ufo 4.0.0 → 4.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 46e9fa39991b473e75366ff36d1242c58f1047235b104adf162391cc474e62ed
-  data.tar.gz: b25f887523643b7a3d0989c252c5d2aa6331ecc115d4ca40867b152c146d278e
+  metadata.gz: a06ce94ad72a7dd44f9e6a5d9fae01812e4891ee989a9d3fe23cb5c91e7c5886
+  data.tar.gz: 37f7541753447ba7e117cb15cb000291b43e9c5f7020dff9236e0b767123ac78
 SHA512:
-  metadata.gz: 6073c2fe4317cde44b9e79591d40d4146ecf1c647d5e6510b6ba05a63edf0c1b73add68c7210df8820fdb6ccabf33fa4bf17ffc20ec818d0a47bc10d2b38cf41
-  data.tar.gz: db44342f65e164817149609fac6316d8e9262e79a7f3d80c4152c322ebb03dd2b1818dce3deef059aa6b1045c23efcf6965a53860043f3a142a76faa3eaecf37
+  metadata.gz: bc1237132c6697f392edb681259981591735a6b425e8b66a873662af909cebb67a1c76e61ca62f76c1d8199e9c61e5248c40115c1430fd58b7e91eb2b9d70e93
+  data.tar.gz: d29cdf5810ee4ff7f80157401b890e4c46ba1cbade864fa5b0d23095f6caeaa6c44351c0a2b739ac5bbf6c37835b7beb2eaffb71c9b5557cdab437eb85f507d9

data/CHANGELOG.md

@@ -3,7 +3,12 @@
 All notable changes to this project will be documented in this file.
 This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
 
-## [4.0.0-prelease]
+## [4.0.1]
+- Merge pull request #44 from tongueroo/ssl
+- add listener_ssl resource for better ssl support
+- update docs
+
+## [4.0.0]
 - Major architecture changes
 - Fuller CLI Toolkit Commands
 - Load Balancer Support

data/README.md

@@ -20,7 +20,7 @@ See [ufoships.com](http://ufoships.com) for full documentation.
 
 ## Important
 
-If you are on version 3, you can run `ufo upgrade v3to4` within your project to upgrade it to version 4.  Refer to the [CHANGELOG](CHANGELOG.md).
+If you are on version 3, you can run `ufo upgrade v3to4` within your project to upgrade it to version 4.  Refer to the [CHANGELOG](CHANGELOG.md) and the [Upgrade 4 Docs](http://ufoships.com/docs/upgrade4/).
 
 ## Installation
 

data/docs/_docs/security-groups.md

@@ -11,7 +11,7 @@ Some consideration for these security groups:
 
 ## EC2 Instance Security Group Help
 
-If you are seeing that the Targets in the ELB Target Group are reporting unhealthy, it is usually a security group issue.  You might see this out with `ufo ps`:
+If you are seeing that the Targets in the ELB Target Group are reporting unhealthy, it is usually a security group issue.  You might see this output with `ufo ps`:
 
     $ ufo ps --no-summary
     +----------+------+--------------+----------------+---------+-------------------------+
@@ -21,7 +21,7 @@ If you are seeing that the Targets in the ELB Target Group are reporting unhealt
     | d02728ba | web  | demo-web:169 | 3 minutes ago  | STOPPED | Failed ELB health check |
     | 8dcf81ae | web  | demo-web:169 | 13 seconds ago | RUNNING |                         |
     +----------+------+--------------+----------------+---------+-------------------------+
-    There are targets the target group reporting unhealthy.  This can cause containers to cycle. Here's the error:
+    There are targets in the target group reporting unhealthy.  This can cause containers to cycle. Here's the error:
     (service development-demo-web-Ecs-13D2BFA4ULNC9) (instance i-0812a3bcd94babf12) (port 32779) is unhealthy in (target-group arn:aws:elasticloadbalancing:us-east-1:111111111111:targetgroup/devel-Targe-1MJR8V6VOWBGI/3f44f85710fe0297) due to (reason Request timed out)
     Check out the ECS console events tab for more info.
     $

data/docs/_docs/settings-network.md

@@ -25,7 +25,7 @@ Option | Description
 --- | ---
 vpc | Used to create ecs and elb security groups, target group in the CloudFormation template.
 ecs_subnets | Used to assign a subnet mapping to the ECS service created in CloudFormation when the network mode is awsvpc. Also used to in .ufo/params.yml as part of the run_task api call that is made by `ufo task`.
-elb_subnets | Used to create elb load balancer.
+elb_subnets | Used to create elb load balancer.  Defaults to same subnets as ecs_subnets when not set.
 ecs_security_groups | Additional security groups to associate with the ECS tasks.
 elb_security_groups | Additional security groups to associate with the ELB.
 

data/docs/_docs/ssl-support.md

@@ -4,14 +4,13 @@ title: SSL Support
 
 ## Application Load Balancers
 
-If you are using an Application Load Balancer you can configure SSL support by adjusting the listener in `.ufo/settings/cfn/default.yml`.  Here's an example:
+If you are using an Application Load Balancer you can configure SSL support by adjusting the `listener_ssl` in `.ufo/settings/cfn/default.yml`.  Here's an example:
 
 ```
-listener:
+listener_ssl:
   port: 443
-  protocol: HTTPS
   certificates:
-  - certificate: arn:aws:acm:us-east-1:111111111111:certificate/11111111-2222-3333-4444-555555555555
+  - certificate_arn: arn:aws:acm:us-east-1:111111111111:certificate/11111111-2222-3333-4444-555555555555
 ```
 
 For the certificate arn, you will need to create a certificate with AWS ACM. To do so, you can follow these instructions: [Request a Public Certificate
@@ -23,12 +22,12 @@ Once this is configured, you deploy the app again:
 
 ## Network Load Balancers
 
-Network Load Balancers work at layer 4, so they do not support SSL termination because SSL happens higher up in the OSI model layers. With Network Load Balancers you handle SSL termination within your app with the app server you are using.  For example, it could be apache, nginx or tomcat.
+Network Load Balancers work at layer 4, so they do not support SSL termination because SSL happens higher up in the OSI model layers. With Network Load Balancers you handle SSL termination within your app with the server you are using.  For example, it could be apache, nginx or tomcat.
 
 You also will need to also configure the target group to check the port that your app server is listening to and configure the health_check_protocol to HTTPS.  Here's an example:
 
 ```
-listener:
+listener_ssl:
   port: 443
 target_group:
   port: 443

data/docs/_docs/tutorial-ufo-tasks-build.md

@@ -4,14 +4,14 @@ title: Task Definitions
 
 ## Build the ECS Task Definitions
 
-Now that we have a docker image pushed to a registry we can use that image for ECS.  Ufo takes that image and adds it to an ECS task definition.  This is where ufo is powerful.  Ufo gives you the power to build and control your ECS task definition directly.
+Now that we have a Docker image pushed to a registry we can use that image for ECS.  Ufo takes that image and adds it to an ECS task definition.  This is where ufo is powerful.  Ufo gives you the power to build and control your ECS task definition directly.
 
-Let's take a look at the 2 files that are used by ufo to build the ECS task definition.  These files were generated by the `ufo init` command at the beginning.
+Let's take a look at the files that are used by ufo to build the ECS task definition.  These files were generated by the `ufo init` command at the beginning.
 
 1. `.ufo/templates/main.json.erb`
 2. `.ufo/task_definitions.rb`
 
-Ufo task definitions are written as an ERB template that makes it directly accessible. You can configure to your requirements.  Here is an example of an ERB template `.ufo/templates/main.json.erb` that shows how to modify the task definition you want ufo to upload:
+Ufo task definitions are written as an ERB template that makes it directly accessible. You can configure it to your requirements.  Here is an example of an ERB template `.ufo/templates/main.json.erb` and shows how to modify the task definition:
 
 **.ufo/templates/main.json.erb**:
 
@@ -61,14 +61,14 @@ end
 
 ## Shared Variables
 
-Ufo has a concept of shared variables, covered in [Shared Variables]({% link _docs/variables.md %}). The shared variables are set in the `variables` folder and essentially allow you to use a set of shared variables throughout your templates:
+Ufo has a concept of shared variables, covered in [Shared Variables]({% link _docs/variables.md %}). The shared variables are set in the `variables` folder and allow you to use a set of shared variables common to your templates:
 
 **.ufo/variables/base.rb**:
 
 ```ruby
 @image = helper.full_image_name # includes the git sha tongueroo/demo-ufo:ufo-[sha].
-@cpu = 128
-@memory_reservation = 256
+@cpu = 256
+@memory_reservation = 512
 @environment = helper.env_file(".env")
 ```
 

data/docs/_docs/upgrade4.md

@@ -27,8 +27,6 @@ It is recommended that you run the `ufo upgrade v3to4` command with the network
           append  .dockerignore
           append  .gitignore
            force  .ufo/params.yml
-        conflict  .ufo/settings.yml
-           force  .ufo/settings.yml
           create  .ufo/settings/cfn/default.yml
           create  .ufo/settings/network/default.yml
     Upgrade complete.
@@ -40,7 +38,6 @@ If you run the upgrade command without specified options, then ufo will detect a
 File | Changes
 --- | ---
 .ufo/params.yml | The create_service and update_service sections have been removed. The options handed by CloudFormation and can be customized with `.ufo/settings/cfn/default.yml`. If you have used these options for Fargate support, you no longer need to worry about them.  The generated CloudFormation template detects if the task definition uses Fargate and handles it for you.
-.ufo/settings.yml | A network_profile and cfn_profile option have been added with default settings.
 .ufo/settings/cfn/default.yml | Starter cfn settings file.
 .ufo/settings/network/default.yml | This generated file will have the vpc and subnets that you specified above.  You can change them directly in this file to control what network settings ufo uses.
 

data/docs/_includes/cfn-customize.md

@@ -24,7 +24,7 @@ TargetGroup:
 ...
 ```
 
-In this way, you can customize and override any property associated with any resource created the ufo CloudFormation stack.
+In this way, you can customize and override any properties associated with resources created by the ufo CloudFormation stack.
 
 Here's a list of the resources in the [cfn/stack.yml](https://github.com/tongueroo/ufo/blob/master/lib/cfn/stack.yml) that you can customize:
 

data/docs/_includes/example.html

@@ -9,69 +9,52 @@
     <div class='row'>
       <div class='col-md-offset-1 col-md-10'>
 {% highlight sh %}
-$ ufo ship demo-web
+$ ufo ship
 Building docker image with:
-  docker build -t tongueroo/demo-ufo:ufo-2017-06-11T19-43-19-bc80e84 -f Dockerfile .
-Sending build context to Docker daemon 719.4 kB
-Step 1 : FROM ruby:2.3.3
- ---> 0e1db669d557
-Step 2 : RUN apt-get update && apt-get install -y build-essential nodejs
+  docker build -t tongueroo/demo-ufo:ufo-2018-07-03T20-42-48-9cb7bf9 -f Dockerfile .
+Sending build context to Docker daemon  295.4kB
+Step 1/10 : FROM ruby:2.5.1
+ ---> 857bc7ff918f
+...
+Step 10/10 : CMD bin/web
  ---> Using cache
- ---> 931ace833716
-Step 3 : WORKDIR /app
- ---> Using cache
- ---> cbb5c15ad1b1
-Step 4 : ADD Gemfile /app/Gemfile
- ---> Using cache
- ---> f1e152250b3e
-Step 5 : ADD Gemfile.lock /app/Gemfile.lock
- ---> Using cache
- ---> 779ebef7e4e2
-Step 6 : RUN bundle install --system
- ---> Using cache
- ---> 82fa66ab7513
-Step 7 : ADD . /app
- ---> 7c19cea5f89b
-Removing intermediate container 54f2f54b6d8a
-Step 8 : RUN bundle install --system
- ---> Running in 1deb79965099
-Bundle complete! 12 Gemfile dependencies, 56 gems now installed.
-Bundled gems are installed into /usr/local/bundle.
- ---> 43a24c8073cb
-Removing intermediate container 1deb79965099
-Step 9 : RUN chmod a+x bin/*
- ---> Running in 1c4be40ec03c
- ---> 167ed122d8ae
-Removing intermediate container 1c4be40ec03c
-Step 10 : EXPOSE 3000
- ---> Running in 38b7a02a584e
- ---> 12e511582f93
-Removing intermediate container 38b7a02a584e
-Step 11 : CMD bin/web
- ---> Running in f56d659a2c9e
- ---> 1689ba53ca03
-Removing intermediate container f56d659a2c9e
-Successfully built 1689ba53ca03
-Docker image tongueroo/demo-ufo:ufo-2017-06-11T19-43-19-bc80e84 built.  Took 34s.
+ ---> c02b8f7eb183
+Successfully built c02b8f7eb183
+Successfully tagged tongueroo/demo-ufo:ufo-2018-07-03T20-42-48-9cb7bf9
+Docker image tongueroo/demo-ufo:ufo-2018-07-03T20-42-48-9cb7bf9 built.
+Docker build took 0s.
+=> docker push tongueroo/demo-ufo:ufo-2018-07-03T20-42-48-9cb7bf9
 The push refers to a repository [docker.io/tongueroo/demo-ufo]
-0826214f2b9a: Pushed
-ee30634e4a5d: Pushed
-277ff31e79b4: Layer already exists
-a361a4de05df: Layer already exists
-ufo-2017-06-11T19-43-19-bc80e84: digest: sha256:6381ff8d4413edf0c13926def1d55d0f805d169d686f59cdee3abb960b52eb9a size: 3464
-Pushed tongueroo/demo-ufo:ufo-2017-06-11T19-43-19-bc80e84 docker image. Took 10s.
+f8172fcf60ff: Layer already exists
+a51c4b90e727: Layer already exists
+...
+0f3a12fef684: Layer already exists
+ufo-2018-07-03T20-42-48-9cb7bf9: digest: sha256:00eade753ff8721f7f96a505ea3bec6b1fd334c930dcecc20a2043ae9300496d size: 3458
+Pushed tongueroo/demo-ufo:ufo-2018-07-03T20-42-48-9cb7bf9 docker image.
+Docker push took 4s.
 Building Task Definitions...
 Generating Task Definitions:
-  ufo/output/demo-web.json
-  ufo/output/demo-worker.json
-  ufo/output/demo-clock.json
-Task Definitions built in ufo/output.
+  .ufo/output/demo-web.json
+  .ufo/output/demo-worker.json
+  .ufo/output/demo-clock.json
+Task Definitions built in .ufo/output
+Equivalent aws cli command:
+  aws ecs register-task-definition --cli-input-json file://.ufo/output/demo-web.json
 demo-web task definition registered.
-Shipping demo-web...
-demo-web service updated on stag cluster with task demo-web
+Deploying demo-web...
+Ensuring log group for demo-web task definition exists
+Log group name: ecs/demo-web
+Updating stack development-demo-web...
+Generated template saved at: /tmp/ufo/development-demo-web/stack.yml
+Generated parameters saved at: /tmp/ufo/development-demo-web/parameters.yml
+08:43:07PM UPDATE_IN_PROGRESS AWS::CloudFormation::Stack development-demo-web User Initiated
+08:43:11PM UPDATE_IN_PROGRESS AWS::ECS::Service Ecs
+08:45:12PM UPDATE_COMPLETE AWS::ECS::Service Ecs
+08:45:14PM UPDATE_COMPLETE_CLEANUP_IN_PROGRESS AWS::CloudFormation::Stack development-demo-web
+08:45:15PM UPDATE_COMPLETE AWS::CloudFormation::Stack development-demo-web
+Stack success status: UPDATE_COMPLETE
+Time took for stack deployment: 2m 13s.
 Software shipped!
-Cleaning up docker images...
-Running: docker rmi tongueroo/demo-ufo:ufo-2017-06-11T11-37-00-bc80e84
 $
 {% endhighlight %}
       </div>

data/docs/_reference/ufo-ship.md

@@ -67,20 +67,11 @@ More info available at the [load balancer docs](http://ufoships.com/docs/load-ba
 
 Let's you want skip the docker build phase and only want use ufo to deploy a task definition. You can do this with the `ufo deploy` command.  Refer to [ufo deploy](http://ufoships.com/reference/ufo-deploy/) for more info.
 
-### Waiting for Deployments to Complete
+### Not Waiting for Deployments to Complete
 
-By default when ufo updates the ECS service with the new task definition it does so asynchronuously. You then normally visit the ECS service console and then refresh until you see that the deployment is completed.  You can also have ufo poll and wait for the deployment to be done with the `--wait` option
+By default when ufo updates the ECS service with the new task definition it does so synchronuously. It'll wait until the CloudFormation stack finishes.  You can make it asynchronuously with the `--no-wait` option:
 
-    ufo ship demo-web --wait
-
-You should see output similar to this:
-
-    Shipping demo-web...
-    demo-web service updated on cluster with task demo-web
-    Waiting for deployment of task definition demo-web:8 to complete
-    ......
-    Time waiting for ECS deployment: 31s.
-    Software shipped!
+    ufo ship demo-web --no-wait
 
 ### Route 53 DNS Support
 

data/docs/_reference/ufo-stop.md

@@ -11,7 +11,7 @@ reference: true
 
 Stop tasks from old deployments.  Can speed up deployments with network load balancer.
 
-ECS deployments can sometimes take a while. One reason could be because the old ECS tasks can take some time to drain and removed. The recommended way to speed this draining process up is configuring the `deregistration_delay.timeout_seconds` to a low value.  You can configured this in `.ufo/settings/cfn/default.yml`. For more info refer to http://localhost:4000/docs/settings-cfn/  This setting works well for Application Load Balancers.
+ECS deployments can sometimes take a while. One reason could be because the old ECS tasks can take some time to drain and removed. The recommended way to speed this draining process up is configuring the `deregistration_delay.timeout_seconds` to a low value.  You can configured this in `.ufo/settings/cfn/default.yml`. For more info refer to http://ufoships.com/docs/settings-cfn/  This setting works well for Application Load Balancers.
 
 However, for Network Load Balancers, it seems like the deregistration_delay is not currently being respected. In this case, it take an annoying load time and this command can help speed up the process.
 

data/docs/docs.md

@@ -12,8 +12,6 @@ Ufo is a tool that makes deploying to AWS ECS easy. Ufo provides a `ufo ship` co
 
 Ufo was built directly from real life production use cases after seeing the same patterns repeated over and over. Ufo enables you to write the AWS task definition json format file in ERB, an easy templating language.  This allows you to reuse the ufo tool with multiple applications and only put the truly application specific business logic in each app code base.
 
-Next we'll cover different ways to install ufo.
-
 <a id="prev" class="btn btn-basic" href="{% link _docs/tutorial-ufo-ships.md %}">Back</a>
 <a id="next" class="btn btn-primary" href="{% link _docs/structure.md %}">Next Step</a>
 <p class="keyboard-tip">Pro tip: Use the <- and -> arrow keys to move back and forward.</p>

data/docs/quick-start.md

@@ -9,7 +9,7 @@ gem install ufo
 git clone https://github.com/tongueroo/demo-ufo.git
 cd demo-ufo
 ufo init --app=demo --image=tongueroo/demo-ufo
-ufo current demo-web
+ufo current --service demo-web
 ufo ship
 ufo ps
 ufo scale 2

data/lib/cfn/stack.yml

@@ -125,6 +125,18 @@ Resources:
       Protocol: <%= @default_listener_protocol %>
 <%= custom_properties(:Listener) %>
 
+  ListenerSsl:
+    Type: AWS::ElasticLoadBalancingV2::Listener
+    Condition: CreateElbIsTrue
+    Properties:
+      DefaultActions:
+      - Type: forward
+        TargetGroupArn:
+          !If [ElbTargetGroupIsBlank, !Ref TargetGroup, !Ref ElbTargetGroup]
+      LoadBalancerArn: !Ref Elb
+      Protocol: <%= @default_listener_ssl_protocol %>
+<%= custom_properties(:ListenerSsl) %>
+
 <% if @elb_type == "application" -%>
   ElbSecurityGroup:
     Type: AWS::EC2::SecurityGroup
@@ -137,6 +149,10 @@ Resources:
         FromPort: '<%= cfn[:listener][:port] %>'
         ToPort: '<%= cfn[:listener][:port] %>'
         CidrIp: 0.0.0.0/0
+      - IpProtocol: tcp
+        FromPort: '<%= cfn[:listener_ssl][:port] %>'
+        ToPort: '<%= cfn[:listener_ssl][:port] %>'
+        CidrIp: 0.0.0.0/0
       SecurityGroupEgress:
       - IpProtocol: tcp
         FromPort: '0'

data/lib/template/.ufo/settings.yml.tt

@@ -6,8 +6,8 @@ base:
   image: <%= @image %>
   # clean_keep: 30
   # ecr_keep: 30
-  network_profile: default # .ufo/settings/network/default.yml file
-  cfn_profile: default # .ufo/settings/cfn/default.yml file
+  # network_profile: default # .ufo/settings/network/default.yml file
+  # cfn_profile: default # .ufo/settings/cfn/default.yml file
   # If you want to have prettier name set for the ECS service name
   # There are some cavaets with this. Updating properties on resources that require
   # replacment might not work. For example, adding and removing a load balancer.

data/lib/template/.ufo/settings/cfn/default.yml.tt

@@ -17,33 +17,48 @@ target_group:
                   #   application elb: HTTP
                   #   network elb: TCP
                   # so we can keep this commented out, unless we need HTTPS at the app level
-  target_group_attributes:
-  - key: deregistration_delay.timeout_seconds
-    value: 1
-  # network elb support health_check_interval_seconds of 10 or 30
-  # health_check_interval_seconds: 30
-
-  # health check settings are supported by application load balancer only:
+  # Health check settings are supported by application load balancer only:
+  # health_check_path: /upcheck
+  # health_check_interval_seconds: 30 # 10 or 30 for network ELB
   # health_check_protocol: HTTP # HTTP or HTTPS
-  # health_check_path: /
   # health_check_port: traffic-port
   # unhealthy_threshold_count: 10
+  target_group_attributes:
+  - key: deregistration_delay.timeout_seconds
+    value: 1
 
 # https://docs.aws.amazon.com/fr_fr/elasticloadbalancing/latest/APIReference/API_CreateListener.html
 #
-# If HTTPS and SSL is required this is where it would normally be set. Application ELBs
-# support SSL termination. Network load balancers do not.
+# This is the default listener and normally should listen to port 80.
 listener:
-  port: 80 # required by ufo, used in cloudformation template
+  port: 80
   # For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocol is TCP.
   # protocol: TCP # valid values - application elb: HTTP HTTPS, network elb: TCP
-                  # ufo sets defaults in cloudformation template
-                  #   application elb: HTTP
+                  # ufo sets these defaults:
+                  #   application elb: HTTP  # unless port is 443
+                  #   application elb: HTTPS # if port is 443
                   #   network elb: TCP
-                  # so we can keep this commented out, unless we need HTTPS at elb level
-  # certificates is required if using HTTPS protocol with application
+                  # Can keep protocol commented out,
+                  # unless need to override the defaults.
+
+# If HTTPS and SSL is required then the listener_ssl config is what you need.
+#   Application ELBs support SSL termination.
+#   Network load balancers do not.
+#
+# ufo current creates both a normal listener and an ssl listener, even if you
+# are not using it. Both listeners point to the same target group.
+listener_ssl:
+  port: 443
+  # protocol: TCP # valid values - application elb: HTTP HTTPS, network elb: TCP
+                  # ufo handles setting the defaults:
+                  #   application elb: HTTP  # unless port is 443
+                  #   application elb: HTTPS # if port is 443
+                  #   network elb: TCP
+  # Certificates are supported by application load balancers only.
+  # Network load balancers do not support SSL termination.
   # certificates:
-  # - certificate: arn:aws:acm:us-east-1:111111111111:certificate/11111111-2222-3333-4444-555555555555
+  # - certificate_arn: arn:aws:acm:us-east-1:111111111111:certificate/11111111-2222-3333-4444-555555555555
+
 
 # Configure dns to automatically be associated with the ELB dns name.
 # Note, the route53 record set for the domain name must already exist.

data/lib/ufo/default/settings.yml

@@ -6,7 +6,8 @@ base:
   # image:
   # clean_keep: 30
   # ecr_keep: 30
-  # defaults when an new ECS service is created by ufo ship
+  network_profile: default # .ufo/settings/network/default.yml file
+  cfn_profile: default # .ufo/settings/cfn/default.yml file
 
 development:
   # cluster: dev

data/lib/ufo/help/ship.md

@@ -54,20 +54,11 @@ More info available at the [load balancer docs](http://ufoships.com/docs/load-ba
 
 Let's you want skip the docker build phase and only want use ufo to deploy a task definition. You can do this with the `ufo deploy` command.  Refer to [ufo deploy](http://ufoships.com/reference/ufo-deploy/) for more info.
 
-### Waiting for Deployments to Complete
+### Not Waiting for Deployments to Complete
 
-By default when ufo updates the ECS service with the new task definition it does so asynchronuously. You then normally visit the ECS service console and then refresh until you see that the deployment is completed.  You can also have ufo poll and wait for the deployment to be done with the `--wait` option
+By default when ufo updates the ECS service with the new task definition it does so synchronuously. It'll wait until the CloudFormation stack finishes.  You can make it asynchronuously with the `--no-wait` option:
 
-    ufo ship demo-web --wait
-
-You should see output similar to this:
-
-    Shipping demo-web...
-    demo-web service updated on cluster with task demo-web
-    Waiting for deployment of task definition demo-web:8 to complete
-    ......
-    Time waiting for ECS deployment: 31s.
-    Software shipped!
+    ufo ship demo-web --no-wait
 
 ### Route 53 DNS Support
 

data/lib/ufo/help/stop.md

@@ -1,4 +1,4 @@
-ECS deployments can sometimes take a while. One reason could be because the old ECS tasks can take some time to drain and removed. The recommended way to speed this draining process up is configuring the `deregistration_delay.timeout_seconds` to a low value.  You can configured this in `.ufo/settings/cfn/default.yml`. For more info refer to http://localhost:4000/docs/settings-cfn/  This setting works well for Application Load Balancers.
+ECS deployments can sometimes take a while. One reason could be because the old ECS tasks can take some time to drain and removed. The recommended way to speed this draining process up is configuring the `deregistration_delay.timeout_seconds` to a low value.  You can configured this in `.ufo/settings/cfn/default.yml`. For more info refer to http://ufoships.com/docs/settings-cfn/  This setting works well for Application Load Balancers.
 
 However, for Network Load Balancers, it seems like the deregistration_delay is not currently being respected. In this case, it take an annoying load time and this command can help speed up the process.
 

data/lib/ufo/init.rb

@@ -102,7 +102,7 @@ Some additional starter example roles for your apps were set up in in .ufo/task_
 
 ## Settings files
 
-Additionally, ufo generated starter settings files at that further allow you to customize more settings.
+Additionally, ufo generated starter settings files that allow you to customize more settings.
 
 * .ufo/settings.yml: general settings.
 * .ufo/settings/cfn/default.yml: properties of CloudFormation resources that ufo creates.

data/lib/ufo/ps.rb

@@ -56,7 +56,7 @@ module Ufo
       end
       return unless error_event
 
-      puts "There are targets the target group reporting unhealthy.  This can cause containers to cycle. Here's the error:"
+      puts "There are targets in the target group reporting unhealthy.  This can cause containers to cycle. Here's the error:"
       puts error_event.message.colorize(:red)
       puts "Check out the ECS console events tab for more info."
     end

data/lib/ufo/stack.rb

@@ -42,8 +42,8 @@ module Ufo
       if @stack && rollback_complete?(@stack)
         puts "Existing stack in ROLLBACK_COMPLETE state. Deleting stack before continuing."
         cloudformation.delete_stack(stack_name: @stack_name)
-        @status.wait
-        @status.reset
+        status.wait
+        status.reset
         @stack = nil # at this point stack has been deleted
       end
 

data/lib/ufo/stack/context.rb

@@ -31,6 +31,7 @@ class Ufo::Stack
         create_route53: create_elb? && cfn[:dns] && cfn[:dns][:name],
         default_target_group_protocol: default_target_group_protocol,
         default_listener_protocol: default_listener_protocol,
+        default_listener_ssl_protocol: default_listener_ssl_protocol,
       }
       # puts "vars:".colorize(:cyan)
       # pp vars
@@ -42,13 +43,16 @@ class Ufo::Stack
     def default_target_group_protocol
       return 'TCP' if elb_type == 'network'
       'HTTP'
-      # cfn[:target_group][:port] == 443 ? 'HTTPS' : 'HTTP'
     end
 
     def default_listener_protocol
       return 'TCP' if elb_type == 'network'
-      'HTTP'
-      # cfn[:listener][:port] == 443 ? 'HTTPS' : 'HTTP'
+      cfn[:listener][:port] == 443 ? 'HTTPS' : 'HTTP'
+    end
+
+    def default_listener_ssl_protocol
+      return 'TCP' if elb_type == 'network'
+      cfn[:listener_ssl][:port] == 443 ? 'HTTPS' : 'HTTP'
     end
 
     def container

data/lib/ufo/upgrade/upgrade4.rb

@@ -24,7 +24,6 @@ class Ufo::Upgrade
       upsert_dockerignore
       upsert_gitignore
       update_params_yaml
-      update_settings
       update_task_definitions
       new_files
     end
@@ -49,15 +48,6 @@ EOL
       template(".ufo/settings/cfn/default.yml")
     end
 
-    # add network_profile: default line
-    def update_settings
-      text = <<-EOL
-  network_profile: default # .ufo/settings/network/default.yml file
-  cfn_profile: default # .ufo/settings/cfn/default.yml file
-EOL
-      insert_into_file ".ufo/settings.yml", text, :after => "base:\n"
-    end
-
     # remove the create_service and update_service sections
     def update_params_yaml
       if File.exist?("#{Ufo.root}/.ufo/params.yml")

data/lib/ufo/version.rb

@@ -1,3 +1,3 @@
 module Ufo
-  VERSION = "4.0.0"
+  VERSION = "4.0.1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ufo
 version: !ruby/object:Gem::Version
-  version: 4.0.0
+  version: 4.0.1
 platform: ruby
 authors:
 - Tung Nguyen
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-07-04 00:00:00.000000000 Z
+date: 2018-07-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-cloudformation