ufo 4.6.0 → 5.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +29 -0
- data/docs/_docs/conventions.md +1 -1
- data/docs/_docs/extras/codebuild-iam-role.md +1 -1
- data/docs/_docs/extras/dockerfile-erb.md +1 -1
- data/docs/_docs/extras/ecs-network-mode.md +1 -1
- data/docs/_docs/extras/load-balancer.md +1 -1
- data/docs/_docs/extras/minimal-deploy-iam.md +1 -1
- data/docs/_docs/extras/notification-arns.md +21 -0
- data/docs/_docs/extras/redirection-support.md +9 -9
- data/docs/_docs/extras/route53-support.md +4 -4
- data/docs/_docs/extras/security-groups.md +1 -1
- data/docs/_docs/extras/ssl-support.md +5 -5
- data/docs/_docs/faq.md +1 -1
- data/docs/_docs/helpers.md +7 -5
- data/docs/_docs/iam-roles.md +112 -0
- data/docs/_docs/install.md +0 -10
- data/docs/_docs/more/auto-completion.md +1 -1
- data/docs/_docs/more/automated-cleanup.md +1 -1
- data/docs/_docs/more/customize-cloudformation.md +1 -1
- data/docs/_docs/more/migrations.md +1 -1
- data/docs/_docs/more/run-in-pieces.md +1 -1
- data/docs/_docs/more/single-task.md +1 -1
- data/docs/_docs/more/stuck-cloudformation.md +1 -1
- data/docs/_docs/more/why-cloudformation.md +1 -1
- data/docs/_docs/next-steps.md +1 -1
- data/docs/_docs/quick-start-ec2.md +1 -0
- data/docs/_docs/secrets.md +135 -0
- data/docs/_docs/settings.md +10 -9
- data/docs/_docs/settings/cluster.md +7 -13
- data/docs/_docs/settings/manage-security-groups.md +24 -0
- data/docs/_docs/settings/network.md +11 -1
- data/docs/_docs/structure.md +10 -9
- data/docs/_docs/tutorial-ufo-init.md +1 -7
- data/docs/_docs/ufo-current.md +1 -1
- data/docs/_docs/ufo-env-extra.md +1 -1
- data/docs/_docs/ufo-env.md +3 -5
- data/docs/_docs/ufo-logs.md +1 -2
- data/docs/_docs/ufo-task-params.md +1 -1
- data/docs/_docs/upgrading.md +1 -1
- data/docs/_docs/upgrading/upgrade4.5.md +2 -2
- data/docs/_docs/upgrading/upgrade4.md +2 -2
- data/docs/_docs/upgrading/upgrade5.md +19 -0
- data/docs/_docs/variables.md +1 -1
- data/docs/_includes/cfn-customize.md +4 -4
- data/docs/_includes/subnav.html +3 -0
- data/docs/_reference/ufo-deploy.md +1 -2
- data/docs/_reference/ufo-init.md +15 -16
- data/docs/_reference/ufo-logs.md +10 -9
- data/docs/_reference/ufo-rollback.md +2 -0
- data/docs/_reference/ufo-ship.md +1 -2
- data/docs/_reference/ufo-ships.md +1 -2
- data/docs/_reference/ufo-tasks-build.md +1 -2
- data/docs/articles.md +1 -1
- data/docs/quick-start.md +1 -0
- data/lib/template/.secrets +5 -0
- data/lib/template/.ufo/iam_roles/execution_role.rb +7 -0
- data/lib/template/.ufo/iam_roles/task_role.rb +21 -0
- data/lib/template/.ufo/settings.yml.tt +1 -0
- data/lib/template/.ufo/settings/cfn/default.yml.tt +27 -27
- data/lib/template/.ufo/settings/network/default.yml.tt +9 -0
- data/lib/template/.ufo/templates/fargate.json.erb +3 -1
- data/lib/template/.ufo/templates/main.json.erb +3 -0
- data/lib/template/.ufo/variables/base.rb.tt +1 -0
- data/lib/ufo.rb +2 -1
- data/lib/ufo/autoloader.rb +9 -0
- data/lib/ufo/cli.rb +4 -2
- data/lib/ufo/command.rb +7 -0
- data/lib/ufo/core.rb +1 -9
- data/lib/ufo/docker/cleaner.rb +1 -1
- data/lib/ufo/dsl.rb +6 -1
- data/lib/ufo/dsl/helper.rb +21 -27
- data/lib/ufo/dsl/helper/vars.rb +97 -0
- data/lib/ufo/dsl/outputter.rb +12 -9
- data/lib/ufo/help/init.md +1 -1
- data/lib/ufo/init.rb +0 -2
- data/lib/ufo/log_group.rb +1 -0
- data/lib/ufo/logs.rb +5 -4
- data/lib/ufo/role/builder.rb +66 -0
- data/lib/ufo/role/dsl.rb +21 -0
- data/lib/ufo/role/registry.rb +24 -0
- data/lib/ufo/rollback.rb +2 -1
- data/lib/ufo/sequence.rb +0 -16
- data/lib/ufo/setting/profile.rb +11 -7
- data/lib/ufo/setting/security_groups.rb +22 -0
- data/lib/ufo/settings.rb +20 -0
- data/lib/ufo/stack.rb +24 -24
- data/lib/ufo/stack/builder.rb +26 -0
- data/lib/ufo/stack/builder/base.rb +54 -0
- data/lib/ufo/stack/builder/conditions.rb +23 -0
- data/lib/ufo/stack/builder/outputs.rb +24 -0
- data/lib/ufo/stack/builder/parameters.rb +45 -0
- data/lib/ufo/stack/builder/resources.rb +20 -0
- data/lib/ufo/stack/builder/resources/base.rb +4 -0
- data/lib/ufo/stack/builder/resources/dns.rb +17 -0
- data/lib/ufo/stack/builder/resources/ecs.rb +67 -0
- data/lib/ufo/stack/builder/resources/elb.rb +45 -0
- data/lib/ufo/stack/builder/resources/listener.rb +42 -0
- data/lib/ufo/stack/builder/resources/listener_ssl.rb +16 -0
- data/lib/ufo/stack/builder/resources/roles/base.rb +22 -0
- data/lib/ufo/stack/builder/resources/roles/execution_role.rb +4 -0
- data/lib/ufo/stack/builder/resources/roles/task_role.rb +4 -0
- data/lib/ufo/stack/builder/resources/security_group/base.rb +4 -0
- data/lib/ufo/stack/builder/resources/security_group/ecs.rb +44 -0
- data/lib/ufo/stack/builder/resources/security_group/ecs_rule.rb +25 -0
- data/lib/ufo/stack/builder/resources/security_group/elb.rb +57 -0
- data/lib/ufo/stack/builder/resources/target_group.rb +39 -0
- data/lib/ufo/stack/builder/resources/task_definition.rb +24 -0
- data/lib/ufo/stack/builder/resources/task_definition/reconstructor.rb +49 -0
- data/lib/ufo/stack/context.rb +41 -48
- data/lib/ufo/stack/custom_properties.rb +59 -0
- data/lib/ufo/stack/helper.rb +2 -5
- data/lib/ufo/stack/template_body.rb +13 -0
- data/lib/ufo/task.rb +2 -7
- data/lib/ufo/tasks.rb +1 -1
- data/lib/ufo/tasks/builder.rb +0 -1
- data/lib/ufo/tasks/register.rb +11 -8
- data/lib/ufo/template_scope.rb +1 -66
- data/lib/ufo/utils/squeezer.rb +24 -0
- data/lib/ufo/version.rb +1 -1
- data/spec/fixtures/iam_roles/task_role.rb +17 -0
- data/spec/lib/role/builder_spec.rb +67 -0
- data/spec/lib/role/dsl_spec.rb +12 -0
- data/ufo.gemspec +1 -0
- metadata +61 -3
- data/lib/cfn/stack.yml +0 -283
@@ -26,6 +26,7 @@ This quickstart assumes:
|
|
26
26
|
|
27
27
|
* You have push access to the repo. Refer to the Notes "Repo Push Access" section below for more info.
|
28
28
|
* You are using ECS EC2 and have an ECS cluster with EC2 Container instances running. Refer to the Notes "ECS EC2 vs ECS Fargate" section below for more info.
|
29
|
+
* The ECS Cluster is in the default VPC. If it is not you need to use the `--vpc-id`, `--ecs-subnets`, and `--elb-subnets` options in the [ufo init]({% link _reference/ufo-init.md %}) command.
|
29
30
|
|
30
31
|
## What Happened
|
31
32
|
|
@@ -0,0 +1,135 @@
|
|
1
|
+
---
|
2
|
+
title: Secrets
|
3
|
+
nav_order: 20
|
4
|
+
---
|
5
|
+
|
6
|
+
## What are Secrets?
|
7
|
+
|
8
|
+
[ECS supports injecting secrets or sensitive data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) into the the environment as variables. ECS decrypts the secrets straight from AWS to the ECS task environment. It never passes through the machine calling `ufo ship` IE: your laptop, a deploy server, or CodeBuild, etc.
|
9
|
+
|
10
|
+
ECS supports 2 storage backends for secrets:
|
11
|
+
|
12
|
+
1. [Secrets Manager](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data-secrets.html#secrets-envvar)
|
13
|
+
2. [Systems Manager Parameter Store](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data-parameters.html#secrets-envvar-parameters)
|
14
|
+
|
15
|
+
Here are both of the formats:
|
16
|
+
|
17
|
+
Secrets manager format:
|
18
|
+
|
19
|
+
```json
|
20
|
+
{
|
21
|
+
"containerDefinitions": [{
|
22
|
+
"secrets": [{
|
23
|
+
"name": "environment_variable_name",
|
24
|
+
"valueFrom": "arn:aws:secretsmanager:region:aws_account_id:secret:secret_name-AbCdEf"
|
25
|
+
}]
|
26
|
+
}]
|
27
|
+
}
|
28
|
+
```
|
29
|
+
|
30
|
+
Parameter store format:
|
31
|
+
|
32
|
+
```json
|
33
|
+
{
|
34
|
+
"containerDefinitions": [{
|
35
|
+
"secrets": [{
|
36
|
+
"name": "environment_variable_name",
|
37
|
+
"valueFrom": "arn:aws:ssm:region:aws_account_id:parameter/parameter_name"
|
38
|
+
}]
|
39
|
+
}]
|
40
|
+
}
|
41
|
+
```
|
42
|
+
|
43
|
+
## UFO Support
|
44
|
+
|
45
|
+
Ufo supports both forms of secrets. You create a `.secrets` file and can reference it in the `.ufo/templates/main.json.erb`
|
46
|
+
|
47
|
+
```json
|
48
|
+
{
|
49
|
+
"family": "<%= @family %>",
|
50
|
+
# ...
|
51
|
+
<% if @secrets %>
|
52
|
+
"secrets": <%= helper.secrets_file(".secrets") %>,
|
53
|
+
<% end %>
|
54
|
+
}
|
55
|
+
```
|
56
|
+
|
57
|
+
The `.secrets` file is like an env file that will understand a secrets-smart format. Example:
|
58
|
+
|
59
|
+
NAME1=SSM:my/parameter_name
|
60
|
+
NAME2=SECRETSMANAGER:/my/secret_name-AbCdEf
|
61
|
+
|
62
|
+
The `SSM:` and `SECRETSMANAGER:` prefix will be expanded to the full ARN. You can also just specify the full ARN.
|
63
|
+
|
64
|
+
NAME1=arn:aws:ssm:region:aws_account_id:parameter/my/parameter_name
|
65
|
+
NAME2=arn:aws:secretsmanager:region:aws_account_id:secret:my/secret_name-AbCdEf
|
66
|
+
|
67
|
+
In turn, this generates:
|
68
|
+
|
69
|
+
```json
|
70
|
+
{
|
71
|
+
"containerDefinitions": [{
|
72
|
+
"secrets": [
|
73
|
+
{
|
74
|
+
"name": "NAME1",
|
75
|
+
"valueFrom": "arn:aws:ssm:us-west-2:111111111111:parameter/demo/development/foo"
|
76
|
+
},
|
77
|
+
{
|
78
|
+
"name": "NAME2",
|
79
|
+
"valueFrom": "arn:aws:secretsmanager:us-west-2:111111111111:secret:/demo/development/my-secret-test-qRoJel"
|
80
|
+
}
|
81
|
+
]
|
82
|
+
}]
|
83
|
+
}
|
84
|
+
```
|
85
|
+
|
86
|
+
## SSM Parameter Names with Leading Slash
|
87
|
+
|
88
|
+
If your SSM parameter has a leading slash then do **not** include when using it in the .secrets file. Example:
|
89
|
+
|
90
|
+
aws ssm get-parameter --name /demo/development/foo
|
91
|
+
|
92
|
+
So use:
|
93
|
+
|
94
|
+
FOO=SSM:demo/development/foo
|
95
|
+
|
96
|
+
The extra slash seems to confuse ECS. For secretsmanager names, you do include the leading slash.
|
97
|
+
|
98
|
+
## Substitution
|
99
|
+
|
100
|
+
Ufo also does a simple substition on the value. For example, the `:UFO_ENV` is replaced with the actual value of `UFO_ENV=development`. Example:
|
101
|
+
|
102
|
+
NAME1=SSM:demo/:UFO_ENV/parameter_name
|
103
|
+
NAME2=SECRETSMANAGER:demo/:UFO_ENV/secret_name-AbCdEf
|
104
|
+
|
105
|
+
Expands to:
|
106
|
+
|
107
|
+
NAME1=arn:aws:ssm:region:aws_account_id:parameter/demo/development/parameter_name
|
108
|
+
NAME2=arn:aws:secretsmanager:region:aws_account_id:secret:/demo/development/secret_name-AbCdEf
|
109
|
+
|
110
|
+
## IAM Permission
|
111
|
+
|
112
|
+
If you're using secrets, you'll need to provide an IAM execution role so the EC2 instance has permission to read the secrets. Here's a starter example:
|
113
|
+
|
114
|
+
.ufo/iam_roles/execution_role.rb
|
115
|
+
|
116
|
+
```ruby
|
117
|
+
managed_iam_policy("AmazonEC2ContainerRegistryReadOnly")
|
118
|
+
managed_iam_policy("AmazonSSMReadOnlyAccess")
|
119
|
+
managed_iam_policy("CloudWatchLogsFullAccess")
|
120
|
+
managed_iam_policy("SecretsManagerReadWrite")
|
121
|
+
```
|
122
|
+
|
123
|
+
More info [ECS IAM Roles]({% link _docs/iam-roles.md %})
|
124
|
+
|
125
|
+
## Debugging Tip
|
126
|
+
|
127
|
+
Be sure that the secrets exist. If they do not you will see an error like this in the ecs-agent.log:
|
128
|
+
|
129
|
+
/var/log/ecs/ecs-agent.log
|
130
|
+
|
131
|
+
level=info time=2020-06-26T00:59:46Z msg="Managed task [arn:aws:ecs:us-west-2:111111111111:task/development/91828be6a02b48f982cd9122db5e39b2]: error transitioning resource [ssmsecret] to [CREATED]: fetching secret data from SSM Parameter Store in us-west-2: invalid parameters: /my-parameter-name" module=task_manager.go
|
132
|
+
|
133
|
+
Sometimes there is even no error message in the ecs-agent.log. As a debugging step, try removing all secrets and seeing if that the container will start up.
|
134
|
+
|
135
|
+
{% include prev_next.md %}
|
data/docs/_docs/settings.md
CHANGED
@@ -16,8 +16,8 @@ base:
|
|
16
16
|
image: tongueroo/demo-ufo
|
17
17
|
# clean_keep: 30 # cleans up docker images on your docker server.
|
18
18
|
# ecr_keep: 30 # cleans up images on ECR and keeps this remaining amount. Defaults to keep all.
|
19
|
-
network_profile: default # .ufo/settings/network/default.yml file
|
20
|
-
cfn_profile: default # .ufo/settings/cfn/default.yml file
|
19
|
+
# network_profile: default # .ufo/settings/network/default.yml file
|
20
|
+
# cfn_profile: default # .ufo/settings/cfn/default.yml file
|
21
21
|
|
22
22
|
development:
|
23
23
|
# cluster: dev # uncomment if you want the cluster name be other than the default
|
@@ -35,13 +35,14 @@ The table below covers each setting:
|
|
35
35
|
|
36
36
|
Setting | Description
|
37
37
|
------------- | -------------
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
38
|
+
aws_profile | If you have the `AWS_PROFILE` environment variable set, this will ensure that you are deploying the right `UFO_ENV` to the right AWS environment. It is explained below.
|
39
|
+
cfn_profile | The name of the cfn profile settings file to use. Maps to .ufo/settings/cfn/NAME.yml file. Will match an `UFO_ENV` file if it exists. IE: .ufo/settings/cfn/development.yml. Otherwise it defaults to .ufo/settings/cfn/default.yml.
|
40
|
+
clean_keep | Docker images generated from ufo are cleaned up automatically for you at the end of `ufo ship`. This controls how many docker images to keep around. The default is 3.
|
41
|
+
cluster | By convention, the ECS cluster that ufo deploys to matches the `UFO_ENV`. If `UFO=development`, then `ufo ship` deploys to the `development` ECS cluster. This is option overrides this convention.
|
42
|
+
ecr_keep | If you are using AWS ECR, then the ECR images can also be automatically cleaned up at the end of `ufo ship`. By default this is set to `nil` and all AWS ECR are kept.
|
43
|
+
image | The `image` value is the name that ufo will use for the Docker image name to be built. Only provide the basename part of the image name without the tag because ufo automatically generates the tag for you. For example, `tongueroo/demo-ufo` is correct and `tongueroo/demo-ufo:my-tag` is incorrect.
|
44
|
+
managed\_security\_groups | Create managed security groups for application ELBs. Defaults to true. If you disable it with false then no managed security groups will be created by UFO.
|
45
|
+
network_profile | The name of the network profile settings file to use. Maps to .ufo/settings/network/NAME.yml file. Will match an `UFO_ENV` file if it exists. IE: .ufo/settings/network/development.yml. Otherwise it defaults to .ufo/settings/network/default.yml.
|
45
46
|
|
46
47
|
## AWS_PROFILE support
|
47
48
|
|
@@ -11,25 +11,19 @@ Normally, the ECS cluster defaults to whatever UFO_ENV is set to by [convention]
|
|
11
11
|
|
12
12
|
By default, these are all the same:
|
13
13
|
|
14
|
-
|
15
|
-
ufo ship demo-web
|
16
|
-
UFO_ENV=development ufo ship demo-web # same
|
17
|
-
UFO_ENV=development ufo ship demo-web --cluster development # same
|
18
|
-
```
|
14
|
+
ufo ship demo-web
|
15
|
+
UFO_ENV=development ufo ship demo-web # same
|
16
|
+
UFO_ENV=development ufo ship demo-web --cluster development # same
|
19
17
|
|
20
18
|
If you use a specific `UFO_ENV=production`, these are the same
|
21
19
|
|
22
|
-
|
23
|
-
UFO_ENV=production ufo ship demo-web
|
24
|
-
UFO_ENV=production ufo ship demo-web --cluster production # same
|
25
|
-
```
|
20
|
+
UFO_ENV=production ufo ship demo-web
|
21
|
+
UFO_ENV=production ufo ship demo-web --cluster production # same
|
26
22
|
|
27
23
|
Override the convention by explicitly specifying the `--cluster` option in the CLI.
|
28
24
|
|
29
|
-
|
30
|
-
ufo ship demo-web --cluster
|
31
|
-
UFO_ENV=production ufo ship demo-web --cluster production-cluster # override the cluster
|
32
|
-
```
|
25
|
+
ufo ship demo-web --cluster custom-cluster # override the cluster
|
26
|
+
UFO_ENV=production ufo ship demo-web --cluster production-cluster # override the cluster
|
33
27
|
|
34
28
|
The cavaet is that you must remember to specify `--cluster`. A wrapper `bin/deploy` script could be useful here.
|
35
29
|
|
@@ -0,0 +1,24 @@
|
|
1
|
+
---
|
2
|
+
title: Managed Security Groups
|
3
|
+
short_title: Security Groups
|
4
|
+
categories: settings
|
5
|
+
nav_order: 16
|
6
|
+
---
|
7
|
+
|
8
|
+
Ufo creates and manages two security groups. One for the ELB and one for the ECS tasks. Details here: [UFO Security Groups]({% link _docs/extras/security-groups.md %}).
|
9
|
+
|
10
|
+
You can disable the creation of managed security groups with: `managed_security_groups: false`. Example:
|
11
|
+
|
12
|
+
```yaml
|
13
|
+
base:
|
14
|
+
image: tongueroo/demo-ufo
|
15
|
+
managed_security_groups: false
|
16
|
+
```
|
17
|
+
|
18
|
+
## Why?
|
19
|
+
|
20
|
+
Security Groups managed by UFO are transient. If you delete the UFO app and recreate it entirely. Any manual changes to the security groups will be lost.
|
21
|
+
|
22
|
+
You can precreate security groups and add them generated UFO CloudFormation template, see [Settings Network]({% link _docs/settings/network.md %}). So then you won't lose any manual changes. If you're taking this approach, it's nice to have UFO not create any managed security groups at all. This removes security group clutter.
|
23
|
+
|
24
|
+
{% include prev_next.md %}
|
@@ -2,7 +2,7 @@
|
|
2
2
|
title: Settings Network
|
3
3
|
short_title: Network
|
4
4
|
categories: settings
|
5
|
-
nav_order:
|
5
|
+
nav_order: 17
|
6
6
|
---
|
7
7
|
|
8
8
|
The settings.yml file references a network settings file with the `network_profile` option. This file has configurations that are related to the network. The source code for the starter template file is at [network/default.yml.tt](https://github.com/tongueroo/ufo/blob/master/lib/template/.ufo/settings/network/default.yml.tt) Here's an example network settings file.
|
@@ -22,6 +22,16 @@ elb_subnets: # defaults to same subnets as ecs_subnets when not set
|
|
22
22
|
# - sg-aaa
|
23
23
|
# ecs_security_groups:
|
24
24
|
# - sg-bbb
|
25
|
+
|
26
|
+
# Also supports extra security groups specific to each ECS service.
|
27
|
+
# So you can target security groups on a per-role basis.
|
28
|
+
# ecs_security_groups:
|
29
|
+
# demo-web:
|
30
|
+
# - sg-bbb
|
31
|
+
# - sg-ccc
|
32
|
+
# demo-worker:
|
33
|
+
# - sg-bbb
|
34
|
+
# - sg-ccc
|
25
35
|
```
|
26
36
|
|
27
37
|
Option | Description
|
data/docs/_docs/structure.md
CHANGED
@@ -25,15 +25,16 @@ The table below covers the purpose of each folder and file.
|
|
25
25
|
|
26
26
|
File / Directory | Description
|
27
27
|
------------- | -------------
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
28
|
+
iam_roles/ | Where ufo managed iam roles associated with the task definition can be defined. For more details see: [IAM Roles]({% link _docs/iam-roles.md %}).
|
29
|
+
output/ | The folder where the generated task definitions are written to. The way the task definitions are generated is covered in [ufo tasks build]({% link _docs/tutorial-ufo-tasks-build.md %}).
|
30
|
+
params | This is where you can adjust the params that get send to the aws-sdk api calls for the [ufo task](https://ufoships.com/reference/ufo-task/) command. More info at [Params]({% link _docs/ufo-task-params.md %}).
|
31
|
+
settings.yml | Ufo's general settings file, where you adjust the default [settings]({% link _docs/settings.md %}).
|
32
|
+
settings/cfn/default.yml | Ufo's cfn settings. You can customize the CloudFormation resource properties here.
|
33
|
+
settings/network/default.yml | Ufo's network settings. You can customize the vpc and subnets to used here.
|
34
|
+
task_definitions.rb | This is where you define the task definitions and specify the variables to be used by the ERB templates.
|
35
|
+
templates/ | The ERB templates with the task definition json code. The templates are covered in more detail in [ufo tasks build]({% link _docs/tutorial-ufo-tasks-build.md %}).
|
36
|
+
templates/main.json.erb | This is the main and starter template task definition json file that ufo initially generates.
|
37
|
+
variables | This is where you can define shared variables that are made available to the `template_definitions.rb` and your templates. More info at [Variables]({% link _docs/variables.md %}).
|
37
38
|
|
38
39
|
Now that you know where the ufo configurations are located and what they look like, let’s use ufo!
|
39
40
|
|
@@ -65,8 +65,6 @@ base:
|
|
65
65
|
# clean_keep: 30 # cleans up docker images on your docker server.
|
66
66
|
# ecr_keep: 30 # cleans up images on ECR and keeps this remaining amount. Defaults to keep all.
|
67
67
|
# defaults when an new ECS service is created by ufo ship
|
68
|
-
network_profile: default # .ufo/settings/network/default.yml file
|
69
|
-
cfn_profile: default # .ufo/settings/cfn/default.yml file
|
70
68
|
|
71
69
|
development:
|
72
70
|
# cluster: dev # uncomment if you want the cluster name be other than the default
|
@@ -75,14 +73,10 @@ development:
|
|
75
73
|
# When you have AWS_PROFILE set to one of these values, ufo will switch to the desired
|
76
74
|
# environment. This prevents you from switching AWS_PROFILE, forgetting to
|
77
75
|
# also switch UFO_ENV, and accidentally deploying to production vs development.
|
78
|
-
#
|
79
|
-
# - dev_profile1
|
80
|
-
# - dev_profile2
|
76
|
+
# aws_profile: dev_profile1
|
81
77
|
|
82
78
|
production:
|
83
79
|
# cluster: prod
|
84
|
-
# aws_profiles:
|
85
|
-
# - prod_profile
|
86
80
|
```
|
87
81
|
|
88
82
|
The `image` value is the name that ufo will use as a base portion of the name to generate a Docker image name, it should not include the tag portion.
|
data/docs/_docs/ufo-current.md
CHANGED
data/docs/_docs/ufo-env-extra.md
CHANGED
data/docs/_docs/ufo-env.md
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
---
|
2
2
|
title: UFO_ENV
|
3
|
-
nav_order:
|
3
|
+
nav_order: 24
|
4
4
|
---
|
5
5
|
|
6
6
|
Ufo's behavior is controlled by the `UFO_ENV` environment variable. For example, the `UFO_ENV` variable is used to layer different ufo variable files together to make it easy to specify settings for different environments like production and development. This is covered thoroughly in the [Variables]({% link _docs/variables.md %}) section. `UFO_ENV` defaults to `development` when not set.
|
@@ -27,12 +27,10 @@ The most interesting way to set `UFO_ENV` is with the `aws_profiles` setting in
|
|
27
27
|
|
28
28
|
```yaml
|
29
29
|
development:
|
30
|
-
|
31
|
-
- my-dev-profile
|
30
|
+
aws_profile: my-dev-profile
|
32
31
|
|
33
32
|
production:
|
34
|
-
|
35
|
-
- my-prod-profile
|
33
|
+
aws_profile: my-prod-profile
|
36
34
|
```
|
37
35
|
|
38
36
|
In this case, when you set `AWS_PROFILE` to switch AWS profiles, ufo picks this up and maps the `AWS_PROFILE` value to the specified `UFO_ENV` using the `aws_profiles` lookup. Example:
|
data/docs/_docs/ufo-logs.md
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
---
|
2
2
|
title: ufo logs command
|
3
|
-
nav_order:
|
3
|
+
nav_order: 23
|
4
4
|
---
|
5
5
|
|
6
6
|
The ufo logs command will tail the logs of the ecs service if you are using the awslogs driver.
|
@@ -46,5 +46,4 @@ The generated .ufo task definition defaults to the awslogs driver. If you need i
|
|
46
46
|
}
|
47
47
|
```
|
48
48
|
|
49
|
-
|
50
49
|
{% include prev_next.md %}
|
data/docs/_docs/upgrading.md
CHANGED
@@ -1,9 +1,9 @@
|
|
1
1
|
---
|
2
2
|
title: Upgrading to Version 4.0
|
3
3
|
short_title: Version 4.0
|
4
|
-
order:
|
4
|
+
order: 3
|
5
5
|
categories: upgrading
|
6
|
-
nav_order:
|
6
|
+
nav_order: 41
|
7
7
|
---
|
8
8
|
|
9
9
|
A major change in ufo from version 3 to 4 is that the ECS service is now created by CloudFormation. If you have an existing ECS service deployed by ufo version 3, when you deploy your app again with ufo version 4, there will be a new additional ECS service created. Here is the recommended upgrade path.
|
@@ -0,0 +1,19 @@
|
|
1
|
+
---
|
2
|
+
title: Upgrading to Version 5
|
3
|
+
short_title: Version 5
|
4
|
+
order: 1
|
5
|
+
categories: upgrading
|
6
|
+
nav_order: 39
|
7
|
+
---
|
8
|
+
|
9
|
+
In ufo v5, the ufo went from underscore key names in the [cfn settings files]({% link _docs/settings/cfn.md %}) to camelized key names. So the auto_camelize behavior is disabled for newly `ufo init` projects. This mean ufo is backwards compatiable. You can enable the v5 behavior with `auto_camelize: false`. If you have not adjusted this setting, then ufo should still work with your current `.ufo` files.
|
10
|
+
|
11
|
+
## Upgrading Instructions
|
12
|
+
|
13
|
+
If you want to upgrade to the latest ufo v5 default behavior.
|
14
|
+
|
15
|
+
1. Adjust your .ufo/settings/cfn files so that the keys are camelized
|
16
|
+
2. Add to your .ufo/settings.yml `auto_camelize: false`
|
17
|
+
3. Deploy and verify that your ECS app stil works
|
18
|
+
|
19
|
+
{% include prev_next.md %}
|
data/docs/_docs/variables.md
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
---
|
2
2
|
title: Shared Variables
|
3
|
-
nav_order:
|
3
|
+
nav_order: 18
|
4
4
|
---
|
5
5
|
|
6
6
|
Often, you end up using the set of common variables across your task definitions for a project. Ufo supports a shared variables concept to support this. You specify variables files in the `.ufo/variables` folder and they are made available to your `.ufo/task_definitions.rb` as well as your `.ufo/templates` files.
|
@@ -5,11 +5,11 @@ The properties in the file `.ufo/settings/cfn/default.yml` map directly to ufo's
|
|
5
5
|
Let's customize the `AWS::ElasticLoadBalancingV2::TargetGroup` resource created by CloudFormation. We'll adjust the `deregistration_delay.timeout_seconds` to `8`. Here's the relevant section of the `.ufo/settings/cfn/default.yml`
|
6
6
|
|
7
7
|
```
|
8
|
-
|
8
|
+
TargetGroup:
|
9
9
|
...
|
10
|
-
|
11
|
-
-
|
12
|
-
|
10
|
+
TargetGroupAttributes:
|
11
|
+
- Key: deregistration_delay.timeout_seconds
|
12
|
+
Value: 8
|
13
13
|
```
|
14
14
|
|
15
15
|
The value will be injected to the generated CloudFormation template under the corresponding "TargetGroup Properties". The generated template looks something like this:
|