15
15
|
out = execute("exe/ufo docker name #{@args}")
|
16
16
|
expect(out).to match(%r{tongueroo/demo-ufo:ufo-.{7}})
|
17
17
|
end
|
18
|
+
|
19
|
+
it "compiles Dockerfile from Dockerfile.erb" do
|
20
|
+
FileUtils.cp("spec/fixtures/dockerfiles/Dockerfile.erb", "#{Ufo.root}/Dockerfile.erb")
|
21
|
+
out = execute("exe/ufo docker compile #{@args}")
|
22
|
+
expect(out).to include("Compiled Dockerfile.erb to Dockerfile")
|
23
|
+
end
|
18
24
|
end
|
19
25
|
|
20
26
|
context "tasks" do
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ufo
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.5.
|
4
|
+
version: 4.5.8
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tung Nguyen
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-10-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-cloudformation
|
@@ -333,6 +333,7 @@ files:
|
|
333
333
|
- docs/_docs/settings/cfn.md
|
334
334
|
- docs/_docs/settings/cluster.md
|
335
335
|
- docs/_docs/settings/network.md
|
336
|
+
- docs/_docs/ssl_errors.md
|
336
337
|
- docs/_docs/structure.md
|
337
338
|
- docs/_docs/tutorial-ufo-docker-build.md
|
338
339
|
- docs/_docs/tutorial-ufo-init.md
|
@@ -393,6 +394,7 @@ files:
|
|
393
394
|
- docs/_reference/ufo-docker-base.md
|
394
395
|
- docs/_reference/ufo-docker-build.md
|
395
396
|
- docs/_reference/ufo-docker-clean.md
|
397
|
+
- docs/_reference/ufo-docker-compile.md
|
396
398
|
- docs/_reference/ufo-docker-help.md
|
397
399
|
- docs/_reference/ufo-docker-name.md
|
398
400
|
- docs/_reference/ufo-docker-push.md
|
@@ -458,6 +460,9 @@ files:
|
|
458
460
|
- docs/quick-start.md
|
459
461
|
- docs/reference.md
|
460
462
|
- docs/style.css
|
463
|
+
- docs/utils/ssl-doctor.rb
|
464
|
+
- docs/utils/test-aws-api-access.rb
|
465
|
+
- docs/utils/update-cert-chains.sh
|
461
466
|
- exe/ufo
|
462
467
|
- lib/cfn/stack.yml
|
463
468
|
- lib/template/.env
|
@@ -520,6 +525,7 @@ files:
|
|
520
525
|
- lib/ufo/help/docker/base.md
|
521
526
|
- lib/ufo/help/docker/build.md
|
522
527
|
- lib/ufo/help/docker/clean.md
|
528
|
+
- lib/ufo/help/docker/compile.md
|
523
529
|
- lib/ufo/help/docker/name.md
|
524
530
|
- lib/ufo/help/docker/push.md
|
525
531
|
- lib/ufo/help/help.md
|
@@ -579,6 +585,7 @@ files:
|
|
579
585
|
- spec/fixtures/cfn/stack-events-in-progress.json
|
580
586
|
- spec/fixtures/cfn/stack-events-update-rollback-complete.json
|
581
587
|
- spec/fixtures/deployments.json
|
588
|
+
- spec/fixtures/dockerfiles/Dockerfile.erb
|
582
589
|
- spec/fixtures/dockerfiles/dockerhub/Dockerfile
|
583
590
|
- spec/fixtures/dockerfiles/ecr/Dockerfile
|
584
591
|
- spec/fixtures/home_existing/.aws/config
|
@@ -619,7 +626,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
619
626
|
- !ruby/object:Gem::Version
|
620
627
|
version: '0'
|
621
628
|
requirements: []
|
622
|
-
rubygems_version: 3.0.
|
629
|
+
rubygems_version: 3.0.6
|
623
630
|
signing_key:
|
624
631
|
specification_version: 4
|
625
632
|
summary: AWS ECS Deploy Tool
|
@@ -629,6 +636,7 @@ test_files:
|
|
629
636
|
- spec/fixtures/cfn/stack-events-in-progress.json
|
630
637
|
- spec/fixtures/cfn/stack-events-update-rollback-complete.json
|
631
638
|
- spec/fixtures/deployments.json
|
639
|
+
- spec/fixtures/dockerfiles/Dockerfile.erb
|
632
640
|
- spec/fixtures/dockerfiles/dockerhub/Dockerfile
|
633
641
|
- spec/fixtures/dockerfiles/ecr/Dockerfile
|
634
642
|
- spec/fixtures/home_existing/.aws/config
|