What is happening?
As of June 28th 2023 Environments running on the Stable-v1 and Stable-v2 stacks will cease to fully function. Applications running on these stacks are required to move to new Environments running newer stack versions before this date in order to remain functional.
Why is this happening?
This is due to the Engine Yard Environment running an outdated Stack version. An Engine Yard Environment here is defined as one or more linked servers (AKA instances) serving the same application(s), and the Stack version as the software running on those servers, including the operating system and supported versions of Ruby, database engines and other application related components. The Stable-v1 and Stable-v2 stacks are based on an OS from 2009 and as such are running outdated technologies for which support and compatibility have been decreasing for a number of years. In November 2017 we officially announced the End-of-Life of these Stacks and have encouraged customers to move away from them with the understanding that eventually they would cease to function completely.
Unfortunately that day has now come, with AWS removing support for TLS versions lower than 1.2 on some of their services utilized by Engine Yard. TLS (Transport Layer Security) is a cryptographic protocol that ensures the security of data sent over the internet through encryption, and these EOL Stacks come packaged with versions of TLS lower than 1.2, which are being deprecated due their age and the increasing number of vulnerabilities being discovered and exploited within them. The majority of Internet related services requiring traffic encryption have or are removing support for old TLS versions, leading to other issues with running on these EOL stacks such as application repository access at GitHub for deployments, and HTTPS access via web browsers to the hosted applications.
Engine Yard makes use of AWS S3 for storing the Chef recipes that are used to configure the instances, as well as for the storage of the application database dump backups taken in the environments. AWS S3 will enforce TLS 1.2 on connections, meaning that instances will no longer be able to communicate with S3 for either of these purposes. Instances and their hosted applications will continue to run, but without being able to complete the configuration Apply runs instances will fail when they are rebooted or replaced, irreversibly taking the application offline. The lack of dump backups means customers would no longer be able to restore database backups in the case of corrupted or lost data.
Amazon has set a deadline for the removal of older TLS versions of June 28th 2023.
After this removal Engine Yard can no longer offer any support on Environments running the Stable-v1 and Stable-v2 stacks and any Environments impacted by these changes will be irreparable and the applications sooner or later become permanently unavailable.
What needs to be done?
In order to avoid these issues it is required that Stable-v1 and Stable-v2 Environments are migrated to newer Stack versions, which utilize the newer TLS version. This process must be completed before the 28th June deadline, as if applications are not migrated to new Environments before the Environments become non-functional the applications will become permanently unavailable, so must be completed in order to maintain application availability.
The process of upgrading the Stack version requires the creation of a new Environment running new instances and the deployment of the application to it. These newer Stacks are limited to supporting newer Ruby versions, so in most cases a Stack upgrade will require application changes.
Engine Yard can assist in such migrations as either a paid Professional Services engagement or as a part of our Platinum Support offering. To discuss in more detail the required Environment Migration process with our Support Team, or if you are interested in engaging with us on a managed Environment Migration please open a new support ticket.
Please do this as soon as possible in order to provide the most time before the deadline for a migration to be undertaken.
Please sign in to leave a comment.