v0.13.0

This release of Empire brings more bug fixes, as well as some notable new features and changes.

Support for ECS Placement Constraints

Before placement constraints, ECS clusters were pretty flat; whatever you scheduled into the cluster could be ran on any host that was registered within the cluster. Placement constraints allow you to be more granular about scheduling, so that services and tasks can specify certain constraints that are required (e.g. like instance size, or AMI).

Empire now allows you to specify placement constraints as part of the Procfile:

worker:
  ecs:
    placement_constraints:
      - type: memberOf
        expression: "attribute:capability.statsd == true"

See the docs for details.

Automatic resolution of Docker tags to digests

In the past, when you deployed a Docker image via a tag (e.g. like remind101/acme-inc:master) Empire would pass along the tag unchanged to ECS. If the tag was updated after deployment, the version that you deployed to Empire would no longer be the same version as what's running in the ECS cluster.

Empire now automatically resolves these mutable tags to their immutable, content addressable identifiers, called digests.

---

Features

• [cmd/empire] Empire now supports a new (experimental) feature to enable attached processes to be ran with ECS. #1043
• [cmd/emp,cmd/empire] Empire now supports "maintenance mode" for applications. #1086
• [cmd/empire] Added a new configuration option for controlling the generated CloudFormation stack names. #1094
• [cmd/empire] Empire now supports ECS placement constraints and strategies in the extended Procfile format. #1059

Bugs

• [cmd/emp] Fixed a regression in env-load, which caused it to set keys to random values. #1062
• [cmd/empire] Fixed an issue where the ECS task role was not set on tasks started from emp run. #1063
• [cmd/empire] Fixed a bug that prevented Docker images using a digest as a reference from being deployed. #1104

Improvements

• [cmd/empire] Processes can now be scaled down to a negative value to prevent AWS resources from being created. #1064
• [cmd/empire] AWS resources for scheduled processes are now always created, unless scaled down to a negative value. #1064
• [cmd/empire] Empire now supports reporting its own errors to Rollbar in addition to Honeybadger. #1075
• [cmd/empire]It's now possible to configure the pool of ports that the Custom::InstancePort resource allocates ports from. #1096
• [cmd/emp] STDOUT and STDERR in emp run's now show up on STDOUT and STDERR in the terminal, instead of being merged on STDOUT. #1101

Security

• [cmd/empire] Empire can now automatically resolve a Docker tag to it's immutable content addressable identifier. #1104

You can run this version of Empire with:

$ docker run remind101/empire@sha256:ac9f0f329fca32c049322d00ba4383b7e691c9f1fa5f8b9c1584c96dc1a74a65

0.13.x has no backwards incompatibilities between 0.12.xx, however, please refer to the upgrade guide before performing an upgrade.

v0.12.0

This release of Empire brings more bug fixes, as well as some notable new features and changes:

Expose any process behind a load balancer

Historically, Empire would only expose a process in the Procfile if it was called web. Now (when using the extended Procfile format) you can expose any process, with complete control over what ports are used. For example, if we wanted to expose the api process as port 80 on the load balancer, and port 9000 in the container, we could add the following:

api:
  ports:
    - "80:9000"

In addition, Empire now creates <proc>.<app>.empire (e.g. api.acme-inc.empire) ALIAS records for each exposed process in the Procfile.

For details about web procs, see http://empire.readthedocs.io/en/latest/deploying_an_application/

SAML authentication backend

Many organizations have an idP (identity provider), which they use to provide a centralized place to control employees access to third party applications. Empire now supports a SAML authentication backend, so you can use Empire with your existing idP, like OneLogin.

Removal of the legacy ECS backend

In 0.12 and forward, the legacy ECS backend has been replaced by CloudFormation, which allows us to introduce new features and changes much more quickly.

If you're upgrading from 0.11.x to 0.12, you MUST migrate any applications running on the legacy ECS backend to CloudFormation first. See the Scheduler Migration Guide for details

---

Features

• The extended Procfile format now allows you to attach a load balancer to any process in the Procfile. #800
• An ALIAS record is now created for <process>.<app>.<zone> #1005
• You can now provide a -p flag to the emp cert-attach command to attach a certificate to a specific process (instead of just web). #1014
• Empire now supports a SAML authentication backend. #1017

Improvements

• emp ps now displays the task's host. #983
• The empire and emp binaries are now built with Go 1.7 #971
• emp env-load now handles multi-line environment variables. #990
• In preparation for the 0.12 release, the legacy ECS scheduler has been removed. #1001
• All application labels are set on the CloudFormation stack, rather than just empire.app.id and empire.app.name. In addition, ALB's will get stack tags applied to them. #1004
• The lock timeout for CloudFormation stack operations has been increased #1030

Bugs

• emp deploy will now prompt for a commit message if one is required but not provided. #994
• Fixed a bug where the GitHub authentication backend would sometimes return unauthenticated errors randomly. #1029

Security

• It's now possible to set a maximum session duration, to ensure that users have to periodically re-authenticate with credentials and MFA #1024

As always, you can run this version of empire with:

$ docker run remind101/empire:0.12.0

And if you're upgrading from a previous version, please refer to the upgrade guide

v0.11.1

This is a patch release for the 0.11 stable branch.

Bugs

• Fixed a regression from 0.10.1 where migrating apps from the legacy backend to CloudFormation would fail #1046

As always, you can run this version of empire with:

$ docker run remind101/empire:0.11.1

And if you're upgrading from a previous version, please refer to the upgrade guide

v0.11.0

This release of Empire brings more bug fixes, as well as some notable new features and changes:

CloudFormation Backend

The CloudFormation backend was introduced as an experimental feature in 0.10.0. Many improvements have been made, and with this release, the CloudFormation backend becomes the default scheduling backend for newly created applications. Users are encouraged to migrate their existing applications to CloudFormation using the Scheduler Migration Guide. See Upgrading to 0.11.0 for details about upgrading from 0.10 to 0.11, and the new IAM permissions that Empire requires.

Native Scheduled Tasks

Empire now has experimental support for defining scheduled tasks inside the extended Procfile. See the documentation for details.

CloudFormation Custom Resources

Empire now exposes Custom::EmpireApp and Custom::EmpireAppEnvironment resources so that you can tie Empire into your existing CloudFormation workflow for managing infrastructure. See the documentation for details.

Application Load Balancers

Empire now has experimental support for using the new Application Load Balancers. You can enable an application to use ALB instead of ELB by setting the LOAD_BALANCER_TYPE=alb environment variable.

---

Features

• Empire now includes experimental support for showing attached runs in emp ps. This can be enabled with the --x.showattached flag, or EMPIRE_X_SHOW_ATTACHED #911
• Empire now includes experimental support for scheduled tasks #919
• Empire now supports streaming status updates from the scheduler while deploying #888
• You can now provision Empire applications and set environment variables from CloudFormation stacks using the Custom::EmpireApp and Custom::EmpireAppEnvironment resources #819
• Empire now supports sending internal metrics to statsd or dogstatsd #953
• Attached and detached runs now have an empire.user label attached to them #965
• You can now provide the name of a process defined in the Procfile when calling emp run #967
• Empire now includes experimental support for the new Application Load Balancers by setting the LOAD_BALANCER_TYPE=alb environment variable. #969
• Empire now also sets an EMPIRE_PROCESS_SCALE environment variable, which includes the desired number of processes #964

Improvements

• The Custom::ECSService custom resource now waits for newly created ECS services to stabilize #878
• The CloudFormation backend now uses the Custom::ECSService resource instead of AWS::ECS::Service, by default #877
• The database schema version is now checked at boot, as well as in the http health checks. #893
• The log level within empire can now be configured when starting the service. #929
• The CloudFormation backend now has experimental support for a Custom::ECSTaskDefinition resource that greatly reduces the size of generated templates. #935
• The Scheduler now has a Restart method which will trigger a restart of all the processes within an app. Previously, a "Restart" just re-released the app. Now schedulers like the cloudformation backend can optimize how the restart is handled. #697
• emp run now publishes an event when it is ran. #954
• emp rollback requires confirmation if rolling back more than 9 versions. #975

Bugs

• Fixed a bug where multiple duplicate ECS services could be created by the CloudFormation backend, when using the Custom::ECSService resource #884.
• Fixed a bug where the lock obtained during stack operations was not always unlocked. #892
• Fixed an issue where Procfile's would not be extracted when Docker 1.12+ was used. #915
• Fixed a bug where the failed creation of a custom resources could cause a CloudFormation stack to fail to rollback. #938
• Fixed a bug where waiting for a deploy to stabilize was failing if you had more than 10 services. #944
• Fixed an issue in the Tugboat integration where the log stream to a Tugboat instance could be closed. #950
• Fixed an issue where typing commit message does not allow user to use arrow keys, etc. #958

Performance

• Performance of creating/updating/deleting custom resources in the CloudFormation backend has been improved. #942
• ECS Task Definitions are now cached in memory for improved emp ps performance. #902

Security

• Empire now has a new commands.allowed flag that controls the behavior of what commands are allowed with emp run. This can be set to procfile to limit emp run to only allow commands defined in the Procfile.

As always, you can run this version of empire with:

$ docker run remind101/empire:0.11.0

And if you're upgrading from a previous version, please refer to the upgrade guide

v0.10.1

This release of Empire brings a number of bug fixes, as well as a couple notable new features:

CloudFormation backend

Empire now has experimental support for provisioning resources with CloudFormation. This can be enabled via the --scheduler flag, or the EMPIRE_SCHEDULER environment variable. The default value is ecs, but it now supports the following options:

• cloudformation: Uses a CloudFormation stack per app to provision and update AWS resources (ELB/ECS/Route53/etc).
• cloudformation-migration: Uses a combination of the new CloudFormation backend, as well as the old ECS backend to make it easy to migrate existing applications to CloudFormation. You can migrate applications by following the Scheduler Migration Guide.

This will eventually become the default scheduling backend in later releases of Empire.

NOTE: The CloudFormation backend is currently experimental, and should not be used in production environments. If you wish to experiment with the new CloudFormation backend, please note that Empire will need some additional IAM permissions.

Commit Messages

You can now provide a message for all emp commands, which can be useful in providing context about why a change was made. This will show in the description of new releases, and also in events generated by Empire (which can be sent to an SNS topic).

Example

emp scale worker=10 -m "Worker is backed up from load"

ECR

Empire now supports deploying images from ECR repositories.

---

A full list of changes are below

Features

• Empire now contains expiremental support for using CloudFormation to provision resources for applications #814, #803.
• Empire now supports requiring commit messages for all actions that emit an event via --messages.required. If a commit message is required for an action, emp will gracefully handle it and ask the user to input a value #767.
• You can now supply a commit message to any event that is published by Empire #767.
• Empire now supports deploying Docker images from the EC2 Container Registry #730.
• The Docker logging driver that the ECS backend uses is now configurable via the --ecs.logdriver flag #731.
• It's now possible to lock down the GitHub authorization to a specific team via the --github.team.id flag #745.
• Empire can now integrate with Conveyor to build Docker images on demand when using the GitHub Deployments integration #747.
• Stdout and Stdin from interactive run sessions can now be sent to CloudWatch Logs for longterm storage and auditing #757.
• Add Environment and Release to Deploy Events. --environment will likely be used for tagging resources later. #758
• Add constraint changes to scale events #773
• You can now specify the CPU and memory constraints for attached one-off tasks with the -s flag to emp run #809
• You can now provide a duration to emp log with the -d flag to start streaming logs from a specific point in time ie (5m, 10m, 1h) #829
• If log streaming is enabled, Empire will attempt to write events to the kinesis stream for the application #832
• Added Stdout event stream #874

Bugs

• emp run now works with unofficial Docker registries #740.
• emp scale -l now lists configured scale, not the running processes #769
• Fixed a bug where it was previously possible to create a signed access token with an empty username #780
• ECR authentication now supports multiple regions, and works independently of ECS region #784
• Provisioned ELB's are only destroyed when the entire app is removed #801
• Docker containers started by attached runs now have labels, cpu and memory constraints applied to them #809
• Fixed a bug where interactive emp run would get stuck attempting to read bytes after an error from the initial request #795

Performance

• emp ps should be significantly faster for services running a lot of processes #781

Security

• Empire is now built with Go 1.5.3 to address CVE-2015-8618 #737.

As always, you can run this version of empire with:

$ docker run remind101/empire:0.10.1

And if you're upgrading from a previous version, please refer to the upgrade guide

v0.10.0

Features

• emp ps now shows the correct uptime of the process thanks to ECS support #683.
• emp run now supports the -d flag for detached processes #695.
• You can now deploy images from unofficial Docker registries, such as Quay.io #692.
• Empire now allows you to "attach" existing IAM certificates. This replaces the old ssl-* commands in the emp CLI #701.
• You can now have Empire publish events to an SNS topic #698.
• Empire now supports environement aliases for Github Deployments #681

Bugs

• Allow floating point numbers to be provided when scaling the memory on a process #694.
• Empire will now update the SSL certificate on the associated ELB if it changes from emp cert-attach #700.
• The Tugboat integration now updates the deployment status with any errors that occurred #709.
• Deploying a non-existent docker image to Empire will no longer create an app #713.
• It's no longer necessary to re-deploy an application when scaling a process with new CPU or memory constraints #713.

Security

• GitHub Organization membership is now checked on every request, not just at access token creation time #687.

Internal

• The emp CLI has been moved to the primary remind101/empire repo #712

As always, you can run this version of empire with:

$ docker run remind101/empire:0.10.0

Empire v0.9.2

This release contains a number of bug fixes and a few new features, including log tailing.

Documentation

• Added doc on enabling log tailing #671.
• Added doc on deploying an application #642.
• Added doc on exposing an app publicly #668.
• Added doc on known limitations #672.

Features

• Added log tailing from Kinesis #651.
• Added AWS API errors exposition when deploying #628.
• Added CrossZoneLoadBalancing to ELBs #641.
• Added the process type in the get processes endpoint #649.
• Reversed process and version in SOURCE environment variable #652.
• Set empire.* labels on containers #679.

Bugs

• Added more specific load balancer error messages #629
• Update aws-sdk-go to v0.9.15. Fixed ThrottlingExceptions during restart #645.
• Fixed pagination when listing processes (tasks) #648.
• Fixed release description for config updates (set and unset env variables) #678.

As always, you can run this version of empire with:

$ docker run remind101/empire:0.9.2

Empire v0.9.1

This release contains a number of bug fixes and a few new features.

Documentation

• Updated demo to support private registries other than the official registry #528.
• General updates to documentation.
• Changed ELB health check thresholds in example CloudFormation stack to follow AWS defaults.

Features

• Implemented support for attached one-off commands #568.
• Added support for GitHub Deployments #602.
• Added support for deploying a docker image to a specific app #622.
• Added support for emp info command #619.
• Added pagination support for /apps/{app}/releases endpoint #591.

Bugs

• Fixes a bug that caused containers launched by one-off tasks to stay around if the client disconnected. #589.
• Fixed an issue where deploying an app to an AWS account with no ELB's would cause an infinite loop #623.
• Fixed a bug that prevented scaling a processes memory to more than 1GB #593.

As always, you can run this version of empire with:

$ docker run remind101/empire:0.9.1

Empire Alpha v0.0.1

Merge pull request #4 from remind101/units

Phalanx -> units