Merge pull request #165 from fabfuel/normoes-container-descriptions

Container descriptions cleanup

Author: fabfuel

README.rst

@@ -260,6 +260,82 @@ To change or set the role, the service's task should run as, use the following c
 
 This will set the task role to "MySpecialEcsTaskRole".
 
+
+Set CPU and memory reservation
+==============================
+- Set the `cpu` value for a task definition: :code:`--cpu <container_name> 0`.
+- Set the `memory` value (`hard limit`) for a task definition: :code:`--memory <container_name> 256`.
+- Set the `memoryreservation` value (`soft limit`) for a task definition: :code:`--memoryreservation <container_name> 256`.
+
+Set privileged or essential flags
+=================================
+- Set the `privliged` value for a task definition: :code:`--privileged <container_name> True|False`.
+- Set the `essential` value for a task definition: :code:`--essential <container_name> True|False`.
+
+Set logging configuration
+=========================
+Set the `logConfiguration` values for a task definition::
+
+    --log <container_name> awslogs awslogs-group <log_group_name>
+    --log <container_name> awslogs awslogs-region <region>
+    --log <container_name> awslogs awslogs-stream-prefix <stream_prefix>
+
+
+Set port mapping
+================
+- Set the `port mappings` values for a task definition: :code:`--port <container_name> <container_port> <host_port>`.
+
+  - Supports :code:`--exclusive-ports`.
+  - The `protocol` is fixed to `tcp`.
+
+Set volumes & mount points
+==========================
+- Set the `volumes` values for a task definition :code:`--volume <volume_name> /host/path`.
+
+  - :code:`<volume_name>` can then be used with  :code:`--mount`.
+- Set the `mount points` values for a task definition: :code:`--mount <container_name> <volume_name> /container/path`.
+
+  - Supports :code:`--exclusive-mounts`.
+
+  - :code:`<volume_name>` is the one set by :code:`--volume`.
+- Set the `ulimits` values for a task definition: :code:`--ulimit <container_name> memlock 67108864 67108864`.
+
+  - Supports :code:`--exclusive-ulimits`.
+- Set the `systemControls` values for a task definition: :code:`--system-control <container_name> net.core.somaxconn 511`.
+
+  - Supports :code:`--exclusive-system-controls`.
+- Set the `healthCheck` values for a task definition: :code:`--health-check <container_name> <command> <interval> <timeout> <retries> <start_period>`.
+
+
+Set Health Checks
+=================
+  - Example :code:`--health-check webserver "curl -f http://localhost/alive/" 30 5 3 0`
+
+
+Placeholder Container
+=====================
+- Add placeholder containers: :code:`--add-container <container_name>`.
+- To comply with the minimum requirements for a task definition, a placeholder container is set like this:
+    + The contaienr name is :code:`<container_name>`.
+    + The container image is :code:`PLACEHOLDER`.
+    + The container soft limit is :code:`128`.
+- The idea is to set sensible values with the deployment.
+
+It is possible to add and define a new container with the same deployment::
+
+      --add-container redis --image redis redis:6 --port redis 6379 6379
+
+Remove containers
+=================
+- Containers can be removed: :code:`--remove-container <container_name>`.
+
+  - Leaves the original containers, if all containers would be removed.
+
+
+All but the container flags can be used with `ecs deploy` and `ecs cron`.
+The container flags are used with `ecs deploy` only.
+
+
 Ignore capacity issues
 ======================
 If your cluster is undersized or the service's deployment options are not optimally set, the cluster

ecs_deploy/cli.py

@@ -30,9 +30,20 @@ def get_client(access_key_id, secret_access_key, region, profile):
 @click.option('-t', '--tag', help='Changes the tag for ALL container images')
 @click.option('-i', '--image', type=(str, str), multiple=True, help='Overwrites the image for a container: <container> <image>')
 @click.option('-c', '--command', type=(str, str), multiple=True, help='Overwrites the command in a container: <container> <command>')
+@click.option('-h', '--health-check', type=(str, str, int, int, int, int), multiple=True, help='Overwrites the healthcheck in a container: <container> <command> <interval> <timeout> <retries> <start_period>')
+@click.option('--cpu', type=(str, int), multiple=True, help='Overwrites the cpu value for a container: <container> <cpu>')
+@click.option('--memory', type=(str, int), multiple=True, help='Overwrites the memory value for a container: <container> <memory>')
+@click.option('--memoryreservation', type=(str, int), multiple=True, help='Overwrites the memory reservation value for a container: <container> <memoryreservation>')
+@click.option('--privileged', type=(str, bool), multiple=True, help='Overwrites the privileged value for a container: <container> <privileged>')
+@click.option('--essential', type=(str, bool), multiple=True, help='Overwrites the essential value for a container: <container> <essential>')
 @click.option('-e', '--env', type=(str, str, str), multiple=True, help='Adds or changes an environment variable: <container> <name> <value>')
 @click.option('--env-file', type=(str, str), default=((None, None),), multiple=True, required=False, help='Load environment variables from .env-file')
 @click.option('-s', '--secret', type=(str, str, str), multiple=True, help='Adds or changes a secret environment variable from the AWS Parameter Store (Not available for Fargate): <container> <name> <parameter name>')
+@click.option('-u', '--ulimit', type=(str, str, int, int), multiple=True, help='Adds or changes a ulimit variable in the container description (Not available for Fargate): <container> <ulimit name> <softlimit value> <hardlimit value>')
+@click.option('--system-control', type=(str, str, str), multiple=True, help='Adds or changes a system control variable in the container description (Not available for Fargate): <container> <namespace> <value>')
+@click.option('-p', '--port', type=(str, int, int), multiple=True, help='Adds or changes a port mappings in the container description (Not available for Fargate): <container> <container port value> <host port value>')
+@click.option('-m', '--mount', type=(str, str, str), multiple=True, help='Adds or changes a mount points in the container description (Not available for Fargate): <container> <container port value> <host port value>')
+@click.option('-l', '--log', type=(str, str, str, str), multiple=True, help='Adds or changes a log configuration in the container description (Not available for Fargate): <container> <log driver> <option name> <option value>')
 @click.option('-r', '--role', type=str, help='Sets the task\'s role ARN: <task role ARN>')
 @click.option('-x', '--execution-role', type=str, help='Sets the execution\'s role ARN: <execution role ARN>')
 @click.option('--task', type=str, help='Task definition to be deployed. Can be a task ARN or a task family with optional revision')
@@ -56,7 +67,14 @@ def get_client(access_key_id, secret_access_key, region, profile):
 @click.option('--sleep-time', default=1, type=int, help='Amount of seconds to wait between each check of the service (default: 1)')
 @click.option('--slack-url', required=False, help='Webhook URL of the Slack integration. Can also be defined via environment variable SLACK_URL')
 @click.option('--slack-service-match', default=".*", required=False, help='A regular expression for defining, which services should be notified. (default: .* =all). Can also be defined via environment variable SLACK_SERVICE_MATCH')
-def deploy(cluster, service, tag, image, command, env, env_file, secret, role, execution_role, task, region, access_key_id, secret_access_key, profile, timeout, newrelic_apikey, newrelic_appid, newrelic_region, newrelic_revision, comment, user, ignore_warnings, diff, deregister, rollback, exclusive_env, exclusive_secrets, sleep_time, slack_url, slack_service_match='.*'):
+@click.option('--exclusive-ulimits', is_flag=True, default=False, help='Set the given ulimits exclusively and remove all other pre-existing ulimits from all containers')
+@click.option('--exclusive-system-controls', is_flag=True, default=False, help='Set the given system controls exclusively and remove all other pre-existing system controls from all containers')
+@click.option('--exclusive-ports', is_flag=True, default=False, help='Set the given port mappings exclusively and remove all other pre-existing port mappings from all containers')
+@click.option('--exclusive-mounts', is_flag=True, default=False, help='Set the given mount points exclusively and remove all other pre-existing mount points from all containers')
+@click.option('--volume', type=(str, str), multiple=True, required=False, help='Set volume mapping from host to container in the task definition.')
+@click.option('--add-container', type=str, multiple=True, required=False, help='Add a placeholder container in the task definition.')
+@click.option('--remove-container', type=str, multiple=True, required=False, help='Remove a container from the task definition.')
+def deploy(cluster, service, tag, image, command, health_check, cpu, memory, memoryreservation, privileged, essential, env, env_file, secret, ulimit, system_control, port, mount, log, role, execution_role, task, region, access_key_id, secret_access_key, profile, timeout, newrelic_apikey, newrelic_appid, newrelic_region, newrelic_revision, comment, user, ignore_warnings, diff, deregister, rollback, exclusive_env, exclusive_secrets, sleep_time, exclusive_ulimits, exclusive_system_controls, exclusive_ports, exclusive_mounts, volume, add_container, remove_container, slack_url, slack_service_match='.*'):
     """
     Redeploy or modify a service.
 
@@ -74,12 +92,27 @@ def deploy(cluster, service, tag, image, command, env, env_file, secret, role, e
         deployment = DeployAction(client, cluster, service)
 
         td = get_task_definition(deployment, task)
+        # If there is a new container, add it at frist.
+        td.add_containers(add_container)
+        td.remove_containers(remove_container)
         td.set_images(tag, **{key: value for (key, value) in image})
         td.set_commands(**{key: value for (key, value) in command})
+        td.set_health_checks(health_check)
+        td.set_cpu(**{key: value for (key, value) in cpu})
+        td.set_memory(**{key: value for (key, value) in memory})
+        td.set_memoryreservation(**{key: value for (key, value) in memoryreservation})
+        td.set_privileged(**{key: value for (key, value) in privileged})
+        td.set_essential(**{key: value for (key, value) in essential})
         td.set_environment(env, exclusive_env, env_file)
         td.set_secrets(secret, exclusive_secrets)
+        td.set_ulimits(ulimit, exclusive_ulimits)
+        td.set_system_controls(system_control, exclusive_system_controls)
+        td.set_port_mappings(port, exclusive_ports)
+        td.set_mount_points(mount, exclusive_mounts)
+        td.set_log_configurations(log)
         td.set_role_arn(role)
         td.set_execution_role_arn(execution_role)
+        td.set_volumes(volume)
 
         slack = SlackNotification(
             getenv('SLACK_URL', slack_url),
@@ -133,9 +166,20 @@ def deploy(cluster, service, tag, image, command, env, env_file, secret, role, e
 @click.option('-i', '--image', type=(str, str), multiple=True, help='Overwrites the image for a container: <container> <image>')
 @click.option('-t', '--tag', help='Changes the tag for ALL container images')
 @click.option('-c', '--command', type=(str, str), multiple=True, help='Overwrites the command in a container: <container> <command>')
+@click.option('--cpu', type=(str, int), multiple=True, help='Overwrites the cpu value for a container: <container> <cpu>')
+@click.option('--memory', type=(str, int), multiple=True, help='Overwrites the memory value for a container: <container> <memory>')
+@click.option('--memoryreservation', type=(str, int), multiple=True, help='Overwrites the memory reservation value for a container: <container> <memoryreservation>')
+@click.option('--privileged', type=(str, bool), multiple=True, help='Overwrites the memory reservation value for a container: <container> <memoryreservation>')
 @click.option('-e', '--env', type=(str, str, str), multiple=True, help='Adds or changes an environment variable: <container> <name> <value>')
+@click.option('-s', '--secret', type=(str, str, str), multiple=True, help='Adds or changes a secret environment variable from the AWS Parameter Store (Not available for Fargate): <container> <name> <parameter name>')
+@click.option('-u', '--ulimit', type=(str, str, int, int), multiple=True, help='Adds or changes a ulimit variable in the container description (Not available for Fargate): <container> <ulimit name> <softlimit value> <hardlimit value>')
+@click.option('--system-control', type=(str, str, str), multiple=True, help='Adds or changes a system control variable in the container description (Not available for Fargate): <container> <namespace> <value>')
+@click.option('-p', '--port', type=(str, int, int), multiple=True, help='Adds or changes a port mappings in the container description (Not available for Fargate): <container> <container port value> <host port value>')
+@click.option('-m', '--mount', type=(str, str, str), multiple=True, help='Adds or changes a mount points in the container description (Not available for Fargate): <container> <container port value> <host port value>')
+@click.option('-l', '--log', type=(str, str, str, str), multiple=True, help='Adds or changes a log configuration in the container description (Not available for Fargate): <container> <log driver> <option name> <option value>')
 @click.option('--env-file', type=(str, str), default=((None, None),), multiple=True, required=False, help='Load environment variables from .env-file')
 @click.option('-r', '--role', type=str, help='Sets the task\'s role ARN: <task role ARN>')
+@click.option('-x', '--execution-role', type=str, help='Sets the execution\'s role ARN: <execution role ARN>')
 @click.option('--region', help='AWS region (e.g. eu-central-1)')
 @click.option('--access-key-id', help='AWS access key id')
 @click.option('--secret-access-key', help='AWS secret access key')
@@ -150,9 +194,15 @@ def deploy(cluster, service, tag, image, command, env, env_file, secret, role, e
 @click.option('--deregister/--no-deregister', default=True, help='Deregister or keep the old task definition (default: --deregister)')
 @click.option('--rollback/--no-rollback', default=False, help='Rollback to previous revision, if deployment failed (default: --no-rollback)')
 @click.option('--exclusive-env', is_flag=True, default=False, help='Set the given environment variables exclusively and remove all other pre-existing env variables from all containers')
+@click.option('--exclusive-secrets', is_flag=True, default=False, help='Set the given secrets exclusively and remove all other pre-existing secrets from all containers')
 @click.option('--slack-url', required=False, help='Webhook URL of the Slack integration. Can also be defined via environment variable SLACK_URL')
 @click.option('--slack-service-match', default=".*", required=False, help='A regular expression for defining, deployments of which crons should be notified. (default: .* =all). Can also be defined via environment variable SLACK_SERVICE_MATCH')
-def cron(cluster, task, rule, image, tag, command, env, env_file, role, region, access_key_id, secret_access_key, newrelic_apikey, newrelic_appid, newrelic_region, newrelic_revision, comment, user, profile, diff, deregister, rollback, exclusive_env, slack_url, slack_service_match):
+@click.option('--exclusive-ulimits', is_flag=True, default=False, help='Set the given ulimits exclusively and remove all other pre-existing ulimits from all containers')
+@click.option('--exclusive-system-controls', is_flag=True, default=False, help='Set the given system controls exclusively and remove all other pre-existing system controls from all containers')
+@click.option('--exclusive-ports', is_flag=True, default=False, help='Set the given port mappings exclusively and remove all other pre-existing port mappings from all containers')
+@click.option('--exclusive-mounts', is_flag=True, default=False, help='Set the given mount points exclusively and remove all other pre-existing mount points from all containers')
+@click.option('--volume', type=(str, str), multiple=True, required=False, help='Set volume mapping from host to container in the task definition.')
+def cron(cluster, task, rule, image, tag, command, cpu, memory, memoryreservation, privileged, env, env_file, secret, ulimit, system_control, port, mount, log, role, execution_role, region, access_key_id, secret_access_key, newrelic_apikey, newrelic_appid, newrelic_region, newrelic_revision, comment, user, profile, diff, deregister, rollback, exclusive_env, exclusive_secrets, slack_url, slack_service_match, exclusive_ulimits, exclusive_system_controls, exclusive_ports, exclusive_mounts, volume):
     """
     Update a scheduled task.
 
@@ -170,8 +220,20 @@ def cron(cluster, task, rule, image, tag, command, env, env_file, role, region,
 
         td.set_images(tag, **{key: value for (key, value) in image})
         td.set_commands(**{key: value for (key, value) in command})
+        td.set_cpu(**{key: value for (key, value) in cpu})
+        td.set_memory(**{key: value for (key, value) in memory})
+        td.set_memoryreservation(**{key: value for (key, value) in memoryreservation})
+        td.set_privileged(**{key: value for (key, value) in privileged})
         td.set_environment(env, exclusive_env, env_file)
+        td.set_secrets(secret, exclusive_secrets)
+        td.set_ulimits(ulimit, exclusive_ulimits)
+        td.set_system_controls(system_control, exclusive_system_controls)
+        td.set_port_mappings(port, exclusive_ports)
+        td.set_mount_points(mount, exclusive_mounts)
+        td.set_log_configurations(log)
         td.set_role_arn(role)
+        td.set_execution_role_arn(execution_role)
+        td.set_volumes(volume)
 
         slack = SlackNotification(
             getenv('SLACK_URL', slack_url),
@@ -555,22 +617,21 @@ def print_diff(task_definition, title='Updating task definition'):
 def inspect_errors(service, failure_message, ignore_warnings, since, timeout):
     error = False
     last_error_timestamp = since
-
     warnings = service.get_warnings(since)
     for timestamp in warnings:
         message = warnings[timestamp]
         click.secho('')
         if ignore_warnings:
             last_error_timestamp = timestamp
             click.secho(
-                text='%s\nWARNING: %s' % (timestamp, message),
+                '%s\nWARNING: %s' % (timestamp, message),
                 fg='yellow',
                 err=False
             )
             click.secho('Continuing.', nl=False)
         else:
             click.secho(
-                text='%s\nERROR: %s\n' % (timestamp, message),
+                '%s\nERROR: %s\n' % (timestamp, message),
                 fg='red',
                 err=True
             )