post-deployment =============== .. _post-deployment_ceph-health: ceph-health ----------- Check the status of the ceph cluster. Uses `ceph health` to check if cluster is in HEALTH_WARN state and prints a debug message. - **hosts**: controller - **groups**: post-deployment - **metadata**: - **parameters**: `View validation source code `__. .. _post-deployment_controller-token: controller-token ---------------- Unnamed. This validation checks that keystone admin token is disabled on both undercloud and overcloud controller after deployment. - **hosts**: undercloud, controller - **groups**: post-deployment - **metadata**: - **Name**: Verify that keystone admin token is disabled. - **parameters**: `View validation source code `__. .. _post-deployment_controller-ulimits: controller-ulimits ------------------ Check controller ulimits. This will check the ulimits of each controller. - **hosts**: controller - **groups**: post-deployment - **metadata**: - **parameters**: - **nproc_min**: 2048 - **nofiles_min**: 2048 `View validation source code `__. .. _post-deployment_haproxy: haproxy ------- HAProxy configuration. Verify the HAProxy configuration has recommended values. - **hosts**: controller - **groups**: post-deployment - **metadata**: - **parameters**: - **defaults_maxconn_min**: 4096 - **global_maxconn_min**: 20480 - **defaults_timeout_client**: 2m - **config_file**: /etc/haproxy/haproxy.cfg - **defaults_timeout_server**: 2m - **defaults_timeout_check**: 10s - **defaults_timeout_queue**: 1m `View validation source code `__. .. _post-deployment_mysql-open-files-limit: mysql-open-files-limit ---------------------- MySQL Open Files Limit. Verify the `open-files-limit` configuration is high enough https://access.redhat.com/solutions/1598733 - **hosts**: controller - **groups**: post-deployment - **metadata**: - **parameters**: - **min_open_files_limit**: 16384 `View validation source code `__. .. _post-deployment_neutron-sanity-check: neutron-sanity-check -------------------- Neutron Sanity Check. Run `neutron-sanity-check` on the controller nodes to find out potential issues with Neutron's configuration. The tool expects all the configuration files that are passed to the Neutron services. - **hosts**: controller - **groups**: post-deployment - **metadata**: - **parameters**: - **configs**: ['/etc/neutron/neutron.conf', '/usr/share/neutron/neutron-dist.conf', '/etc/neutron/metadata_agent.ini', '/etc/neutron/metering_agent.ini', '/etc/neutron/dhcp_agent.ini', '/etc/neutron/plugins/ml2/openvswitch_agent.ini', '/etc/neutron/conf.d/ml2_conf_cisco.ini', '/etc/neutron/conf.d/cisco_cfg_agent.ini', '/etc/neutron/conf.d/cisco_router_plugin.ini', '/usr/share/neutron/l3_agent', '/etc/neutron/conf.d/common', '/etc/neutron/conf.d/neutron-l3-agent', '/usr/share/neutron/neutron-lbaas-dist.conf', '/etc/neutron/lbaas_agent.ini', '/etc/neutron/conf.d/neutron-lbaas-agent', '/etc/neutron/conf.d/neutron-lbaasv2-agent', '/etc/neutron/conf.d/neutron-metadata-agent', '/etc/neutron/conf.d/neutron-metering-agent', '/etc/neutron/conf.d/neutron-netns-cleanup', '/etc/neutron/conf.d/neutron-openvswitch-agent', '/etc/neutron/conf.d/neutron-ovs-cleanup', '/etc/neutron/conf.d/neutron-bsn-agent', '/etc/neutron/conf.d/neutron-cisco-cfg-agent', '/etc/neutron/conf.d/neutron-dhcp-agent'] `View validation source code `__. .. _post-deployment_no-op-firewall-nova-driver: no-op-firewall-nova-driver -------------------------- Verify NoOpFirewallDriver is set in Nova. When using Neutron, the `firewall_driver` option in Nova must be set to `NoopFirewallDriver`. - **hosts**: compute - **groups**: post-deployment - **metadata**: - **parameters**: `View validation source code `__. .. _post-deployment_ntpstat: ntpstat ------- Verify all deployed nodes have their clock synchronised.. Each overcloud node should have their clocks synchronised. The deployment should configure and run ntpd. This validation verifies that it is indeed running and connected to an NPT server on all nodes. - **hosts**: overcloud - **groups**: post-deployment - **metadata**: - **parameters**: `View validation source code `__. .. _post-deployment_openstack-endpoints: openstack-endpoints ------------------- Check connectivity to various OpenStack services. This validation gets the PublicVip address from the deployment and tries to access Horizon and get a Keystone token. - **hosts**: undercloud - **groups**: post-deployment - **metadata**: - **parameters**: `View validation source code `__. .. _post-deployment_pacemaker-status: pacemaker-status ---------------- Check the status of the pacemaker cluster. This runs `pcs status` and checks for any failed actions. A failed status post-deployment indicates something is not configured correctly. This should also be run before upgrade as the process will likely fail with a cluster that's not completely healthy. - **hosts**: controller - **groups**: post-deployment - **metadata**: - **parameters**: `View validation source code `__. .. _post-deployment_rabbitmq-limits: rabbitmq-limits --------------- Rabbitmq limits. Make sure the rabbitmq file descriptor limits are set to reasonable values. - **hosts**: controller - **groups**: post-deployment - **metadata**: - **parameters**: - **min_fd_limit**: 16384 `View validation source code `__. .. _post-deployment_stonith-exists: stonith-exists -------------- stonith-exists. Verify that stonith devices are configured for your OpenStack Platform HA cluster. We don't configure stonith device with TripleO Installer. Because the hardware configuration may be differ in each environment and requires different fence agents. How to configure fencing please read https://access.redhat.com/documentation/en/red-hat-openstack-platform/8/paged/director-installation-and-usage/86-fencing-the-controller-nodes - **hosts**: controller - **groups**: post-deployment - **metadata**: - **parameters**: `View validation source code `__.