Closed
Bug 1110901
Opened 10 years ago
Closed 10 years ago
Given a destination DNS entry, setup healthcheck based sendto.mozilla.org DNS
Categories
(Infrastructure & Operations Graveyard :: WebOps: Other, task)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: johns, Assigned: gozer)
References
Details
(Whiteboard: [kanban:webops:https://kanbanize.com/ctrl_board/4/1966] )
For End-of-year fundraising, we're building a failover system of if/when BSD goes down.
OUr plan is to use healthcheck based DNS, discussed with Gozer, to hand out either the BSD cname / address while they are up, or a Cloudfronted distribution hosted on mofosecure if BSD is down.
https://dl.dropboxusercontent.com/u/2273146/BSD%20Fundraising%20Failover.jpg
Actions yet to take:
1) JP to setup the infra on mofosecure
2) JP to apply a resource CNAME to the cloudfront distro
3) JP to add sendto.mozilla.org to the accepted hosts on distro
4) JP to add the SSL cert, for all clients (not just SNI), to the distro endpoints
5) JP to update this bug with the desired destination CNAME for downtime situations
6) JP to specify endpoint url to test for healthcheck
7) Gozer to setup healthcheck and associated DNS records
Reporter | ||
Comment 1•10 years ago
|
||
1) JP to setup the infra on mofosecure (COMPLETE)
2) JP to apply a resource CNAME to the cloudfront distro (COMPLETE) (d94ya7facqszn.cloudfront.net)
3) JP to add sendto.mozilla.org to the accepted hosts on distro (COMPLETE)
4) JP to add the SSL cert, for all clients (not just SNI), to the distro endpoints (PENDING)
5) JP to update this bug with the desired destination CNAME for downtime situations (COMPLETE) (d94ya7facqszn.cloudfront.net)
6) JP to specify endpoint url to test for healthcheck (COMPLETED, see below)
7) Gozer to setup healthcheck and associated DNS records (READY)
So, this curl does the healthcheck. Can you pass host headers along with it?
curl -H "HOST: sendto.mozilla.org" https://mozilla.sanssl-010.bsdtools.com/page/contribute/givenow-seq
Otherwise, I'm wondering how we know to fail back.
Flags: needinfo?(gozer)
Assignee | ||
Updated•10 years ago
|
Assignee: server-ops-webops → gozer
Flags: needinfo?(gozer)
Assignee | ||
Comment 2•10 years ago
|
||
The CNAME for this failover service is :
sendto.dynect.mozilla.net
And it's currently up and monitoring:
https://mozilla.sanssl-010.bsdtools.com/page/contribute/givenow-seq
Host: sendto.mozilla.org
for a 200 OK response.
On failure, it will return:
d94ya7facqszn.cloudfront.net
Checks are done every 60 seconds, TTL is 30 secs ( the minimums )
Assignee | ||
Comment 3•10 years ago
|
||
7) Gozer to setup healthcheck and associated DNS records (COMPLETED)
And to go live, we are just missing:
8) update sendto.mozilla.org to be a CNAME for sendto.dynect.mozilla.net
Reporter | ||
Comment 4•10 years ago
|
||
Gozer:
Can we please do a test of this by intentionally borking the healthcheck url to say.....bendto.mozilla.org instead of sendto.mozilla.org ?
It'd be cool to coordinate when, so we could time dns prop and be super confident in our timings for a real failover.
Flags: needinfo?(gozer)
Assignee | ||
Comment 5•10 years ago
|
||
(In reply to JP Schneider :jp from comment #4)
> Gozer:
> Can we please do a test of this by intentionally borking the healthcheck url
> to say.....bendto.mozilla.org instead of sendto.mozilla.org ?
Since we are not using sendto.dynect.mozilla.net, it should be perfectly fine to break the health-check on purpose anytime you want.
> It'd be cool to coordinate when, so we could time dns prop and be super
> confident in our timings for a real failover.
Flags: needinfo?(gozer)
Reporter | ||
Comment 6•10 years ago
|
||
Huzzah, testing worked!
Thu Dec 18 11:26:29 CST 2014
Server: 75.75.75.75
Address: 75.75.75.75#53
Non-authoritative answer:
sendto.dynect.mozilla.net canonical name = mozilla.sanssl-010.bsdtools.com.
mozilla.sanssl-010.bsdtools.com canonical name = sendto.mozilla.org.cdn.bsd.net.
sendto.mozilla.org.cdn.bsd.net canonical name = sanssl-010.bsdtools.com.edgekey.net.
sanssl-010.bsdtools.com.edgekey.net canonical name = e10427.g.akamaiedge.net.
Name: e10427.g.akamaiedge.net
Address: 23.194.137.234
Thu Dec 18 11:26:30 CST 2014
Server: 75.75.75.75
Address: 75.75.75.75#53
Non-authoritative answer:
sendto.dynect.mozilla.net canonical name = mozilla.sanssl-010.bsdtools.com.
mozilla.sanssl-010.bsdtools.com canonical name = sendto.mozilla.org.cdn.bsd.net.
sendto.mozilla.org.cdn.bsd.net canonical name = sanssl-010.bsdtools.com.edgekey.net.
sanssl-010.bsdtools.com.edgekey.net canonical name = e10427.g.akamaiedge.net.
Name: e10427.g.akamaiedge.net
Address: 23.193.164.101
Thu Dec 18 11:26:31 CST 2014
Server: 75.75.75.75
Address: 75.75.75.75#53
Non-authoritative answer:
sendto.dynect.mozilla.net canonical name = mozilla.sanssl-010.bsdtools.com.
mozilla.sanssl-010.bsdtools.com canonical name = sendto.mozilla.org.cdn.bsd.net.
sendto.mozilla.org.cdn.bsd.net canonical name = sanssl-010.bsdtools.com.edgekey.net.
sanssl-010.bsdtools.com.edgekey.net canonical name = e10427.g.akamaiedge.net.
Name: e10427.g.akamaiedge.net
Address: 23.193.164.101
Thu Dec 18 11:26:32 CST 2014
Server: 75.75.75.75
Address: 75.75.75.75#53
Non-authoritative answer:
sendto.dynect.mozilla.net canonical name = mozilla.sanssl-010.bsdtools.com.
mozilla.sanssl-010.bsdtools.com canonical name = sendto.mozilla.org.cdn.bsd.net.
sendto.mozilla.org.cdn.bsd.net canonical name = sanssl-010.bsdtools.com.edgekey.net.
sanssl-010.bsdtools.com.edgekey.net canonical name = e10427.g.akamaiedge.net.
Name: e10427.g.akamaiedge.net
Address: 23.197.26.220
Thu Dec 18 11:26:33 CST 2014
Server: 75.75.75.75
Address: 75.75.75.75#53
Non-authoritative answer:
sendto.dynect.mozilla.net canonical name = mozilla.sanssl-010.bsdtools.com.
mozilla.sanssl-010.bsdtools.com canonical name = sendto.mozilla.org.cdn.bsd.net.
sendto.mozilla.org.cdn.bsd.net canonical name = sanssl-010.bsdtools.com.edgekey.net.
sanssl-010.bsdtools.com.edgekey.net canonical name = e10427.g.akamaiedge.net.
Name: e10427.g.akamaiedge.net
Address: 23.197.26.220
Thu Dec 18 11:26:34 CST 2014
Server: 75.75.76.76
Address: 75.75.76.76#53
Non-authoritative answer:
sendto.dynect.mozilla.net canonical name = mozilla.sanssl-010.bsdtools.com.
mozilla.sanssl-010.bsdtools.com canonical name = sendto.mozilla.org.cdn.bsd.net.
sendto.mozilla.org.cdn.bsd.net canonical name = sanssl-010.bsdtools.com.edgekey.net.
sanssl-010.bsdtools.com.edgekey.net canonical name = e10427.g.akamaiedge.net.
Name: e10427.g.akamaiedge.net
Address: 23.193.164.101
Thu Dec 18 11:26:36 CST 2014
Server: 75.75.75.75
Address: 75.75.75.75#53
Non-authoritative answer:
sendto.dynect.mozilla.net canonical name = mozilla.sanssl-010.bsdtools.com.
mozilla.sanssl-010.bsdtools.com canonical name = sendto.mozilla.org.cdn.bsd.net.
sendto.mozilla.org.cdn.bsd.net canonical name = sanssl-010.bsdtools.com.edgekey.net.
sanssl-010.bsdtools.com.edgekey.net canonical name = e10427.g.akamaiedge.net.
Name: e10427.g.akamaiedge.net
Address: 23.197.26.220
Thu Dec 18 11:26:37 CST 2014
Server: 75.75.75.75
Address: 75.75.75.75#53
Non-authoritative answer:
sendto.dynect.mozilla.net canonical name = mozilla.sanssl-010.bsdtools.com.
mozilla.sanssl-010.bsdtools.com canonical name = sendto.mozilla.org.cdn.bsd.net.
sendto.mozilla.org.cdn.bsd.net canonical name = sanssl-010.bsdtools.com.edgekey.net.
sanssl-010.bsdtools.com.edgekey.net canonical name = e10427.g.akamaiedge.net.
Name: e10427.g.akamaiedge.net
Address: 23.197.26.220
Thu Dec 18 11:26:38 CST 2014
Server: 75.75.75.75
Address: 75.75.75.75#53
Non-authoritative answer:
sendto.dynect.mozilla.net canonical name = mozilla.sanssl-010.bsdtools.com.
mozilla.sanssl-010.bsdtools.com canonical name = sendto.mozilla.org.cdn.bsd.net.
sendto.mozilla.org.cdn.bsd.net canonical name = sanssl-010.bsdtools.com.edgekey.net.
sanssl-010.bsdtools.com.edgekey.net canonical name = e10427.g.akamaiedge.net.
Name: e10427.g.akamaiedge.net
Address: 23.193.164.101
Thu Dec 18 11:26:39 CST 2014
Server: 75.75.75.75
Address: 75.75.75.75#53
Non-authoritative answer:
sendto.dynect.mozilla.net canonical name = d94ya7facqszn.cloudfront.net.
Name: d94ya7facqszn.cloudfront.net
Address: 54.230.90.93
Name: d94ya7facqszn.cloudfront.net
Address: 54.230.91.70
Name: d94ya7facqszn.cloudfront.net
Address: 54.192.91.122
Name: d94ya7facqszn.cloudfront.net
Address: 54.192.91.149
Name: d94ya7facqszn.cloudfront.net
Address: 54.230.90.22
Name: d94ya7facqszn.cloudfront.net
Address: 54.192.91.92
Name: d94ya7facqszn.cloudfront.net
Address: 54.230.91.49
Name: d94ya7facqszn.cloudfront.net
Address: 54.230.90.109
Thu Dec 18 11:26:41 CST 2014
Server: 75.75.75.75
Address: 75.75.75.75#53
Many thanks for the help Gozer!
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 7•10 years ago
|
||
We can go ahead and flip main DNS good sir Gozer!
Thanks!
Status: RESOLVED → REOPENED
Flags: needinfo?(gozer)
Resolution: FIXED → ---
Assignee | ||
Updated•10 years ago
|
Status: REOPENED → RESOLVED
Closed: 10 years ago → 10 years ago
Resolution: --- → FIXED
Updated•6 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•