pre-upgrade =========== .. _pre-upgrade_check-reboot: check-reboot ------------ Verify if a reboot is necessary with yum-utils. This validation checks if a reboot is necessary with yum-utils with the option: needs-restarting -r - **hosts**: all - **groups**: pre-upgrade, pre-update, post-upgrade, post-update - **parameters**: - **roles**: check_reboot Role documentation .. toctree:: roles/role-check_reboot .. _pre-upgrade_collect-flavors-and-verify-profiles: collect-flavors-and-verify-profiles ----------------------------------- Collect and verify role flavors. This validation checks the flavors assigned to roles exist and have the correct capabilities set. - **hosts**: undercloud - **groups**: pre-upgrade - **parameters**: - **roles**: collect_flavors_and_verify_profiles Role documentation .. toctree:: roles/role-collect_flavors_and_verify_profiles .. _pre-upgrade_compute-tsx: compute-tsx ----------- RHEL8.x kernel flag for Compute nodes validation. RHEL-8.3 kernel disabled the Intel TSX (Transactional Synchronization Extensions) feature by default as a preemptive security measure, but it breaks live migration from RHEL-7.9 (or even RHEL-8.1 or RHEL-8.2) to RHEL-8.3. Operators are expected to explicitly define the TSX flag in their KernelArgs for the compute role to prevent live-migration issues during the upgrade process. This also impacts upstream CentOS systems. - **hosts**: nova_libvirt - **groups**: pre-upgrade, pre-system-upgrade, pre-overcloud-prepare, pre-overcloud-upgrade, pre-overcloud-converge, pre-update, pre-update-prepare, pre-update-run, pre-update-converge - **parameters**: - **compute_tsx_debug**: False - **compute_tsx_warning**: False - **roles**: compute_tsx Role documentation .. toctree:: roles/role-compute_tsx .. _pre-upgrade_container-status: container-status ---------------- Ensure container status. Detect failed containers and raise an error. - **hosts**: undercloud, allovercloud - **groups**: backup-and-restore, pre-upgrade, pre-update, post-deployment, post-upgrade - **parameters**: - **roles**: container_status Role documentation .. toctree:: roles/role-container_status .. _pre-upgrade_deprecated-services: deprecated-services ------------------- Check if roles data doesn't include deprecated services. Validate that the custom roles_data.yaml provided in the upgrade prepare step doesn't have any deprecated services. This has been an issue among customers for a long time, which has been addressed by documentation. However, we should have some way to alert the user that the roles_data they provide has deprecated services before starting the upgrade procedure and getting an ugly error. - **hosts**: undercloud - **groups**: pre-upgrade - **parameters**: - **roles**: deprecated_services Role documentation .. toctree:: roles/role-deprecated_services .. _pre-upgrade_image-serve: image-serve ----------- Verify image-serve service is working and answering. Ensures image-serve vhost is configured and httpd is running. - **hosts**: undercloud - **groups**: backup-and-restore, pre-upgrade, post-deployment, post-upgrade - **parameters**: - **roles**: image_serve Role documentation .. toctree:: roles/role-image_serve .. _pre-upgrade_ironic-boot-configuration: ironic-boot-configuration ------------------------- Check Ironic boot configuration. Check if baremetal boot configuration is correct. - **hosts**: localhost - **groups**: pre-deployment, pre-upgrade - **parameters**: - **roles**: ironic_boot_configuration Role documentation .. toctree:: roles/role-ironic_boot_configuration .. _pre-upgrade_node-health: node-health ----------- Node health check. Check if all overcloud nodes can be connected to before starting a scale-up or an upgrade. Validation requires cloud authentication details in the form of accessible clouds.yaml file to be correctly executed. - **hosts**: localhost - **groups**: pre-upgrade - **parameters**: - **roles**: node_health Role documentation .. toctree:: roles/role-node_health .. _pre-upgrade_nova-status: nova-status ----------- Nova Status Upgrade Check. Performs a release-specific readiness check before restarting services with new code. This command expects to have complete configuration and access to databases and services within a cell. For example, this check may query the Nova API database and one or more cell databases. It may also make requests to other services such as the Placement REST API via the Keystone service catalog The nova-status upgrade check command has three standard return codes: 0 -> All upgrade readiness checks passed successfully and there is nothing to do. 1 -> At least one check encountered an issue and requires further investigation. This is considered a warning but the upgrade may be OK. 2 -> There was an upgrade status check failure that needs to be investigated. This should be considered something that stops an upgrade. - **hosts**: nova_api - **groups**: backup-and-restore, pre-upgrade - **parameters**: - **roles**: nova_status Role documentation .. toctree:: roles/role-nova_status .. _pre-upgrade_openstack-endpoints: openstack-endpoints ------------------- Check connectivity to various OpenStack services. This validation gets the PublicVip address from the deployment and tries to access Horizon and get a Keystone token. - **hosts**: undercloud - **groups**: post-deployment, pre-upgrade, post-upgrade, pre-update, post-update - **parameters**: - **roles**: openstack_endpoints Role documentation .. toctree:: roles/role-openstack_endpoints .. _pre-upgrade_package-version: package-version --------------- package-version. Ensures we can access the wanted package version. Especially useful when you are switching repositories, for instance during an upgrade. - **hosts**: all - **groups**: prep, pre-deployment, pre-upgrade, pre-update, pre-system-upgrade, pre-undercloud-upgrade, pre-overcloud-prepare, pre-overcloud-upgrade, pre-overcloud-converge, pre-ceph - **parameters**: - **package_version_debug**: False - **roles**: package_version Role documentation .. toctree:: roles/role-package_version .. _pre-upgrade_repos: repos ----- Check correctness of current repositories. Detect whether the repositories listed in `yum repolist` can be connected to and that there is at least one repo configured. Detect if there are any unwanted repositories (such as EPEL) enabled. - **hosts**: undercloud, allovercloud - **groups**: pre-upgrade, pre-update - **parameters**: - **roles**: repos Role documentation .. toctree:: roles/role-repos .. _pre-upgrade_stack-health: stack-health ------------ Stack Health Check. Check if all stack resources are in a 'COMPLETE' state before starting an upgrade. - **hosts**: undercloud - **groups**: pre-upgrade, post-upgrade - **parameters**: - **roles**: stack_health Role documentation .. toctree:: roles/role-stack_health .. _pre-upgrade_system-encoding: system-encoding --------------- System encoding. Ensure the local is unicode - **hosts**: all - **groups**: pre-deployment, pre-upgrade, pre-update - **parameters**: - **system_encoding_debug**: False - **roles**: system_encoding Role documentation .. toctree:: roles/role-system_encoding .. _pre-upgrade_tripleo-latest-packages-version: tripleo-latest-packages-version ------------------------------- Check if latest version of TripleO packages is installed. Make sure a list of TripleO packages are at its latest version before starting an upgrade. - **hosts**: undercloud - **groups**: pre-upgrade - **parameters**: - **packages_list**: ['python3-tripleoclient'] - **roles**: check_latest_packages_version Role documentation - `check_latest_packages_version `_ from `openstack/validations-common `_ .. _pre-upgrade_undercloud-disabled-services: undercloud-disabled-services ---------------------------- Verify undercloud services state before running update or upgrade. Check undercloud status before running a stack update - especially minor update and major upgrade. - **hosts**: undercloud - **groups**: backup-and-restore, post-upgrade, pre-upgrade, post-update, pre-update - **parameters**: - **roles**: undercloud_disabled_services Role documentation .. toctree:: roles/role-undercloud_disabled_services .. _pre-upgrade_undercloud-disk-space-pre-upgrade: undercloud-disk-space-pre-upgrade --------------------------------- Verify undercloud fits the disk space requirements to perform an upgrade. Make sure that the root partition on the undercloud node has enough free space before starting an upgrade http://tripleo.org/install/environments/baremetal.html#minimum-system-requirements - **hosts**: undercloud - **groups**: pre-upgrade - **parameters**: - **volumes**: [{'mount': '/var/lib/docker', 'min_size': 10}, {'mount': '/var/lib/config-data', 'min_size': 3}, {'mount': '/var', 'min_size': 16}, {'mount': '/', 'min_size': 20}] - **roles**: undercloud_disk_space Role documentation .. toctree:: roles/role-undercloud_disk_space .. _pre-upgrade_undercloud-ipa-server-check: undercloud-ipa-server-check --------------------------- Verify that the IPA server has the right permissions and ACI. This validation is relevant for systems where TLS Everywhere is enabled. A new ACI is needed on the FreeIPA server to ensure that certificates with IP SANs can be issued. This ACI will be delivered by default from FreeIPA 4.8.5. In addition, a new permission is needed to add DNS zones for tripleo-ipa. This permission is an addition to the current permissions for the Nova Host Manager role. This validation confirms that the new permission and ACI are present. https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/features/tls-introduction.html - **hosts**: undercloud - **groups**: pre-upgrade, pre-update - **parameters**: - **roles**: tls_everywhere Role documentation .. toctree:: roles/role-tls_everywhere .. _pre-upgrade_undercloud-proxy-validation: undercloud-proxy-validation --------------------------- Verify proxy variables are properly set. Check proxy configuration before running a stack update - especially minor update and major upgrade. - **hosts**: undercloud - **groups**: backup-and-restore, post-upgrade, pre-upgrade, post-update, pre-update - **parameters**: - **roles**: undercloud_proxy_validation Role documentation .. toctree:: roles/role-undercloud_proxy_validation .. _pre-upgrade_undercloud-service-status: undercloud-service-status ------------------------- Verify undercloud services state before running update or upgrade. Check undercloud status before running a stack update - especially minor update and major upgrade. - **hosts**: undercloud - **groups**: backup-and-restore, post-upgrade, pre-upgrade, post-update, pre-update - **parameters**: - **roles**: undercloud_service_status Role documentation .. toctree:: roles/role-undercloud_service_status .. _pre-upgrade_undercloud-sysctl: undercloud-sysctl ----------------- Verify undercloud sysctl option availability. The undercloud will not install properly if some of the expected sysctl values are not available to be set. - **hosts**: undercloud - **groups**: prep, pre-upgrade, pre-update - **parameters**: - **roles**: undercloud_sysctl Role documentation .. toctree:: roles/role-undercloud_sysctl .. _pre-upgrade_validate-passwords-file: validate-passwords-file ----------------------- Check Undercloud passwords file. Disallow updates if the passwords file is missing. If the undercloud was already deployed, the passwords file needs to be present so passwords that can't be changed are persisted. If the file is missing it will break the undercloud, so we should fail-fast and let the user know about the problem. Both the old and new path to the file is checked. If either is found, the validation will pass as the old path will be migrated to the new during and update/upgrade. - **hosts**: undercloud - **groups**: prep, pre-upgrade, pre-update - **parameters**: - **roles**: validate_passwords_file Role documentation .. toctree:: roles/role-validate_passwords_file