Page MenuHomePhabricator
Create Task
Maniphest T321808

Port most/all Icinga checks to Prometheus/Alertmanager
Open, Needs TriagePublic
Actions

Description

This is a tracking task for the general work of moving alerts from Icinga to Prometheus/Alertmanager.

Note that the title says most because while the perfect end goal is to migrate all alerts (and thus shut down Icinga) that might be unpractical and/or too much effort with respect to the gains.

On a pragmatic level though what we can do is reduce Icinga' scope over time, and turn it into a "backend" component. In this scenario for example we would stop using Icinga's web UI for all/most operations, and delegate all functionality to AM / alerts.w.o

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT321808 Port most/all Icinga checks to Prometheus/Alertmanager
 OpenNoneT288622 All Prometheus based alerts move from Icinga to alert manager exclusively
 ResolvedfgiunchediT281454 Onboard teams with Prometheus-based alerts to AlertManager
 ResolvedlmataT281359 Onboard teams with Grafana alerts to AlertManager
 ResolvedfgiunchediT282806 Port traffic/netops grafana alerts to AlertManager
 ResolvedLadsgroupT287741 Convert wikidata-alerts grafana dashboard to AlertManager
 OpenNoneT225140 Icinga alerts that should open tasks instead of alerting
 ResolvedfgiunchediT310266 Move mgmt SSH checks from Icinga to Prometheus/Alertmanager
 InvalidNoneT319299 Investigate longer run time for hiera_export netbox script
 ResolvedVolansT320721 Decide whether decom'ing hosts mgmt DNS entry should stay or not
 ResolvedfgiunchediT288726 Move > 60% of observability Prometheus-based checks to Alertmanager
 ResolvedherronT301944 Web interface to navigate Prometheus alerts and their status
 OpenherronT326657 Add prometheus-https load balancer
 OpenNoneT305847 Migrate SRE paging alerts off Icinga and to Alertmanager
 ResolvedfgiunchediT309546 Export etcdmirror 'lag' metric and alert on it
 ResolvedNoneT309007 Migrate eventlogging check_prometheus checks to alertmanager
 ResolvedArnoldokothT309009 Migrate eventgate check_prometheus checks to alertmanager
 ResolvedfgiunchediT309010 Migrate Kafka prometheus alerts from Icinga to Alertmanager
 OpenNoneT309011 Migrate labstore prometheus alerts from Icinga to Alertmanager
 OpenNoneT309012 Migrate zookeeper prometheus checks from Icinga to Alertmanager
 ResolvedNoneT285328 Migrate OSM sync alerts from icinga to AlertManager
 ResolvedEBernhardsonT289077 Migrate Search team's prometheus-based alerts from Icinga to alert-manager
 ResolvedBTullisT293399 Migrate the majority of the analytics cluster alerts from Icinga to AlertManager
 ResolvedjbondT294564 Migrate Foundations Prometheus alerts to AlertManager
 In ProgressBUG REPORTNoneT302639 How should we monitor for faulty memory modules?
 ResolvedjhathawayT302687 Don't move filesystem_avail_bigger_than_size icinga check to alert manager?
 ResolvedBCornwallT300723 Migrate Traffic Prometheus alerts from Icinga to Alertmanager
 ResolvedBCornwallT311445 Create vm.max_map_count metrics for Prometheus
 DuplicateNoneT312763 Port kubernetes prometheus-based alerts from icinga to alertmanager
 ResolvedfgiunchediT312764 Port mediawiki prometheus-based alerts from icinga to alertmanager
 ResolvedfgiunchediT312765 Port swift prometheus-based alerts from icinga to alertmanager
 ResolvedJMeybohmT311251 Migrate kubernetes alerts away from icinga
ResolvedBCornwallT327791 Move (or delete?) trafficserver restart count alert from icinga to alerts.git
 ResolvedfgiunchediT327792 Port k8s cache alerts from icinga to alerts.git
 ResolvedcmooneyT327793 Port (or delete) udpmxircecho alerts from icinga to alerts.git
 OpenNoneT320931 Progress indicator for Icinga -> Alertmanager migration
 OpenNoneT321810 Move systemd unit status checks to Alertmanager
 OpenNoneT315866 Migrate mysql icinga alerts to alert manager
 OpenNoneT330989 Probe mr devices from Prometheus
 OpenNoneT332709 Multi-team Prometheus/Alertmanager alerts
 ResolvedjbondT349176 Route systemd unit alerts to the correct team
 OpenNoneT332764 Port base host checks from Icinga to Alertmanager
 ResolvedcmooneyT333007 validate what we need from the check_eth check
 ResolvedSLyngshede-WMFT347312 Expose ethtool metrics to Prometheus
 ResolvedSLyngshede-WMFT351068 ethtool-exporter collection/parsing errors
 OpenNoneT337831 Remove specific nrpe::monitor_systemd_unit_state
 ResolvedfgiunchediT343902 Port "Ensure hosts are not performing a change on every puppet run"
 OpenNoneT350357 Make it easier to export textfiles for node-exporter from puppet
 OpenNoneT350360 Evaluate "drop in" replacement for nrpe scripts
 OpenSLyngshede-WMFT350694 Infrastructure Foundation Alerts to migrate
 OpenNoneT333638 Desired Icinga state by end of FY2023/2024
 OpentaaviT328502 Move WMCS off of Icinga and introduce alertmanager
 OpentaaviT345294 Move Cloud VPS control plane alerting to alertmanager
 OpenNoneT345983 Remove Icinga checks for Cloud VPS projects (not: infrastructure)
 OpenNoneT313030 Replace Toolschecker alerts with Prometheus based ones
 ResolvedtaaviT311911 Upgrade Toolforge Prometheus servers to Debian Bullseye or later
 ResolvednskaggsT312692 Request increased quota for tools Cloud VPS project
 ResolvedtaaviT284860 Prometheus alerting support on Toolforge
 ResolvedtaaviT304716 Cloud services enhancement proposal: Prometheus metrics for Toolforge/Toolsbeta/Paws Kubernetes clusters
 ResolveddcaroT313031 Paging for alerts from the cloud realm
 OpenNoneT347148 Determine how to monitor services in cloud-private / cloudlb
 ResolvedtaaviT347277 metricsinfra: add support dns blackbox scrapes
 OpentaaviT288053 Add external meta-monitoring for metricsinfra

Event Timeline

fgiunchedi created this task.Oct 27 2022, 2:03 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 27 2022, 2:03 PM
fgiunchedi added a subtask: T288622: All Prometheus based alerts move from Icinga to alert manager exclusively.Oct 27 2022, 2:03 PM
fgiunchedi added a subtask: T320931: Progress indicator for Icinga -> Alertmanager migration.
fgiunchedi added a subtask: T315866: Migrate mysql icinga alerts to alert manager.Oct 27 2022, 2:12 PM
jcrespo added a subscriber: jcrespo.Feb 13 2023, 3:51 PM

Have we thought about creating a small middleware that would change nagios output format into prometheus-scrapable metrics (maybe including some kind of memory/disk cache for long running ones/ones where they are supposed to be run only once per hour)? I checked and I don't see anything already existing that does that (note I am talking about nagios checks, without icinga) I know there is already in place a scraper for the icinga service itself.

While this would not be an ideal situation in many cases- native solutions would be preferred- it would avoid headaches like T315866#8194791, where a very inferior metrics solution is proposed to substitute a proper, long-standing icinga check, by reusing the specific logic on a better management system. A single job would scrape all icinga-based checks for a host and aggregate them into prometheus metrics- including the error text- and that would allow us to replace fully icinga itself, while keeping the custom alert logic, all consolidated in prometheus. This would also solve the issue with the many upstream solutions not having space for a few custom WMF-specific checks- leading the way for an icinga-free WMF.

fgiunchedi added a comment.Feb 14 2023, 1:17 PM

The closest I can think of is nrpe_exporter: https://github.com/canonical/nrpe_exporter and certainly something we can consider!

jcrespo added a comment.EditedFeb 14 2023, 1:24 PM
In T321808#8614196, @fgiunchedi wrote:

The closest I can think of is nrpe_exporter: https://github.com/canonical/nrpe_exporter and certainly something we can consider!

Nice. I see this still uses the NRPE daemon.

I think in general this shouldn't be plan A for any migration, but I am sure complex cases like the one I mention (WMF-specific behaviour potentially not found upstream), or others where there are no longer maintainers around to do the right thing, we could use this or something similar, and migrate the puppet class to use this, getting eventually rid of icinga itself (which I think we all agree is not a great alerting manager).

For example, when I did the check_bacula.py from zero, I implemented both nagios output format and a prometheus exporter daemon, but I guess there may be very old pieces of small checks that could take a lot of time to migrate to proper exporters.

lmata added a project: SRE Observability (FY2022/2023-Q3).Feb 21 2023, 3:56 PM
fgiunchedi updated the task description. (Show Details)Mar 21 2023, 1:48 PM
fgiunchedi edited projects, added SRE Observability (FY2022/2023-Q4); removed SRE Observability (FY2022/2023-Q3).Apr 14 2023, 8:21 AM
lmata moved this task from Inbox to Epics In Progress on the SRE Observability (FY2022/2023-Q4) board.May 2 2023, 1:58 PM
lmata edited projects, added SRE Observability (FY2023/2024-Q1); removed SRE Observability (FY2022/2023-Q4).Jul 18 2023, 4:56 PM
lmata moved this task from Inbox to Epics In Progress on the SRE Observability (FY2023/2024-Q1) board.Jul 18 2023, 8:11 PM
SLyngshede-WMF added a subscriber: SLyngshede-WMF.Oct 4 2023, 3:46 PM
lmata edited projects, added SRE Observability (FY2023/2024-Q2); removed SRE Observability (FY2023/2024-Q1).Oct 9 2023, 4:19 PM
lmata moved this task from Inbox to Epics In Progress on the SRE Observability (FY2023/2024-Q2) board.
fgiunchedi closed subtask T343902: Port "Ensure hosts are not performing a change on every puppet run" as Resolved.Oct 18 2023, 1:31 PM
taavi removed a subtask: T333638: Desired Icinga state by end of FY2023/2024.Fri, Dec 1, 12:56 PM
taavi added a subtask: T333638: Desired Icinga state by end of FY2023/2024.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL