post-deployment =============== .. _post-deployment_controller-ulimits: controller-ulimits ------------------ Check controller ulimits. This will check the ulimits of each controller. - **hosts**: controller - **groups**: post-deployment - **metadata**: - **parameters**: - **nofiles_min**: 2048 - **nproc_min**: 2048 `View validation source code `__. .. _post-deployment_haproxy: haproxy ------- HAProxy configuration. Verify the HAProxy configuration has recommended values. - **hosts**: controller - **groups**: post-deployment - **metadata**: - **parameters**: - **config_file**: /etc/haproxy/haproxy.cfg - **defaults_timeout_queue**: 1m - **defaults_timeout_server**: 1m - **global_maxconn_min**: 20480 - **defaults_maxconn_min**: 4096 - **defaults_timeout_client**: 1m - **defaults_timeout_check**: 10s `View validation source code `__. .. _post-deployment_mysql-open-files-limit: mysql-open-files-limit ---------------------- MySQL Open Files Limit. Verify the `open-files-limit` configuration is high enough https://access.redhat.com/solutions/1598733 - **hosts**: controller - **groups**: post-deployment - **metadata**: - **parameters**: - **min_open_files_limit**: 16384 `View validation source code `__. .. _post-deployment_no-op-firewall-nova-driver: no-op-firewall-nova-driver -------------------------- Verify NoOpFirewallDriver is set in Nova. When using Neutron, the `firewall_driver` option in Nova must be set to `NoopFirewallDriver`. - **hosts**: compute - **groups**: post-deployment - **metadata**: - **parameters**: `View validation source code `__. .. _post-deployment_ntpstat: ntpstat ------- Verify all deployed nodes have their clock synchronised.. Each overcloud node should have their clocks synchronised. The deployment should configure and run ntpd. This validation verifies that it is indeed running and connected to an NPT server on all nodes. - **hosts**: overcloud - **groups**: post-deployment - **metadata**: - **parameters**: `View validation source code `__. .. _post-deployment_openstack-endpoints: openstack-endpoints ------------------- Check connectivity to various OpenStack services. # TODO: this could also check for undercloud encpoints This will attempt to connect to each service endpoint defined in your hosts file's controller_vip variable. - **hosts**: undercloud - **groups**: post-deployment - **metadata**: - **parameters**: `View validation source code `__. .. _post-deployment_pacemaker-status: pacemaker-status ---------------- Check the status of the pacemaker cluster. This runs `pcs status` and checks for any failed actions. A failed status post-deployment indicates something is not configured correctly. This should also be run before upgrade as the process will likely fail with a cluster that's not completely healthy. - **hosts**: controller - **groups**: post-deployment - **metadata**: - **parameters**: `View validation source code `__. .. _post-deployment_rabbitmq-limits: rabbitmq-limits --------------- Rabbitmq limits. Make sure the rabbitmq file descriptor limits are set to reasonable values. - **hosts**: controller - **groups**: post-deployment - **metadata**: - **parameters**: - **min_fd_limit**: 16384 `View validation source code `__. .. _post-deployment_undercloud-tokenflush: undercloud-tokenflush --------------------- Verify token_flush is enabled in keystone users crontab.. Without a token_flush crontab enabled for the keystone user, the keystone database can grow very large. This validation checks that the keystone token_flush crontab has been set up. - **hosts**: undercloud - **groups**: post-deployment - **metadata**: - **parameters**: - **cron_check**: keystone-manage token_flush `View validation source code `__.