post-deployment

controller-ulimits

Check controller ulimits.

This will check the ulimits of each controller.

  • hosts: controller
  • groups: post-deployment
  • metadata:
  • parameters:
    • nofiles_min: 2048
    • nproc_min: 2048

View validation source code.

haproxy

HAProxy configuration.

Verify the HAProxy configuration has recommended values.

  • hosts: controller
  • groups: post-deployment
  • metadata:
  • parameters:
    • config_file: /etc/haproxy/haproxy.cfg
    • defaults_timeout_queue: 1m
    • defaults_timeout_server: 1m
    • global_maxconn_min: 20480
    • defaults_maxconn_min: 4096
    • defaults_timeout_client: 1m
    • defaults_timeout_check: 10s

View validation source code.

mysql-open-files-limit

MySQL Open Files Limit.

Verify the open-files-limit configuration is high enough https://access.redhat.com/solutions/1598733

  • hosts: controller
  • groups: post-deployment
  • metadata:
  • parameters:
    • min_open_files_limit: 16384

View validation source code.

no-op-firewall-nova-driver

Verify NoOpFirewallDriver is set in Nova.

When using Neutron, the firewall_driver option in Nova must be set to NoopFirewallDriver.

  • hosts: compute
  • groups: post-deployment
  • metadata:
  • parameters:

View validation source code.

ntpstat

Verify all deployed nodes have their clock synchronised..

Each overcloud node should have their clocks synchronised. The deployment should configure and run ntpd. This validation verifies that it is indeed running and connected to an NPT server on all nodes.

  • hosts: overcloud
  • groups: post-deployment
  • metadata:
  • parameters:

View validation source code.

openstack-endpoints

Check connectivity to various OpenStack services.

# TODO: this could also check for undercloud encpoints This will attempt to connect to each service endpoint defined in your hosts file’s controller_vip variable.

  • hosts: undercloud
  • groups: post-deployment
  • metadata:
  • parameters:

View validation source code.

pacemaker-status

Check the status of the pacemaker cluster.

This runs pcs status and checks for any failed actions. A failed status post-deployment indicates something is not configured correctly. This should also be run before upgrade as the process will likely fail with a cluster that’s not completely healthy.

  • hosts: controller
  • groups: post-deployment
  • metadata:
  • parameters:

View validation source code.

rabbitmq-limits

Rabbitmq limits.

Make sure the rabbitmq file descriptor limits are set to reasonable values.

  • hosts: controller
  • groups: post-deployment
  • metadata:
  • parameters:
    • min_fd_limit: 16384

View validation source code.

undercloud-tokenflush

Verify token_flush is enabled in keystone users crontab..

Without a token_flush crontab enabled for the keystone user, the keystone database can grow very large. This validation checks that the keystone token_flush crontab has been set up.

  • hosts: undercloud
  • groups: post-deployment
  • metadata:
  • parameters:
    • cron_check: keystone-manage token_flush

View validation source code.