post-update¶

check-reboot¶

Verify if a reboot is necessary with yum-utils.

This validation checks if a reboot is necessary with yum-utils with the option: needs-restarting -r

hosts: all
groups: pre-upgrade, post-upgrade, pre-update, post-update
parameters:
roles: check_reboot

Role documentation

check_reboot
- Role Documentation

container-status¶

Ensure container status.

Detect failed containers and raise an error.

hosts: undercloud, allovercloud
groups: backup-and-restore, pre-upgrade, pre-update, post-deployment, post-upgrade, post-update
parameters:
roles: container_status

Role documentation

container_status
- Role Documentation
  - Molecule Scenarios

controller-token¶

Verify that keystone admin token is disabled.

This validation checks that keystone admin token is disabled on both undercloud and overcloud controller after deployment.

hosts: [‘undercloud’, “{{ controller_rolename | default(‘Controller’) }}”]
groups: post-deployment, post-update, pre-update
parameters:
- keystone_conf_file: /var/lib/config-data/puppet-generated/keystone/etc/keystone/keystone.conf
roles: controller_token

Role documentation

controller_token
- Role Documentation

controller-ulimits¶

Check controller ulimits.

This will check the ulimits of each controller.

hosts: {{ controller_rolename | default(‘Controller’) }}
groups: post-deployment, post-update, pre-update
parameters:
- nofiles_min: 1024
- nproc_min: 2048
roles: controller_ulimits

Role documentation

controller_ulimits
- Role Documentation

fips-enabled¶

Confirm that undercloud has fips enabled.

Check if the undercloud is ready to deploy an environment using fips.

hosts: all
groups: prep, post-deployment, post-update, pre-update
parameters:
roles: fips_enabled

Role documentation

fips_enabled
- About The Role
- Full Description
  - Role Documentation
    - Role Variables: main.yml
    - Molecule Scenarios

healthcheck-service-status¶

Healthcheck systemd services Check.

Check for failed healthcheck systemd services.

hosts: undercloud, allovercloud
groups: backup-and-restore, post-deployment, post-update, pre-update
parameters:
- retries_number: 1
- delay_number: 1
- inflight_healthcheck_services: []
roles: healthcheck_service_status

Role documentation

healthcheck_service_status
- Role Documentation

image-serve¶

Verify image-serve service is working and answering.

Ensures image-serve vhost is configured and httpd is running.

hosts: undercloud
groups: backup-and-restore, pre-upgrade, post-deployment, post-upgrade, post-update, pre-update
parameters:
roles: image_serve

Role documentation

image_serve
- Role Documentation
  - Role Variables: main.yml
  - Molecule Scenarios

mysql-open-files-limit¶

MySQL Open Files Limit.

Verify the open-files-limit configuration is high enough

https://access.redhat.com/solutions/1598733

hosts: [“{{ controller_rolename | default(‘Controller’) }}”, ‘mysql’]
groups: post-deployment, post-update, pre-update
parameters:
- min_open_files_limit: 16384
roles: mysql_open_files_limit

Role documentation

mysql_open_files_limit
- Role Documentation

neutron-sanity-check¶

Neutron Sanity Check.

Run neutron-sanity-check on the controller nodes to find out potential issues with Neutron’s configuration.

The tool expects all the configuration files that are passed to the Neutron services.

hosts: {{ controller_rolename | default(‘Controller’) }}
groups: backup-and-restore, post-deployment, post-update, pre-update
parameters:
roles: neutron_sanity_check

Role documentation

neutron_sanity_check
- Role Documentation
  - Role Defaults
  - Molecule Scenarios

nova-event-callback¶

Nova Event Callback Configuration Check.

This validations verifies that the Nova auth_url in neutron, which is generally enabled by default, is configured correctly It checks the following files on the Overcloud Controller(s):

/etc/neutron/neutron.conf: [nova]/auth_url = ‘http://nova_admin_auth_ip:5000’
hosts: {{ controller_rolename | default(‘Controller’) }}
groups: post-deployment, post-update, pre-update
parameters:
- neutron_config_file: /var/lib/config-data/puppet-generated/neutron/etc/neutron/neutron.conf
roles: nova_event_callback

Role documentation

nova_event_callback
- About the role
- Full Description
  - Role Documentation

nova-svirt¶

Check nova sVirt support.

Ensures all running VM are correctly protected with sVirt

hosts: nova_libvirt
groups: post-deployment, post-upgrade, post-update, pre-update
parameters:
roles: nova_svirt

Role documentation

nova_svirt
- Role Documentation
  - Role Defaults
  - Molecule Scenarios

openstack-endpoints¶

Check connectivity to various OpenStack services.

This validation gets the PublicVip address from the deployment and tries to access Horizon and get a Keystone token.

hosts: undercloud
groups: post-deployment, pre-upgrade, post-upgrade, pre-update, post-update
parameters:
roles: openstack_endpoints

Role documentation

openstack_endpoints
- Role Documentation
  - Role Variables: main.yml
  - Molecule Scenarios

rabbitmq-limits¶

Rabbitmq limits.

Make sure the rabbitmq file descriptor limits are set to reasonable values.

hosts: {{ controller_rolename | default(‘Controller’) }}
groups: post-deployment, post-update, pre-update
parameters:
- min_fd_limit: 16384
roles: rabbitmq_limits

Role documentation

rabbitmq_limits
- Role Documentation

stonith-exists¶

Validate stonith devices.

Verify that stonith devices are configured for your OpenStack Platform HA cluster. We don’t configure stonith device with TripleO Installer. Because the hardware configuration may be differ in each environment and requires different fence agents. How to configure fencing please read https://access.redhat.com/documentation/en/red-hat-openstack-platform/8/paged/director-installation-and-usage/86-fencing-the-controller-nodes

hosts: {{ controller_rolename | default(‘Controller’) }}
groups: post-deployment, post-update, pre-update
parameters:
roles: stonith_exists

Role documentation

stonith_exists
- Role Documentation
  - Role Variables: main.yml
  - Molecule Scenarios

tripleo-haproxy¶

TripleO HAProxy configuration.

Verify the HAProxy configuration has recommended values.

hosts: haproxy
groups: post-deployment, post-update, pre-update
parameters:
- config_file: /var/lib/config-data/puppet-generated/haproxy/etc/haproxy/haproxy.cfg
- global_maxconn_min: 20480
- defaults_maxconn_min: 4096
- defaults_timeout_queue: 2m
- defaults_timeout_client: 2m
- defaults_timeout_server: 2m
- defaults_timeout_check: 10s
roles: tripleo_haproxy

Role documentation

tripleo_haproxy
- About The Role
- Full Description
  - Role Documentation
    - Role Defaults
    - Molecule Scenarios

undercloud-disabled-services¶

Verify undercloud services state before running update or upgrade.

Check undercloud status before running a stack update - especially minor update and major upgrade.

hosts: undercloud
groups: post-upgrade, pre-upgrade, post-update, pre-update
parameters:
roles: undercloud_disabled_services

Role documentation

undercloud_disabled_services
- Role Documentation
  - Role Defaults
  - Role Variables: main.yaml

undercloud-service-status¶

Verify undercloud services state before running update or upgrade.

Check undercloud status before running a stack update - especially minor update and major upgrade.

hosts: undercloud
groups: backup-and-restore, post-upgrade, pre-upgrade, post-update, pre-update
parameters:
roles: undercloud_service_status

Role documentation

undercloud_service_status

post-update

post-update¶

check-reboot¶

container-status¶

controller-token¶

controller-ulimits¶

fips-enabled¶

healthcheck-service-status¶

image-serve¶

mysql-open-files-limit¶

neutron-sanity-check¶

nova-event-callback¶

nova-svirt¶

openstack-endpoints¶

rabbitmq-limits¶

stonith-exists¶

tripleo-haproxy¶

undercloud-disabled-services¶

undercloud-service-status¶

tripleo-validations 14.3.2.dev43

Page Contents