Skip to content

Instantly share code, notes, and snippets.

@austinsonger

austinsonger/System_Incident_Report_Example.md

Last active July 25, 2019 14:59
Show Gist options
  • Save austinsonger/350c2b410c814a9177c659d196aef8f2 to your computer and use it in GitHub Desktop.
Save austinsonger/350c2b410c814a9177c659d196aef8f2 to your computer and use it in GitHub Desktop.
Download ZIP
System Incident Report (Downtime, Outage, and etc) Template
Raw
System_Incident_Report_Example.md

Incident Report Example

Priority Level: Critical (1)

Report Date: YYYY-MM-DD

Priority levels are as follows (1) Critical, (2) High, and (3) Medium

Earlier this week we experienced an outage in our API infrastructure. Today we’re providing an incident report that details the nature of the outage and our response. The following is the incident report for the Example Security outage that occurred on YYYY - MM - DD. We understand this service issue has impacted our valued developers and users, and we apologize to everyone who was affected.

Issue Summary

  • Short summary (5 sentences)
  • List the duration along with start and end times (include timezone)
  • State the impact (most user requests resulted in 500 errors, at peak 100%)
  • Close with root cause

Timeline (CST)

  • List the timezone
  • Covers the outage duration
  • When outage began
  • When staff was notified
  • Actions, events, …
  • When service was restored
Start Time (CST): #:##:## 
Resolved Time (CST):  #:##:## 
Total Time: #### Seconds (##.# Minutes) 

6:19 : Configuration push begins
6:26 : Outage begins
6:26 : Pagers alerted teams
6:54 : Failed configuration change rollback
7:15 : Successful configuration change rollback
7:19 : Server restarts begin
7:58 : 100% of traffic back online

<External System/Service> Status Page (Only if downtime is caused by external)

Coordinated Universal Time (UTC) is five hours ahead of Central Standard Time (CST)

Show Timeline of external system if man made

  • Copy Incident Timeline from external system status page

Root Cause

At 6:19 PM PT, a configuration change was inadvertently released to our production environment without first being released to the testing enviroment. The change specified an invalid address for the authentication servers in production. This exposed a bug in the authentication libraries which caused them to block permanently while attempting to resolve the invalid address to physical services. In addition, the internal monitoring systems permanently blocked on this call to the authentication library. The combination of the bug and configuration error quickly caused all of the serving threads to be consumed. Traffic was permanently queued waiting for a serving thread to become available. The servers began repeatedly hanging and restarting as they attempted to recover and at 6:26 PM PT, the service outage began.

Resolution and recovery

At 6:26 PM PT, the monitoring systems alerted our engineers who investigated and quickly escalated the issue. By 6:40 PM, the incident response team identified that the monitoring system was exacerbating the problem caused by this bug.
At 6:54 PM, we attempted to rollback the problematic configuration change. This rollback failed due to complexity in the configuration system which caused our security checks to reject the rollback. These problems were addressed and we successfully rolled back at 7:15 PM.
Some jobs started to slowly recover, and we determined that the overall recovery would be faster by a restart of all of the API infrastructure servers globally. To help with the recovery, we turned off some of our monitoring systems which were triggering the bug. As a result, we decided to restart servers gradually (at 7:19 PM), to avoid possible cascading failures from a wide scale restart. By 7:49 PM, 25% of traffic was restored and 100% of traffic was routed to the API infrastructure at 7:58 PM.

Corrective and Preventative Measures

In the last two days, we’ve conducted an internal review and analysis of the outage. The following are actions we are taking to address the underlying causes of the issue and to help prevent recurrence and improve response times:
Disable the current configuration release mechanism until safer measures are implemented. (Completed.)
Change rollback process to be quicker and more robust.
Fix the underlying authentication libraries and monitoring to correctly timeout/interrupt on errors.
Programmatically enforce staged rollouts of all configuration changes.
Improve process for auditing all high-risk configuration options.
Add a faster rollback mechanism and improve the traffic ramp-up process, so any future problems of this type can be corrected quickly.
Develop better mechanism for quickly delivering status notifications during incidents.
Example Security is committed to continually and quickly improving our technology and operational processes to prevent outages. We appreciate your patience and again apologize for the impact to you, your users, and your organization. We thank you for your business and continued support.

Sincerely,

Posted by John Doe, CTO
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment