pre-update¶
check-for-dangling-images¶
Check for podman dangling images.
Make sure before update we do not have any dangling images.
hosts: undercloud
groups: pre-update
parameters:
check_for_dangling_images_debug: False
roles: check_for_dangling_images
Role documentation
check-reboot¶
Verify if a reboot is necessary with yum-utils.
This validation checks if a reboot is necessary with yum-utils with the option: needs-restarting -r
hosts: all
groups: pre-upgrade, pre-update, post-upgrade, post-update
parameters:
roles: check_reboot
Role documentation
compute-tsx¶
RHEL8.x kernel flag for Compute nodes validation.
RHEL-8.3 kernel disabled the Intel TSX (Transactional Synchronization Extensions) feature by default as a preemptive security measure, but it breaks live migration from RHEL-7.9 (or even RHEL-8.1 or RHEL-8.2) to RHEL-8.3.
Operators are expected to explicitly define the TSX flag in their KernelArgs for the compute role to prevent live-migration issues during the upgrade process.
This also impacts upstream CentOS systems.
hosts: nova_libvirt
groups: pre-upgrade, pre-system-upgrade, pre-overcloud-prepare, pre-overcloud-upgrade, pre-overcloud-converge, pre-update, pre-update-prepare, pre-update-run, pre-update-converge
parameters:
compute_tsx_debug: False
compute_tsx_warning: False
roles: compute_tsx
Role documentation
container-status¶
Ensure container status.
Detect failed containers and raise an error.
hosts: undercloud, allovercloud
groups: backup-and-restore, pre-upgrade, pre-update, post-deployment, post-upgrade
parameters:
roles: container_status
Role documentation
openstack-endpoints¶
Check connectivity to various OpenStack services.
This validation gets the PublicVip address from the deployment and tries to access Horizon and get a Keystone token.
hosts: undercloud
groups: post-deployment, pre-upgrade, post-upgrade, pre-update, post-update
parameters:
roles: openstack_endpoints
Role documentation
package-version¶
package-version.
Ensures we can access the wanted package version. Especially useful when you are switching repositories, for instance during an upgrade.
hosts: all
groups: prep, pre-deployment, pre-upgrade, pre-update, pre-system-upgrade, pre-undercloud-upgrade, pre-overcloud-prepare, pre-overcloud-upgrade, pre-overcloud-converge, pre-ceph
parameters:
package_version_debug: False
roles: package_version
Role documentation
repos¶
Check correctness of current repositories.
Detect whether the repositories listed in yum repolist can be connected to and that there is at least one repo configured.
Detect if there are any unwanted repositories (such as EPEL) enabled.
hosts: undercloud, allovercloud
groups: pre-upgrade, pre-update
parameters:
roles: repos
Role documentation
system-encoding¶
System encoding.
Ensure the local is unicode
hosts: all
groups: pre-deployment, pre-upgrade, pre-update
parameters:
system_encoding_debug: False
roles: system_encoding
Role documentation
undercloud-disabled-services¶
Verify undercloud services state before running update or upgrade.
Check undercloud status before running a stack update - especially minor update and major upgrade.
hosts: undercloud
groups: post-upgrade, pre-upgrade, post-update, pre-update
parameters:
roles: undercloud_disabled_services
Role documentation
undercloud-ipa-server-check¶
Verify that the IPA server has the right permissions and ACI.
This validation is relevant for systems where TLS Everywhere is enabled.
A new ACI is needed on the FreeIPA server to ensure that certificates with IP SANs can be issued. This ACI will be delivered by default from FreeIPA 4.8.5.
In addition, a new permission is needed to add DNS zones for tripleo-ipa. This permission is an addition to the current permissions for the Nova Host Manager role.
This validation confirms that the new permission and ACI are present.
https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/features/tls-introduction.html
hosts: undercloud
groups: pre-upgrade, pre-update
parameters:
roles: tls_everywhere
Role documentation
undercloud-proxy-validation¶
Verify proxy variables are properly set.
Check proxy configuration before running a stack update - especially minor update and major upgrade.
hosts: undercloud
groups: backup-and-restore, post-upgrade, pre-upgrade, post-update, pre-update
parameters:
roles: undercloud_proxy_validation
Role documentation
undercloud-service-status¶
Verify undercloud services state before running update or upgrade.
Check undercloud status before running a stack update - especially minor update and major upgrade.
hosts: undercloud
groups: backup-and-restore, post-upgrade, pre-upgrade, post-update, pre-update
parameters:
roles: undercloud_service_status
Role documentation
undercloud-sysctl¶
Verify undercloud sysctl option availability.
The undercloud will not install properly if some of the expected sysctl values are not available to be set.
hosts: undercloud
groups: prep, pre-upgrade, pre-update
parameters:
roles: undercloud_sysctl
Role documentation
validate-passwords-file¶
Check Undercloud passwords file.
Disallow updates if the passwords file is missing. If the undercloud was already deployed, the passwords file needs to be present so passwords that can’t be changed are persisted. If the file is missing it will break the undercloud, so we should fail-fast and let the user know about the problem. Both the old and new path to the file is checked. If either is found, the validation will pass as the old path will be migrated to the new during and update/upgrade.
hosts: undercloud
groups: prep, pre-upgrade, pre-update
parameters:
roles: validate_passwords_file
Role documentation
