porter is semantically versioned
- fix regex validation which didn't support longer resource IDs
- revert Go 1.10.3 to 1.8.7 which appears to fix hooks from being ran as noops
- added support for build args in the builder container
- build porter with Go 1.10.3
- build porter with Go 1.10.1
- regex matching on region names and instance types instead of whitelist
- build porter with Go 1.9.2
- default to
--pids-limit=4096
- HAProxy
maxconnis configurable - fixed issue where
maxconnwasn't set on the frontend
- enabling fix for volume mounts on SELinux by setting the environment variable
VOLUME_FLAG
- allow selinux hosts to share the mounted volumes with the containers.
- allow ap-south-1 region
- replace deprecated sysctl setting
- HAProxy
timeout clientis configurable - HAProxy
timeout serveris configurable - HAProxy
timeout tunnelis configurable - HAProxy
timeout http-requestis configurable - HAProxy
timeout http-keep-aliveis configurable
- build porter with Go 1.8.1
- optional ELB
- host-level SSL support
- added opt-in HAProxy compression
- added configurable list of MIME types to compress
- HAProxy logs can be turned off
- disabled userland proxy
- tuned network buffers
- added
c4.*,r4.*, andx1.*instance types - updated
m4.*andt2.*instance types - removed
g2.*,i2.*, andd2.*instance types
- HAProxy stats endpoint auth is now randomized
- re-enabled keep-alive between HAProxy and containers
- build porter with Go 1.8
- added STANDARD_IA to secrets and CFN template uploads
- ASG size matching only occurs when
hot_swap: true
- configurable instance count per region
- extended infrastructure ttl to a week
- fix type assertion for sg-ids that are statically defined
- failed stacks now delete instead of rollback
- lock down ASG egress traffic to allow by default NTP, DNS, HTTP, and HTTPS
- configurable haproxy header capture for logging
- service payloads were not encrypted as the docs said they were
- increased devicemapper base size to 50GB
- add
autowire_security_groupsso security group management can be turned off
- fixed issue with region-concurrent cleanup of service payload
- fixed possible issues with false-positive command success
- add
CREATE_IN_PROGRESSto list of statuses that ignore ASG size - add
DELETE_IN_PROGRESSto list of statuses that ignore ASG size - add
ROLLBACK_IN_PROGRESSto list of statuses that ignore ASG size
- additional UPDATE steady states allow ASG matching
- any UPDATE in progress state causes hot swap to fail
- build porter with Go 1.7.3
- match currently promoted stack's ASG size for provisioning and hot swap
- allow 10 mins for service payload download+install during hot swap
- check for egress rules before writing
SecurityGroupEgress
- updated to Amazon Linux 2016.09
- use Standard - Infrequent Access for service payload
- hot swap code on existing infrastructure
- kernel tuning allowing more concurrent connections
- added pre and post hotswap hooks
- fixed v2.4.3 issue that could create false-positives in
porter buildsteps net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 1- added
cloudformation:DescribeStackResourcesto deployment policy - added
elasticloadbalancing:DescribeTagsto deployment policy - added
sqs:CreateQueueto deployment policy - added
sqs:DeleteQueueto deployment policy - added
sqs:GetQueueAttributesto deployment policy - added
sqs:GetQueueUrlto deployment policy - added
sqs:ReceiveMessageto deployment policy - added
sqs:SendMessageto ASG inline policy
- reject config files with
run_conditionset in a pre hook - run post hooks with
run_conditionset tofailwhen a pre hook fails
- fix missing or incomplete hook logs
- gather hook log output by hook since they run concurrently
- added retries to instance autoregistration
- gather hook log output by region since they run concurrently
- log colorization is off by default
- run hooks concurrently across regions
- hook
run_condition
- more resiliency for service payload downloads
- switch to sha-256 and validate service payload integrity
- extend container secret management to the host with
porter_get_secrets - fix support for running arbitrary user defined hooks
- run docker with
--security-opt=no-new-privileges - support docker registries as an alternative to S3
- support auto scaling group egress whitelist
- deprecated
dst_env_file - added
sse_kms_key_idfor optional SSE-KMS on all porter uploads
- increase logrotate size from 10M to 100M
- fix ec2-bootstrap hook clone for multi-region deployment
- configurable
-xin/var/log/cloud-init-output.log - service payload path is relative to support non-root volume
topology: workernow supported- configurable
read_only: falseto disabledocker run --read-only
- improved secrets handling in transit
- enabled pluggable secrets provider
- locked down CloudFormation and S3 API call scopes to the resources needed
- service payload for S3 is now
{service name}/{environment}/{short sha} - add LOG_DEBUG environment variable for debug logging
- updated Amazon Linux AMI to 2016.03
- updated Docker to 1.11.2
- fixed config validation failure producing a false positive of success
- improved hook environment variable injection to match Docker Compose
- got rid of hardcoded
.porter/hooks/and made path to hooks configurable - tweaked config validation so config can be created dynamically in pre_pack
- enabled deployment hooks to run concurrently
- CIS Docker benchmark 1.11.0 remediations (2.13, 5.12, 5.14)
- CIS Linux 2014.09 benchmark remediation 9.2.13
- CloudFormation templates are now uploaded to S3 to avoid the 51,200 byte limit
- S3 keys are scoped under
porter-deploymentandporter-template
- run the container as root (configurable with uid) to fix breaking change
- run the container as a non-root user by default (configurable with uid)
- add retries to one more DescribeStackResource
- add an adjustable stack status polling frequency, see
porter debug help
- add retries to DescribeStackResource
- update aws sdk to v1.1.36
- Fixed security group on ELB for SSL in VPC