Vopsbot
Vopsbot (source) is an IRC bot that allows interacting with the splunk oncall api from IRC.
At the moment it's running in the #wikimedia-sre
and #wikimedia-sre-private
IRC channels on libera.chat with nickname sirenbot
It is designed to interact with the victorops api.
Installation and configuration
The bot can be installed in the wikimedia environment using the profile::vopsbot
class.
It uses a local database using sqlite for basic functions like ACL and topic storage, located in /srv/vopsbot/vopsbot.db
. It also uses two configuration files:
- /etc/vopsbot/ircbot-config.json, a json file containing the configuration for the IRC bot framework vopsbot is based upon
- /etc/vopsbot/users.yaml which contains a list of irc nick -> victorops usernames overrides. When adding a new user to victorops, this configuration (found in private hiera as
profile::vopsbot::vo_users
)
In addition, the victorops credentials are passed to the bot via environment variables.
Bot commands
See who is oncall now
Command: !oncall-now [team]
If you omit the team, vopsbot will try to figure out which team you're on and report who's oncall for your team; otherwise it will default to reporting who's oncall for SRE.
List paging incidents for the last 24 hours
Command: !incidents [team]
If you omit the team, vopsbot will try to figure out which team you're on and report incidents for your team; otherwise it will default to reporting paging incidents for SRE
Acknowledge an open incident
Command: !ack <incident-number> [victorops username]
If you omit the username, vopsbot will try to figure out what your victorops username is; if none is found, an error will be returned. This command can only be given in public.
Resolve an open incident
Command: !resolve <incident-number> [victorops username]
If you omit the username, vopsbot will try to figure out what your victorops username is; if none is found, an error will be returned. This command can only be given in public.
Access control
All members of the SRE team are granted admin status automatically, meaning you can issue commands freely and anywhere. Specific ACLs (using ircbot's !acl_add, !acl_remove and !acl_get commands) can be managed
for every command. We can grant the right to execute a command to an individual nickname or to a whole channel. I would argue that if other teams want to use it, we'll add an ACL specifically for their "reserved/trusted" channel for ease of maintenance.
Other capabilities
The bot can sing, if you ask. You'll figure out how, if you never give up looking...
Restart sirenbot
Log on the active alert node and sudo systemctl restart vopsbot.service
.