[20190128190529] Additional Rack Parameters

This release adds new new Rack parameters:

AvailabilityZones allows you to specify which AZs your Rack will use. Please note that changing these on an already-installed Rack will require updating your Subnet CIDRs at the same time since two subnets can not exist with the same CIDR simultaneously.

InstancePolicy is the ARN of a custom IAM policy to add to the instance roles. This can be helpful if you need to install additional agents, et al at the instance level.

@ddollar I’m interested in using the AvailabilityZones feature, but I’m unclear what is needed around “updating your Subnet CIDRs”. Can you give some extra detail?

Two subnets can not exist on the same VPC with the same CIDR. Because CloudFormation creates new resources then deletes old ones, if you change AvailabilityZones you will need to choose a new CIDR for that AZ for the update.

For example, if you update the third AZ in your AvailabilityZones parameter you will need to choose new, non-conflicting value(s) for Subnet2CIDR (and SubnetPrivate2CIDR if you are in Private=Yes mode)

Once the update completes, you will need to re-deploy any Generation 1 applications on your Rack. Please be very careful with this update because if it rolls back it can leave your app in a broken state (the old subnets will not be there for it to roll back to)

So if I understand correctly, if I want to swap out a specific AZ, I need to know the CIDR that subnet is using currently.

AvailabilityZones            us-east-1c,us-east-1e,us-east-1a
Private                      No

In my case I want to get rid of us-east-1e, because it doesn’t support t3. Looking at my ECS cluster in the AWS Console, I can tell that 3 of my nodes are in 1e and three of them also happen to be on the 10.0.2 subnet, so Subnet1CIDR. Does the AZ order match the Subnet0-2 order?

So, I think then my command would be:
convox rack params set AvailablityZones=us-east-1c,us-east-1b,us-east-1a Subnet1CIDR=

Is that right?

Yes, that’s all right, unless your Rack is in Private mode in which case that would conflict with one of the private subnets.

Ok, thanks. Currently I’m trying to figure out if t3 and us-east-1e are still incompatible… This might be a moot point for me.


Is this release ready for production?
I just created a rack, and this version was picked-up.