undercloud_debug

About the role

An Ansible role to check if debug is enabled on Undercloud services.

Requirements

This role needs to be run against an installed Undercloud. The tested services must use one of the specified configuration files to set their debug status.

Role Variables

  • debug_check: <True>

  • services_conf_files: List of paths for configuration files of services you want to check

Dependencies

  • ‘validations_read_ini’ custom plugin

Example Playbook

- hosts: undercloud
  roles:
    - { role: undercloud-debug }

License

Apache

Author Information

Red Hat TripleO Validations Team

Full Description

Role Documentation

Welcome to the “undercloud_debug” role documentation.

Role Defaults

This section highlights all of the defaults and variables set within the “undercloud_debug” role.

# Fail if the 'debug' key is set to value of 'debug_check'
debug_check: true

# Parse following ini files, retrieving value of the 'debug' key
services_conf_files:
- /var/lib/config-data/puppet-generated/nova/etc/nova/nova.conf
- /var/lib/config-data/puppet-generated/neutron/etc/neutron/neutron.conf
- /var/lib/config-data/puppet-generated/ceilometer/etc/ceilometer/ceilometer.conf
- /var/lib/config-data/puppet-generated/heat/etc/heat/heat.conf
- /var/lib/config-data/puppet-generated/ironic/etc/ironic/ironic.conf

Role Variables: main.yaml

metadata:
  name: Undercloud Services Debug Check
  description: >
    The undercloud's openstack services should _not_ have debug enabled.
    This will check if debug is enabled on undercloud services.
    If debug is enabled, the root filesystem can fill up quickly, and
    is not a good thing.
    This role needs to be run against an installed Undercloud.
    The tested services must use one of the specified configuration files
    to set their debug status.
  groups:
  - pre-deployment

Molecule Scenarios

Molecule is being used to test the “undercloud_debug” role. The following section highlights the drivers in service and provides an example playbook showing how the role is leveraged.

Scenario: default
Driver: podman:
Molecule Platform(s)
- name: centos
  hostname: centos
  image: centos/centos:stream8
  registry:
    url: quay.io
  dockerfile: ../../../../.config/molecule/Dockerfile
  pkg_extras: python*-setuptools python*-pyyaml
  volumes:
  - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
  privileged: true
  environment:
    http_proxy: "{{ lookup('env', 'http_proxy') }}"
    https_proxy: "{{ lookup('env', 'https_proxy') }}"
  ulimits:
  - host
Molecule Inventory
hosts:
  all:
    hosts:
      centos:
        ansible_python_interpreter: /usr/bin/python3
Example default playbook
- name: Converge
  hosts: all
  gather_facts: false

  vars:
    services_conf_files:
    - /tmp/debug_true_1.conf

  tasks:
  - name: prepare fake config file
    copy:
      dest: /tmp/debug_true_1.conf
      content: |
        [DEFAULT]
        debug: true

  - name: Checking good value
    include_role:
      name: undercloud_debug
    vars:
      debug_check: false

  - name: Should fail due to bad value
    block:
    - include_role:
        name: undercloud_debug

    rescue:
    - name: Clear host errors
      meta: clear_host_errors

    - debug:
        msg: The validation works! End the playbook run

    - name: End play
      meta: end_play

  - name: Fail the test
    fail:
      msg: |
        The undercloud_debug should have detected a configuration issue