Page MenuHomePhabricator
Create Task
Maniphest T273716

Improve Alertmanager/LibreNMS notifications
Open, MediumPublic
Actions

Description

Some feedback after using Alert Manager as transport for LibreNMS:

When ACKing an alert in LibreNMS, Alert Manager sends an email titled:

[FIRING:1] Access port utilisation over 80% for 1h global (asw2-b-eqiad.mgmt.eqiad.wmnet warning librenms netops)

And only at the very bottom it says:

title = Alert for device asw2-b-eqiad.mgmt.eqiad.wmnet - Access port utilisation over 80% for 1h got acknowledged

Same for IRC alerts:

jinxer-wm> (Access port utilisation over 80% for 1h) firing: Access port utilisation over 80% for 1h - https://alerts.wikimedia.org

Which is confusing as it's an ACK.

LibreNMS IRC bot had colors, but not the Alert Manager one, that's a major regression.

In the email body, all the LibreNMS details are crammed into the "Annotations" section, with no new lines, which make it difficult to parse.
The content is also duplicated. For example:

alertname = Access port utilisation over 80% for 1h
Rule: Access port utilisation over 80% for 1h
summary = Access port utilisation over 80% for 1h
instance = asw2-b-eqiad.mgmt.eqiad.wmnet
Device Name: asw2-b-eqiad.mgmt.eqiad.wmnet

The email title says [FIRING:1], not sure if it's needed or what the :1 means.

[FIRING:1] Inbound interface errors global (asw2-b-eqiad.mgmt.eqiad.wmnet warning librenms netops)

No need for the severity, scope or team in the email title, that's precious real-estate
Something like:

[Alert] asw2-b-eqiad.mgmt.eqiad.wmnet: Inbound interface errors

is more clear.

The "source" link is broken, it links to, for example "http://device/device=175"

Details

SubjectRepoBranchLines +/-
Add 'timestamp' annotation to AM alertsoperations/software/librenmsupstream-21.4.0+1 -0
Use device's 'alerts' page as Alertmanager 'source' linkoperations/software/librenmsupstream-21.4.0+1 -1
Use 'title' as Alertmanager summaryoperations/software/librenmsupstream-21.4.0+1 -2
alertmanager: define IRC and page routes for sre teamoperations/puppetproduction+9 -0
alertmanager: cc -operations on IRC for all SRE pagesoperations/puppetproduction+2 -0
Add 'timestamp' annotation to AM alertsoperations/software/librenmsupstream-1.66+1 -0
Use 'title' as Alertmanager summaryoperations/software/librenmsupstream-1.66+1 -2
Use device's 'alerts' page as Alertmanager 'source' linkoperations/software/librenmsupstream-1.66+1 -1
librenms: add base_url settingoperations/puppetproduction+1 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

ayounsi triaged this task as Medium priority.Feb 3 2021, 9:41 AM
ayounsi created this task.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 3 2021, 9:41 AM
Volans awarded a token.Feb 3 2021, 11:22 AM
ayounsi updated the task description. (Show Details)Feb 3 2021, 11:22 AM
fgiunchedi renamed this task from Improve alertmanager notifications to Improve Alertmanager/LibreNMS notifications.Feb 8 2021, 4:13 PM
fgiunchedi moved this task from Inbox to Backlog on the observability board.Feb 8 2021, 4:15 PM
ayounsi updated the task description. (Show Details)Feb 15 2021, 7:18 AM
ayounsi added a comment.Feb 27 2021, 8:05 AM

Another one:

<+jinxer-wm> (Processor usage over 85%) firing: Processor usage over 85% - https://alerts.wikimedia.org
04:58 (Processor usage over 85%) resolved: Processor usage over 85% - https://alerts.wikimedia.org

Doesn't say which host it's for.

fgiunchedi added a comment.Mar 24 2021, 11:00 AM

Thank you for the feedback! Unfortunately I think addressing some of the feedback will need a librenms patch

(To that end I've also started to package librenms as a Debian package, since I think it is more practical and we don't really need scap anymore).

To address pressing concerns:

In T273716#6866507, @ayounsi wrote:

Another one:

<+jinxer-wm> (Processor usage over 85%) firing: Processor usage over 85% - https://alerts.wikimedia.org
04:58 (Processor usage over 85%) resolved: Processor usage over 85% - https://alerts.wikimedia.org

Doesn't say which host it's for.

Agreed the host must be in there, I see two ways of achieving this:

  1. patch librenms to always append the hostname to the alert summary
  2. patch librenms to use the alert's title for summary, afaict the title always contains the hostname and can be changed from the web interface. in the example above the title is Alert for device cr1-codfw.wikimedia.org - Primary outbound port utilisation over 80% #page

When ACKing an alert in LibreNMS, Alert Manager sends an email titled:

[FIRING:1] Access port utilisation over 80% for 1h global (asw2-b-eqiad.mgmt.eqiad.wmnet warning librenms netops)

And only at the very bottom it says:

title = Alert for device asw2-b-eqiad.mgmt.eqiad.wmnet - Access port utilisation over 80% for 1h got acknowledged

Same for IRC alerts:

jinxer-wm> (Access port utilisation over 80% for 1h) firing: Access port utilisation over 80% for 1h - https://alerts.wikimedia.org

Which is confusing as it's an ACK.

Agreed, the acks should come from alertmanager / alerts.wikimedia.org itself, IOW alertmanager doesn't expect clients to be ack'ing alerts

LibreNMS IRC bot had colors, but not the Alert Manager one, that's a major regression.

I think the only way we can possibly address this is by putting back the librenms irc bot, and stop sending irc notifications via AM's irc bot, which I'd rather avoid unless absolutely necessary.

In the email body, all the LibreNMS details are crammed into the "Annotations" section, with no new lines, which make it difficult to parse.
The content is also duplicated. For example:

alertname = Access port utilisation over 80% for 1h
Rule: Access port utilisation over 80% for 1h
summary = Access port utilisation over 80% for 1h
instance = asw2-b-eqiad.mgmt.eqiad.wmnet
Device Name: asw2-b-eqiad.mgmt.eqiad.wmnet

Yeah that's quite unreadable, from my understanding and code reading this has to do with the formatting of the alert template plus the alertmanager transport formatting the message. We'll need to look into it as well.

The email title says [FIRING:1], not sure if it's needed or what the :1 means.

FIRING is the alert state (as opposed to RESOLVED) and :1 is how many alerts have been grouped together

[FIRING:1] Inbound interface errors global (asw2-b-eqiad.mgmt.eqiad.wmnet warning librenms netops)

No need for the severity, scope or team in the email title, that's precious real-estate
Something like:

[Alert] asw2-b-eqiad.mgmt.eqiad.wmnet: Inbound interface errors

is more clear.

Agreed, for this the fix could be the same as the IRC message I think (namely changing the summary to the alert's librenms title e.g. Alert for device asw2-a-eqiad.mgmt.eqiad.wmnet - Inbound interface errors

The "source" link is broken, it links to, for example "http://device/device=175"

Indeed, this is an unset base_url librenms configuration which I'll need to look into.

gerritbot added a comment.Mar 26 2021, 8:20 AM

Change 675075 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):
[operations/software/librenms@upstream-1.66] Use 'title' as Alertmanager summary

https://gerrit.wikimedia.org/r/675075

gerritbot added a project: Patch-For-Review.Mar 26 2021, 8:20 AM
gerritbot added a comment.Mar 26 2021, 8:32 AM

Change 675076 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):
[operations/puppet@production] librenms: add base_url setting

https://gerrit.wikimedia.org/r/675076

gerritbot added a comment.Mar 26 2021, 9:15 AM

Change 675076 merged by Filippo Giunchedi:
[operations/puppet@production] librenms: add base_url setting

https://gerrit.wikimedia.org/r/675076

ayounsi added a comment.Mar 26 2021, 9:27 AM

Note that I also edited the current LibreNMS alert templates to remove useless (or duplicated info).

One thing I find weird is that the AM emails don't include a timestamp, the only one present comes from LibreNMS.

gerritbot added a comment.Mar 26 2021, 9:29 AM

Change 675075 merged by Filippo Giunchedi:
[operations/software/librenms@upstream-1.66] Use 'title' as Alertmanager summary

https://gerrit.wikimedia.org/r/675075

gerritbot added a comment.Mar 26 2021, 9:37 AM

Change 675097 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):
[operations/software/librenms@upstream-1.66] Use device's 'alerts' page as Alertmanager 'source' link

https://gerrit.wikimedia.org/r/675097

gerritbot added a comment.Mar 26 2021, 9:49 AM

Change 675097 merged by Filippo Giunchedi:
[operations/software/librenms@upstream-1.66] Use device's 'alerts' page as Alertmanager 'source' link

https://gerrit.wikimedia.org/r/675097

Maintenance_bot removed a project: Patch-For-Review.Mar 26 2021, 10:11 AM
gerritbot added a comment.Mar 29 2021, 7:56 AM

Change 675455 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):
[operations/software/librenms@upstream-1.66] Add 'timestamp' annotation to AM alerts

https://gerrit.wikimedia.org/r/675455

gerritbot added a project: Patch-For-Review.Mar 29 2021, 7:56 AM
gerritbot added a comment.Mar 29 2021, 8:45 AM

Change 675455 merged by Filippo Giunchedi:
[operations/software/librenms@upstream-1.66] Add 'timestamp' annotation to AM alerts

https://gerrit.wikimedia.org/r/675455

ayounsi added a comment.Apr 13 2021, 11:02 AM

Screenshot_2021-04-13 Alerts for wikimedia org.png (975×1 px, 147 KB)

It's confusing to see the alerts twice in there.

fgiunchedi added a project: User-fgiunchedi.Apr 21 2021, 2:04 PM
fgiunchedi moved this task from Backlog to Up next on the User-fgiunchedi board.Apr 27 2021, 1:47 PM
ayounsi mentioned this in T284213: Improve AlertManager dashboard.Jun 3 2021, 10:25 AM
gerritbot added a comment.Jun 3 2021, 12:24 PM

Change 697943 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/puppet@production] alertmanager: cc -operations on IRC for all SRE pages

https://gerrit.wikimedia.org/r/697943

gerritbot added a comment.Jun 4 2021, 8:24 AM

Change 697943 merged by Filippo Giunchedi:

[operations/puppet@production] alertmanager: cc -operations on IRC for all SRE pages

https://gerrit.wikimedia.org/r/697943

gerritbot added a comment.Jun 7 2021, 12:59 PM

Change 698491 had a related patch set uploaded (by Ema; author: Ema):

[operations/puppet@production] alertmanager: define IRC and page routes for sre team

https://gerrit.wikimedia.org/r/698491

gerritbot added a comment.Jun 7 2021, 1:40 PM

Change 698491 merged by Ema:

[operations/puppet@production] alertmanager: define IRC and page routes for sre team

https://gerrit.wikimedia.org/r/698491

lmata edited projects, added SRE Observability; removed observability.Jul 12 2021, 2:21 AM
lmata moved this task from Inbox to Backlog on the SRE Observability board.Jul 15 2021, 4:08 AM
fgiunchedi closed subtask T285205: Make sure LibreNMS -> AM alerts don't flap due to lack of notifications as Resolved.Jul 20 2021, 10:01 AM
lmata edited projects, added Observability-Alerting; removed SRE Observability.Aug 9 2021, 3:29 AM
lmata moved this task from Inbox to Backlog on the Observability-Alerting board.Aug 10 2021, 3:18 PM
fgiunchedi added a comment.Oct 15 2021, 9:53 AM

I was investigating why we don't have hostnames in alerts anymore, and it turns out the last librenms upgrade in T266987 meant we lost the following patches:

We don't seem to have a good story on how to carry these patches forward though

gerritbot added a comment.Oct 15 2021, 10:16 AM

Change 731007 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/software/librenms@upstream-21.4.0] Use 'title' as Alertmanager summary

https://gerrit.wikimedia.org/r/731007

gerritbot added a comment.Oct 15 2021, 10:16 AM

Change 731008 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/software/librenms@upstream-21.4.0] Use device's 'alerts' page as Alertmanager 'source' link

https://gerrit.wikimedia.org/r/731008

gerritbot added a comment.Oct 15 2021, 10:16 AM

Change 731009 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/software/librenms@upstream-21.4.0] Add 'timestamp' annotation to AM alerts

https://gerrit.wikimedia.org/r/731009

gerritbot added a comment.Oct 15 2021, 10:26 AM

Change 731008 abandoned by Filippo Giunchedi:

[operations/software/librenms@upstream-21.4.0] Use device's 'alerts' page as Alertmanager 'source' link

Reason:

To be applied to the next upstream version instead

https://gerrit.wikimedia.org/r/731008

gerritbot added a comment.Oct 15 2021, 10:26 AM

Change 731009 abandoned by Filippo Giunchedi:

[operations/software/librenms@upstream-21.4.0] Add 'timestamp' annotation to AM alerts

Reason:

To be applied to the next upstream version instead

https://gerrit.wikimedia.org/r/731009

gerritbot added a comment.Oct 15 2021, 10:26 AM

Change 731007 abandoned by Filippo Giunchedi:

[operations/software/librenms@upstream-21.4.0] Use 'title' as Alertmanager summary

Reason:

To be applied to the next upstream version instead

https://gerrit.wikimedia.org/r/731007

gerritbot added a comment.Jan 31 2022, 2:25 PM

Change 731007 merged by Filippo Giunchedi:

[operations/software/librenms@upstream-21.4.0] Use 'title' as Alertmanager summary

https://gerrit.wikimedia.org/r/731007

gerritbot added a comment.Jan 31 2022, 2:25 PM

Change 731008 merged by Filippo Giunchedi:

[operations/software/librenms@upstream-21.4.0] Use device's 'alerts' page as Alertmanager 'source' link

https://gerrit.wikimedia.org/r/731008

gerritbot added a comment.Jan 31 2022, 2:25 PM

Change 731009 merged by Filippo Giunchedi:

[operations/software/librenms@upstream-21.4.0] Add 'timestamp' annotation to AM alerts

https://gerrit.wikimedia.org/r/731009

fgiunchedi moved this task from Up next to Backlog on the User-fgiunchedi board.Oct 27 2023, 6:53 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL