Essential information about failuers are not forwarded to the sysadmin
chymian 0 last edited by girish
Just saw the latest announcment and was figuring out (at the same time) that cloudron is not informing me any longer, about mission-critical errors, like when a backup fails and:
… Backup renewal notification will only be sent if 3 consecutive backups fail. This way we allow for "external services" to fail now and then without being too aggressive about notifying user.
Since the Users data are the most precious thing in a installation like that, it's just not acceptable, that in a worse case scenario, 3 days of these are lost!
allow for "external services" to fail now and then.
IMHO, that's the wrong strategy. if external services fails, the sysadmin should fix it A.S.A.P. or go for a reliable service.
not reporting system critical failures at once compromises the security and reliability of the whole installation.
during my research i saw a statement, "that one had to log in to oversee the system...." (and find out, whether it has failed already)
imagine, one sysadmin is responsible for more then just one cloudron installation and cloudron is just one VM/setup of about a dozend+ or more installations of diff. apps/setups, at all kind of different places/customers and you suggest, to login to everyone to see whether it's healthy? think big, guys. that's just not doable.
all mission-critical information has to be delivered in realtime to the responsible person/team.
instead of turning of critical information, a way to configure different notification-channels for diff. typ/classes/importance of notifications like matrix/telegarm/mail would make much more sense - IMHO.
@chymian-0 I can understand your point. The main reason we did this is because in most cases of such one-off failures there were intermittent issues and by the time the user investigated or contacted us, the issue was already resolved since Cloudron will retry anyways. So now a notification is only raised after consecutive failures, which is when it gets problematic. So essentially we are more relying on the retry since failures just happen and in nearly all such cases there is nothing to be done about it in hindsight, so there is really no need to invest time or energy unless it fails even after retry.
chymian 0 last edited by
@nebulon backup failed completely yesterday without any notification. so I missed a complete day of backup without being informed about it. that's not acceptable!
@chymian-0 if it failed completely even after retry, it indeed should have notified, we have to check why this didn't happen.
chymian 0 last edited by
@nebulon, ok now I'm getting to understand you better.
It should have sent a mail after complete failure of backup, not only after 3 days… - I see.
but even in the past, when backup failed, I got only 1 single mail.
from my understanding now, it should have sent me a mail per try - which never happened.
thx for clarification.
do you need any logs/info?
d19dotca last edited by
@chymian-0 Side note not meant to derail the great conversation (as I can certainly see both sides to the equation here)... If your backups are critical (which they are for many of us), it'll be infinitely better to backup multiple times a day, not just once. As a side benefit, you'd be notified sooner if any failures too. Personally I backup about 4 times a day (though I tweak this occasionally).
d19dotca last edited by d19dotca
@nebulon It may be a good idea to allow customization of the notification system, so that those users who deem everything uber critical (for business reasons and such) can be notified upon every failure, and those who are more using Cloudron for their hobby can choose to not be bugged by failures as often due to the very real reason that led to this change in the first place... too many false-positives or intermittent issues that no sysadmin can necessarily do anything about anyways (i.e. if the object storage provider is having issues).
If you want to keep it 'simple' still, then maybe just have two options for users... aggressive or non-aggressive. lol.
To add to this: the backup failure notifications after three failures and not after 3 days. So, if you have backups at a higher interval, you will get notified soon enough.
jdaviescoates last edited by jdaviescoates
@jdaviescoates There's two levels of retry - things like network errors, transient api errors etc are retried immediately. The other retry is in the next scheduled backup time. There is no other retry between scheduled backup time.