AutoPatcher
Logout
What is AutoPatcherQuickstartSetting up permissionsSetting up SSM agentAdding a machine to AutoPatcherScheduling a patching planBaseline patchingPatching eventsNotificationsCreating notification groupNotification eventsNotification channelsUsing CLIPre & Post patching actions - HooksReportsPatching logsFirewall configurationCommand line interfaceManaging permissionsManaging API keysBootcamp videosAPI Usage

Notifications in AutoPatcher

This section describes how to configure notifications for your patching. Notifications are configured in patching groups. Each group may have several notification channels configured (e.g. slack, email, pager duty). This way one notification can be sent to several slack channels and teams, or pager duty accounts, or emails.

Creating notification group

First, create the notification group - https://autopatcher.nordcloudapp.com/notification_groups

New notification group New notification group type

Notification events

AutoPatcher sends notification about the following events:

EventsSeverity LevelDescription
event_newINFOAutoPatcher created new patching event
errorERRORThere was an error during patching
incoming_patchingINFOIncoming patching
not_approved_patchingINFOAutoPatcher created new patching event which requires approval (or will be approved later automatically in case of a pipeline event)
plan_modificationDEBUGPatching plan has been modified
plan_newDEBUGNew patching plan has been created
plan_deletedWARNINGPatching plan has been deleted
pipeline_modificationDEBUGPatching pipeline has been modified
pipeline_newDEBUGNew patching pipeline has been created
pipeline_deletedWARNINGPatching pipeline has been deleted
patching_startINFOPatching has been stared
patching_finishSUCCESS or ERRORPatching has been started
partial_patching_startINFOPartial patching has been stared
partial_patching_finishSUCCESS or ERRORPartial patching has been started
machine_patching_startINFOInstance update has been started
machine_patching_finishSUCCESS or ERRORInstance update has been finished
machine_access_errERRORInstance connection error
machine_not_in_windowWARNINGInstance cannot be updated because it is not in the time window
hook_startINFOHook has been started
hook_finishSUCCESS or ERRORHook has been finished
host_hook_startINFOInstance hook has been started
host_hook_finishSUCCESS or ERRORInstance hook has been finished

All finish notifications contain execution status (machine update status, hook result etc.).

An incoming_patching notification is sent by default 1 hour before the actual patching is started. However your can change this time amount by setting upcoming_notification_time field in your plan to a custom value in hours.

Notifications about dry run plans and events

AutoPatcher adds a [DRY RUN] tag to the end of a title of every notification when plan or event is configured to scan for available patches. Example: dry run

Notification channels

Slack

AutoPatcher can send the notifications to the slack channel. Every notification contains IDs and the links to the related objects so you can easily check its details.

Example notifications: Slack example

Pager Duty

AutoPatcher sends all the notifications to the Pager Duty service. Based on these notifications you can create a rule to generate an error alert in the PagerDuty configuration. Pager Duty example to generate an alert only on errors:

PD example 1 PD example 2

Email

AutoPatcher can send notifications to configured email. Example: Email example

Customer-friendly emails

For some types of events there's a possibility to send emails in different format which is more customer-friendly. For now the new format is defined only for the following types of events:

  • incoming_patching
  • patching_start
  • patching_finish

To use the new format you should check the Is external checkbox when creating email notification: External email

Below are examples of customer-friendly emails:

External email incoming

External email started

External email finished

Using CLI

Adding notification group:

nc-autopatcher-cli create notification_group --file notify.json

notify.json example:

{
    name: "test-group",
    owner: "TEST",
    notifications: [
        {
            channel: "test-channel",
            type: "slack",
            web_hook_url: "webhookurl"
        },
        {
            type: "email",
            email: "x@y.com"
        },
        {
            type: "email",
            email_config: {
                address: "z@w.com",
                is_external: true
            }
        },
        {
            type: "pager duty",
            routing_key: "ct3h84ytc382ty947t4t7243y98bvt2y3vt",
            override_settings: true,
            levels: [],
            events: []
        }
    ],
    events: [],
    levels: []
}
  • type - notification type: "slack","email", "pager duty"
  • web_hook_url - slack web hook url
  • channel - slack channel routing_key - Pager Duty key
  • events - nofify about specified events. If events array is empty AP sends all notifications
  • levels - notify about specified severity levels. If levels array is empty AP sends all notifications.

You can override Notification group filters (events & levels) by adding override_settings: true parameter and providing new settings in the channel configuration. The full list of the events and severity levels can be found in the Notification events section.

Adding notification groups to a plan

Add the created notification group into the schedule plan. You can add multiple groups:

nc-autopatcher-cli update plan --file plan.json --id $PLAN_ID

plan.json example:

{
  "cron_window_start": "0 19 * * *",
  "cron_window_end": "0 20 * * *",
  "machines": [
    {
      "id": "XXX",
      "order": 4
    },
    {
      "id": "YYY",
      "order": 3
    }
  ],
  "name": "TEST_PROD_ACCOUNT",
  "owner": "nordcloud",
  "parallel": 1,
  "notification_groups": [
     "34vc5-23v6fc-2v3c65-2c34",
     "GROUP2"
  ]
}