ufo 4.5.7 → 4.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 02b5707613ba8dc21865348e023da39ee0896c494899960a153ddf4e960c0a35
-  data.tar.gz: 63abc4de7f146c394023d2019584add57f1cc744e4e556c5fb8216926b835067
+  metadata.gz: e191dff1d9d879e6c78eb6062dbdf8440efcc3a1178125af01aaf807e6632e2c
+  data.tar.gz: 9656eee37d6155be650e7292692db31fe54797c1cf6ea5d9b8f75917ffb0dc7f
 SHA512:
-  metadata.gz: f250009b0c41d6c566adefeae7682f895e614d22f87e76d3819263f587bc3876b758c4b87376adadb1d9a6bae68ed7543b9dcdcc116e4e1a8eeed0683f7276c6
-  data.tar.gz: dc4a6d8248230337ef5a3fafb6e99d37cb10716cde584c830106f844a98b8c7c2ba2e6719b0b425fd3c0dff52e8347d1e17f7c0a92793ee59957248e7f6e6e77
+  metadata.gz: 3769a6dedd2cb9100c4531a820dd9c1b848acb84a58186d546a7825c4d96765b2a1a8239d6883bfa7e346e2577ed4a0b4d95da29375a266bb13637dbcafd6428
+  data.tar.gz: b5a48692922794b70328f73153c80f09475c91468e1432f4103d56b80bc5e40f10ef92301e711ee1806e41a1be0987b21b5f1c979371a31ae9b72cc1dbf437e6

data/CHANGELOG.md

@@ -3,6 +3,24 @@
 All notable changes to this project will be documented in this file.
 This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
 
+## [4.6.0]
+- #95 Introduce: ufo logs command. Tail logs.
+- #96 docs and options
+
+## [4.5.11]
+- add mfa support for normal IAM user
+
+## [4.5.10]
+- fix .ufo/task_definitions help error message
+
+## [4.5.9]
+- fix ufo_env aws_profile tight binding
+
+## [4.5.8]
+- #91 added helper scripts to dianose and resolve the SSL issues - added docs to help explain and save the user time and research
+- improve cancel command
+- update /up check starter example
+
 ## [4.5.7]
 - #88 update starter variables template with += example
 

data/README.md

@@ -8,6 +8,8 @@
 [![Join the chat at https://gitter.im/tongueroo/ufo](https://badges.gitter.im/tongueroo/ufo.svg)](https://gitter.im/tongueroo/ufo?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 [![Support](https://img.shields.io/badge/get-support-blue.svg)](https://boltops.com?utm_source=badge&utm_medium=badge&utm_campaign=ufo)
 
+[![BoltOps Badge](https://img.boltops.com/boltops/badges/boltops-badge.png)](https://www.boltops.com)
+
 Ufo is a tool that builds Docker images and deploys them to [AWS ECS](https://aws.amazon.com/ecs/).  The main command is `ufo ship`.  Here's summary of what it does:
 
 1. Builds a docker image.

data/docs/_docs/conventions.md

@@ -44,4 +44,4 @@ You can also use an existing ELB by specifying the target group arn as the value
 ufo ship demo-web --elb arn:aws:elasticloadbalancing:us-east-1:12345689:targetgroup/demo-web/12345
 ```
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/extras/codebuild-iam-role.md

@@ -1,6 +1,6 @@
 ---
 title: CodeBuild IAM Role
-nav_order: 31
+nav_order: 32
 ---
 
 Note, the `/tmp/ecs-deploy-policy.json` policy is available at [Minimal Deploy IAM]({% link _docs/extras/minimal-deploy-iam.md %}).
@@ -43,4 +43,4 @@ Create the IAM resources:
 
 The `attach-role-policy` command attaches a Customer Managed IAM policy to the IAM role. This is a little more reusable than using an inline policy.
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/extras/dockerfile-erb.md

@@ -1,6 +1,6 @@
 ---
 title: Dynamic Dockerfile.erb
-nav_order: 32
+nav_order: 33
 ---
 
 Sometimes you may need a little more dynamic control of your Dockerfile. For these cases, ufo supports dynamically creating a Dockerfile from a Dockerfile.erb.  If Dockerfile.erb exists, ufo uses it to generate a Dockerfile as a part of the build process.  These means that you should update the source Dockerfile.erb instead, as the Dockerfile will be overwritten.  If Dockerfile.erb does not exist, then ufo will use the Dockerfile instead.
@@ -57,4 +57,4 @@ Why not use [build args](https://www.jeffgeerling.com/blog/2017/use-arg-dockerfi
 
 Ufo uses a YAML file so users will not have to remember to provide the build arg. It is also easy to update the `dockerfile_variables.yml` with the `ufo docker base` command.
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/extras/ecs-network-mode.md

@@ -1,6 +1,6 @@
 ---
 title: ECS Network Mode
-nav_order: 26
+nav_order: 27
 ---
 
 ## Pros and Cons: bridge network mode
@@ -34,4 +34,4 @@ awsvpc | Fine grain security group permissions for each ECS service. | The numbe
 
 It is generally recommended to use awsvpc mode with ENI trunking supported instances. You get the best of both worlds in this situation: a strong security posture as well as container density.
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/extras/load-balancer.md

@@ -1,6 +1,6 @@
 ---
 title: Load Balancer Support
-nav_order: 24
+nav_order: 25
 ---
 
 Ufo can automatically create a load balancer and associate it with an ECS service.  The options:
@@ -80,4 +80,4 @@ Under the hood, ufo implements load balancer support with CloudFormation. You ca
 
 <img src="/img/docs/cloudformation-resources.png" class="doc-photo" />
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/extras/minimal-deploy-iam.md

@@ -1,6 +1,6 @@
 ---
 title: Minimal Deploy IAM Policy
-nav_order: 30
+nav_order: 31
 ---
 
 The IAM user you use to run the `ufo ship` command needs a minimal set of IAM policies in order to deploy to ECS. Here is a table of the baseline services needed:
@@ -76,4 +76,4 @@ If you are using CodeBuild to deploy, you'll probably be interested the IAM poli
 This page refers to your **user** IAM policy used when running `ufo ship`. These are different from the IAM Policies associated with ECS Task.  For those iam policies refer to [IAM Roles for Tasks
 ](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html).
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/extras/redirection-support.md

@@ -1,6 +1,6 @@
 ---
 title: Redirection Support
-nav_order: 29
+nav_order: 30
 ---
 
 ## Application Load Balancers
@@ -24,4 +24,4 @@ listener:
 
 Network Load Balancers work at layer 4, so they do not support redirection.  Instead you need to handle redirection within your app.
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/extras/route53-support.md

@@ -1,6 +1,6 @@
 ---
 title: Route53 Support
-nav_order: 28
+nav_order: 29
 ---
 
 Ufo can create a "pretty" route53 record and set it's value to the created ELB DNS name. This is done by configuring the `.ufo/settings/cfn/default.yml` file. Example:
@@ -24,4 +24,4 @@ Results in:
     aws route53 create-hosted-zone --name mydomain.com --caller-reference $(date +%s)
     aws route53 list-hosted-zones
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/extras/security-groups.md

@@ -1,6 +1,6 @@
 ---
 title: Security Groups
-nav_order: 25
+nav_order: 26
 ---
 
 Ufo creates and manages two security groups. One for the ELB and one for the ECS tasks.
@@ -33,4 +33,4 @@ In general, ports below 32768 are outside of the ephemeral port range. So an eas
 
 If you are using a network load balancer and are running bridge network mode, then you need to whitelist ports 32768 to 65535 to `0.0.0.0/0`.  This is because network load balancers operate at layer 4 of the OSI model and cannot be assigned security groups, so they use the security group of the instance.  If you feel this is too loose of permissions, you can use awsvpc mode. There are some considerations for awsvpc mode though which is discussed next.
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/extras/ssl-support.md

@@ -1,6 +1,6 @@
 ---
 title: SSL Support
-nav_order: 27
+nav_order: 28
 ---
 
 You can configure SSL support by uncomment the `listener_ssl` option in `.ufo/settings/cfn/default.yml`.  Here's an example:
@@ -17,4 +17,4 @@ For the certificate arn, you will need to create a certificate with AWS ACM. To
 
 The protocol will be either HTTP or HTTPS for Application Load Balancers and TCP or TLS for Network Load Balancers. Ufo will infer the right value, so you usually don't have to configure the protocol manually.  You can configure it if required though.
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/faq.md

@@ -1,6 +1,6 @@
 ---
 title: FAQ
-nav_order: 44
+nav_order: 45
 ---
 
 **Q: Is AWS ECS Fargate supported?**
@@ -97,4 +97,4 @@ Also, you might have to enable the log driver by adding the ECS_AVAILABLE_LOGGIN
 
 Hope that helps.
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/helpers.md

@@ -19,4 +19,4 @@ To call the helper in task_definitions.rb you must add `helper.` in front.  So `
 
 The 2 classes which provide these special helper methods are in [ufo/dsl.rb](https://github.com/tongueroo/ufo/blob/master/lib/ufo/dsl.rb) and [ufo/dsl/helper.rb](https://github.com/tongueroo/ufo/blob/master/lib/ufo/dsl/helper.rb). Refer to these classes for the full list of the helper methods.
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/install.md

@@ -32,4 +32,4 @@ For more information about the Bolts Toolbelt or to get an installer for another
 * Docker: You will need a working version of [Docker](https://docs.docker.com/engine/installation/) installed as ufo shells out and calls the `docker` command.
 * AWS: Set up your AWS credentials at `~/.aws/credentials` and `~/.aws/config`.  This is the [AWS standard way of setting up credentials](https://aws.amazon.com/blogs/security/a-new-and-standardized-way-to-manage-credentials-in-the-aws-sdks/).
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/more/auto-completion.md

@@ -1,6 +1,6 @@
 ---
 title: Auto Completion
-nav_order: 43
+nav_order: 44
 ---
 
 Ufo supports bash auto-completion.  To set it up add the following to your `~/.profile` or `.bashrc`:
@@ -21,4 +21,4 @@ Auto Completion examples:
     ufo tasks [TAB]
     ufo tasks build [TAB]
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/more/automated-cleanup.md

@@ -1,6 +1,6 @@
 ---
 title: Automated Clean Up
-nav_order: 42
+nav_order: 43
 ---
 
 Ufo can be configured to automatically clean old images from the ECR registry after the deploy completes by configuring your [settings.yml]({% link _docs/settings.md %}) file like so:
@@ -11,4 +11,4 @@ ecr_keep: 30
 
 Automated Docker images clean up only works if you are using ECR registry.
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/more/customize-cloudformation.md

@@ -1,6 +1,6 @@
 ---
 title: Customize CloudFormation
-nav_order: 37
+nav_order: 38
 ---
 
 Under the hood, ufo creates most of the required resources with a CloudFormation stack.  This includes the ELB, Target Group, Listener, Security Groups, ECS Service, and Route 53 records.  You might need to customize these resources.  Here are the ways to customize the resources that ufo creates.
@@ -32,4 +32,4 @@ UFO_ENV_EXTRA=2 ufo ship demo-web -\-cluster dev | demo-web-development-2
 
 The CloudFormation stack is currently generated from a template. The source code for this template is located at [cfn/stack.yml](https://github.com/tongueroo/ufo/blob/master/lib/cfn/stack.yml).  This implementation might change in the future.
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/more/migrations.md

@@ -1,6 +1,6 @@
 ---
 title: Database Migrations
-nav_order: 41
+nav_order: 42
 ---
 
 A common task is to run database migrations with newer code before deploying the code. This is easily achieved with the `ufo task` command. Here's an example:
@@ -22,4 +22,4 @@ The `ufo task` command is generalized so you can run any one-off task. It is not
 2. Registers the ECS Task definition
 3. Runs a one-off ECS Task
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/more/run-in-pieces.md

@@ -1,6 +1,6 @@
 ---
 title: Run in Pieces
-nav_order: 39
+nav_order: 40
 ---
 
 The `ufo ship` command goes through a few stages:
@@ -27,4 +27,4 @@ Update the service with the task definitions in `.ufo/output` untouched.
 
 Note if you use the `ufo deploy` you should ensure that you have already pushed the docker image to your docker registry.  Or else the task will not be able to spin up because the docker image does not exist.  This is one of the reasons it is recommended that you use `ufo ship`.
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/more/single-task.md

@@ -1,6 +1,6 @@
 ---
 title: Run Single Task
-nav_order: 40
+nav_order: 41
 ---
 
 Sometimes you do not want to run a long running `service` but a one time task. Running Rails migrations are an example of a one off task.  Here is an example of how you would run a one time task.
@@ -22,4 +22,4 @@ You can describe that task for more details:
 
 You can check out the [ufo task](http://ufoships.com/reference/ufo-task/) reference for more details.
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/more/stuck-cloudformation.md

@@ -1,6 +1,6 @@
 ---
 title: Stuck CloudFormation
-nav_order: 38
+nav_order: 39
 ---
 
 The CloudFormation stack update or creation can get stuck in a `*_IN_PROGRESS` state for a very long time, like more than an hour.  This happens when you deploy an ECS service that fails to stabilize. Usually, this is an error with the Docker container failing to start up successfully.
@@ -26,4 +26,4 @@ To cancel a current deploy, run:
 
 This is the same thing as canceling the stack update in the CloudFormation console.
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/more/why-cloudformation.md

@@ -1,6 +1,6 @@
 ---
 title: Why CloudFormation
-nav_order: 36
+nav_order: 37
 ---
 
 Version 3 of ufo was a simpler implementation and did not make use of CloudFormation to create the ECS service. In version 4, ufo uses CloudFormation to create the ECS Service.  This is because ufo became more powerful. Notably, support for Load Balancers was added. With this power, also came added complexity. So the complexity was push onto CloudFormation.  Hence, ECS service is implemented as CloudFormation resource in version 4.
@@ -18,4 +18,4 @@ You can check the resources created with CloudFormation by clicking on the stack
 
 <img src="/img/docs/cloudformation-resources.png" class="doc-photo" />
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/next-steps.md

@@ -1,6 +1,6 @@
 ---
 title: Next Steps
-nav_order: 46
+nav_order: 47
 ---
 
 This concludes the tutorial guide for ufo. Hopefully you are now more comfortable with ufo's basic usage, concepts, and have a feel for the workflow.
@@ -13,4 +13,4 @@ From here, there are a few resources that can help you continue along:
 
 Everyone can contribute to make ufo better, including the documentation. These docs are of the same ufo repo in the [docs folder](https://github.com/tongueroo/ufo/tree/master/docs). Please fork the project and open a pull request!  We love your pull requests. Contributions are encouraged and welcomed!
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/quick-start-ec2.md

@@ -82,4 +82,4 @@ If you would like not to manage the EC2 server fleet, you are looking for ECS Fa
 
 Learn more in the next sections.
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/settings.md

@@ -51,4 +51,4 @@ An interesting option is `aws_profile`.  This allows you to tightly connect an A
 
 Normally, the ECS cluster defaults to whatever UFO_ENV is set to by [convention]({% link _docs/conventions.md %}).  For example, when `UFO_ENV=production` the ECS Cluster is `production` and when `UFO_ENV=development` the ECS Cluster is `development`.  There are several ways to override this behavior. This is detailed in the [Settings Cluster docs]({% link _docs/settings/cluster.md %}).
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/settings/aws_profile.md

@@ -33,4 +33,4 @@ The binding is two-way. So:
 
 This behavior prevents you from switching `AWS_PROFILE`s, forgetting to switch `UFO_ENV` and then accidentally deploying a production based docker image to development and vice versa because you forgot to also switch `UFO_ENV` to its respective environment.
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/settings/cfn.md

@@ -9,4 +9,4 @@ nav_order: 14
 
 {% include cfn-customize.md %}
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/settings/cluster.md

@@ -69,4 +69,4 @@ The precedence of the settings from highest to lowest is:
 * cluster environment setting
 * UFO_ENV default convention
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/settings/network.md

@@ -32,4 +32,4 @@ elb_subnets | Used to create elb load balancer.  Defaults to same subnets as ecs
 ecs_security_groups | Additional security groups to associate with the ECS tasks.
 elb_security_groups | Additional security groups to associate with the ELB.
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/ssl_errors.md

@@ -0,0 +1,40 @@
+---
+Title: SSL Errors
+---
+
+UFO uses the AWS Ruby SDK and the underlying default SSL certificate chain configured in your active Ruby and
+OpenSSL to communicate to your AWS environment. This means that you _must correctly configure_ your Ruby and OpenSSL to have all the needed ROOT certificates for UFO to be able to communicate to AWS - _especially_ if you are behind a proxy or a corporate SSL-Proxy.
+
+If you are behind a corporate SSL proxy and you have not updated system, OpenSSL and Ruby certificate chains to include the needed corporate root certificates, you will see errors, such as:
+
+```
+Seahorse::Client::NetworkingError: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)
+  ~/.rbenv/versions/2.6.0/lib/ruby/2.6.0/net/protocol.rb:44:in `connect_nonblock'
+  ~/.rbenv/versions/2.6.0/lib/ruby/2.6.0/net/protocol.rb:44:in `ssl_socket_connect'
+  ~/.rbenv/versions/2.6.0/lib/ruby/2.6.0/net/http.rb:996:in `connect'
+  ~/.rbenv/versions/2.6.0/lib/ruby/2.6.0/net/http.rb:930:in `do_start'
+  ~/.rbenv/versions/2.6.0/lib/ruby/2.6.0/net/http.rb:925:in `start'
+```
+
+## Helper Scripts
+
+The `docs/utils` directory has a few scripts that should be able to help you resolve these issues and track down which certs are giving you problems.
+
+- `ssl-doctor.rb` is from the very useful examples at <https://github.com/mislav/ssl-tools>, and it can help you find the missing ROOT cert in your certificate chain and give suggestion on getting OpenSSL working correctly.
+- `update-cert-chains.sh` will help you update your Ruby and OpenSSL chains by adding in the missing ROOT cert and also pulling in the OSX System Root to your rbenv environment.
+- `test-aws-api-access.rb` should now return a list of the S3 buckets for the current AWS profile that is active.
+
+## Trouble-shooting
+
+### Update Brew and OpenSSL
+
+- `brew update`
+- `brew upgrade openssl`
+
+### Use the Helper Scripts to find the trouble spot
+
+Once you have updated OpenSSL and your `brew` packages, use the helper scripts above to see if you can track down the missing certificate in your certificate chain.
+
+The `update-cert-chain.sh` file was created using the suggestions from <https://gemfury.com/help/could-not-verify-ssl-certificate/>. Please review the information at <https://gemfury.com/help/could-not-verify-ssl-certificate/> if the `Helper Scripts` above do not fully resolve your issue.
+
+The `test-aws-api-access.rb` uses examples from the <https://docs.aws.amazon.com/sdk-for-ruby/v3/developer-guide/quick-start-guide.html> for using and configuring the Ruby AWS SDK on your system.

data/docs/_docs/structure.md

@@ -37,4 +37,4 @@ File / Directory  | Description
 
 Now that you know where the ufo configurations are located and what they look like, let’s use ufo!
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/tutorial-ufo-docker-build.md

@@ -58,4 +58,4 @@ Docker push took 12s.
 
 Note in order to push the image to a registry you will need to login into the registry.  If you are using DockerHub use the `docker login` command.  If you are using AWS ECR then ufo automatically calls the `aws ecr get-login` command and authenticates for you.
 
-{% include prev_next.md %}
+{% include prev_next.md %}

data/docs/_docs/tutorial-ufo-init.md

@@ -89,4 +89,4 @@ The `image` value is the name that ufo will use as a base portion of the name to
 
 The other settings are optional.  You can learn more about them at [Settings]({% link _docs/settings.md %}).
 
-{% include prev_next.md %}
+{% include prev_next.md %}