Use new Route53 API, implement http retries, improved logging, security ... #2

Merged
merged 1 commit into from Nov 19, 2012

Projects

None yet

2 participants

@raineralves

...and much more.

Full Changelog:

  • Update to newer Route53 API: switch from "2010-10-01" to "2012-02-29"
  • Implement HTTP retries (applies to webserver probe as well as API communication)
  • Switch from wget & lynx to curl, which is more robust and less error-prone.
  • Improve logging on multi-line output (requires GNU awk)
  • Validate AWS credentials once per hour. This ensures our credentials are always working, even if we rarely send an update to Route53.
  • Security: Enforce strict file permission to avoid leaking AWS credentials (detect if script is chmod'ed to 700)
  • Security: Switch from SHA1 to SHA256 when submitting updates to AWS
  • Improve detection of DNS resolution problems
  • Improve AWS signature generation on non-Linux platforms (use 'printf' instead of 'echo', which was causing problems on OSX)
  • "base64" is no longer required (switched to "openssl enc -base64")
  • Improve detection of status changes and avoid sending API updates when not needed (also added a "--force" argument to force an update at any time).
  • Lots of logging improvements: show current production hosts when updating Route53, show how many hosts are up/down/disabled when no update is needed, show http code returned by the API, and more.
  • Initial work on email notifications (see documentation on the "mailNotification" function)
  • Initial work on multi-site probing (see "proberesult" file)
@raineralves raineralves Use new Route53 API, implement http retries, improved logging, securi…
…ty and much more.

Full Changelog:
+ Update to newer Route53 API: switch from "2010-10-01" to "2012-02-29"
+ Implement HTTP retries (applies to webserver probe as well as API communication)
+ Switch from wget & lynx to curl, which is more robust and less error-prone.
+ Improve logging on multi-line output (requires GNU awk)
+ Validate AWS credentials once per hour. This ensures our credentials are always working, even if we rarely send an update to Route53.
+ Security: Enforce strict file permission to avoid leaking AWS credentials (detect if script is chmod'ed to 700)
+ Security: Switch from SHA1 to SHA256 when submitting updates to AWS
+ Improve detection of DNS resolution problems
+ Improve AWS signature generation on non-Linux platforms (use 'printf' instead of 'echo', which was causing problems on OSX)
+ "base64" is no longer required (switched to "openssl enc -base64")
+ Improve detection of status changes and avoid sending API updates when not needed (also added a "--force" argument to force an update at any time).
+ Lots of logging improvements: show current production hosts when updating Route53, show how many hosts are up/down/disabled when no update is needed, show http code returned by the API, and more.
+ Initial work on email notifications (see documentation on the "mailNotification" function)
+ Initial work on multi-site probing (see "proberesult" file)
ba211e4
@ebrandi
Owner
ebrandi commented Nov 19, 2012

Thks for your contribution :)

@ebrandi ebrandi merged commit af7a682 into ebrandi:master Nov 19, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment