Over a million developers have joined DZone.

Rack 0.8: Introspection, Privacy, and Security

Convox released Rack 0.8 with improvements for introspection, privacy, and security. Run convox update && convox rack update to update your CLI and Rack to the latest version.

· Cloud Zone

Build fast, scale big with MongoDB Atlas, a hosted service for the leading NoSQL database on AWS. Try it now! Brought to you in partnership with MongoDB.

Convox released Rack 0.8 with improvements for introspection, privacy, and security. Run convox update && convox rack update to update your CLI and Rack to the latest version.

Introspection

You can now view the EC2 instances that make up your cluster using the convox instances command.

View instances and their stats:

$ convox instances
ID          AGENT  STATUS  STARTED       PS  CPU    MEM
i-f6106245  on     active  23 hours ago  3   0.00%  25.89%
i-f8ae9079  on     active  23 hours ago  0   0.00%  0.00%
i-c5d1624c  on     active  23 hours ago  2   0.00%  16.18%

SSH onto an instance:

$ convox instances ssh i-f6106245

   __|  __|  __|
   _|  (   \__ \   Amazon ECS-Optimized Amazon Linux AMI 2015.09.d
 ____|\___|____/

For documentation visit, http://aws.amazon.com/documentation/ecs
[ec2-user@ip-10-0-3-25 ~]$

Terminate an instance (and have it automatically replaced):

$ convox instances terminate i-f6106245
Successfully sent terminate to instance "i-f6106245"

Processes that are being launched now reflect their pending state:

$ convox ps
ID            NAME     RELEASE      SIZE  STARTED         COMMAND
453258fbdcd4  sidekiq  RICYTPEUKSM  256   54 seconds ago  sh -c bin/sidekiq
[PENDING]     sidekiq  RICYTPEUKSM  256

Rack now monitors its capacity and will notify you if it doesn't have room to place containers. You can also get notifications for deployment events, cluster convergence, and cluster deconvergence. To get these notifications, add Slack on the "Integrations" tab for your Rack in Grid.

Convox logs are now shipped to Amazon CloudWatch inside your AWS account. CloudWatch is a powerful tool that allows you to set up alarms, monitoring dashboards and integrations with other services.

This release also includes improvements to logging structure.

Privacy

Convox now supports private Docker registries. This is useful to customers who want to pull images from places other than Docker Hub as part of their application build.

Options for --vpc-cidr, --subnet*-cidr have been added to the convox install command to provide more control over VPC network setup, making it easier for users to set up VPC peering. This is a community-contributed feature by Chris LeBlanc. Thanks!

Several improvements have been made to Convox's SSL tools, helping you keep your app communicatons private:

  • convox ssl create can now complete intermediate cert chains for you or allow you to upload your own chain.
  • the --self-signed option will auto-generate and apply a self-signed certificate to your app
  • the --secure option allows you to encrypt traffic all the way to your app, rather than having it terminate at the load balancer
  • convox ssl update can hot swap certificates with no downtime

It's now possible to configure your app's processes to use internal load balancers. This means that the ports will only be open to other processes inside the app's VPC. This enables microservice architectures without opening up everything to the Internet. To configure an internal load balancer, only specify the internal port in your `docker-compose.yml. For example, this:

ports:
  - "80"

Instead of:

ports:
  - "80:80"

Security

You can count on Convox to stay current with the latest security threats and to react accordingly. When Amazon released a new AMI for its ECS service instances to address a network security threat, Convox reacted quickly to update the AMI version it uses.

Several small but important security improvements were contributed by Alex Gaynor. Thanks!

Other Notable Changes

  • You can now use the -a option instead of --app to specify an app on the CLI
  • convox deploy now reads .dockerignore and doesn't ship ignored files to the rack API. This dramatically improves build speeds for apps with large ignored files.
  • convox start will now notify you of environment variables that have been declared but have no value set
  • you can use the -f option to specify a filename other than docker-compose.yml to convox start and convox deploy

Now it's easier than ever to get started with MongoDB, the database that allows startups and enterprises alike to rapidly build planet-scale apps. Introducing MongoDB Atlas, the official hosted service for the database on AWS. Try it now! Brought to you in partnership with MongoDB.

Topics:
docker ,containers ,privacy ,security

Published at DZone with permission of David Dollar. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}