pre-deployment

512e

Advanced Format 512e Support.

Detect whether the undercloud disks use Advanced Format. If they do, the overcloud images may fail to upload to Glance.

  • hosts: undercloud

  • groups: prep, pre-deployment

  • parameters:

  • roles: advanced_format_512e_support

Role documentation

ceilometerdb-size

Events Database Size Check (DEPRECATED).

The undercloud’s events database can grow to a substantial size if event_time_to_live is set to a negative value (infinite limit). This validation checks event_time_to_live and fails if the variable is set to a negative value or if it has no custom setting (their value is -1 by default). WARNING! This validation is considered as deprecated since Train release

  • hosts: undercloud

  • groups: pre-deployment

  • parameters:

    • event_ttl_check: event_time_to_live

    • panko_config_file: /var/lib/config-data/puppet-generated/panko/etc/panko/panko.conf

  • roles: ceilometerdb_size

Role documentation

ceph-ansible-installed

Check if ceph-ansible is installed on the undercloud.

Prints a message if ceph-ansible isn’t installed

  • hosts: undercloud

  • groups: pre-deployment, pre-ceph

  • parameters:

    • fail_without_ceph_ansible: False

    • ceph_ansible_repo: centos-ceph-nautilus

  • roles: ceph

Role documentation

ceph-dependencies-installed

Check if Ceph dependencies are installed.

Prints a message if a ceph dependency is missed

  • hosts: overcloud

  • groups: pre-deployment, pre-ceph

  • parameters:

    • fail_without_deps: True

    • tripleo_delegate_to: {{ groups[‘overcloud’] | default([]) }}

    • packages: [‘lvm2’]

  • roles: ceph

Role documentation

ceph-pg

Validate requested Ceph Placement Groups.

In Ceph Lumionus and newer the Placement Group overdose protection check (https://ceph.com/community/new-luminous-pg-overdose-protection) is executed by Ceph before a pool is created. If the check does not pass, then the pool is not created. When TripleO deploys Ceph it triggers ceph-ansible which creates the pools that OpenStack needs. This validation runs the same check that the overdose protection uses to determine if the user should update their CephPools, PG count, or number of OSD. Without this check a deployer may have to wait until after Ceph is running but before the pools are created to realize the deployment will fail.

  • hosts: undercloud

  • groups: pre-deployment, post-ceph

  • parameters:

  • roles: ceph

Role documentation

collect-flavors-and-verify-profiles

Collect and verify role flavors.

This validation checks the flavors assigned to roles exist and have the correct capabilities set.

  • hosts: undercloud

  • groups: pre-deployment, pre-upgrade

  • parameters:

  • roles: collect_flavors_and_verify_profiles

Role documentation

default-node-count

Verify hypervisor statistics.

This validation checks that the nodes and hypervisor statistics add up.

  • hosts: undercloud

  • groups: pre-deployment

  • parameters:

  • roles: default_node_count

Role documentation

dhcp-provisioning

DHCP on the Provisioning Network.

An unexpected DHCP server on the provisioning network can cause problems with deploying the Ironic nodes. This validation checks for DHCP responses on the undercloud’s provisioning interface (eth1 by default) and fails if there are any.

  • hosts: undercloud

  • groups: pre-deployment

  • parameters:

  • roles: dhcp_validations

Role documentation

dns

Verify DNS.

Verify that the DNS resolution works

  • hosts: undercloud, overcloud

  • groups: pre-deployment

  • parameters:

    • server_to_lookup: example.com

  • roles: dns

Role documentation

ironic-boot-configuration

Check Ironic boot configuration.

Check if baremetal boot configuration is correct.

  • hosts: undercloud

  • groups: pre-deployment, pre-upgrade

  • parameters:

  • roles: ironic_boot_configuration

Role documentation

network-environment

Validate the Heat environment file for network configuration.

This validates the network environment and nic-config files that specify the overcloud network configuration and are stored in the current plan’s Swift container. The deployers are expected to write these files themselves as described in the Network Isolation guide: http://tripleo.org/advanced_deployment/network_isolation.html

  • hosts: undercloud

  • groups: pre-deployment

  • parameters:

    • network_environment_path: environments/network-environment.yaml

    • plan_env_path: plan-environment.yaml

    • ip_pools_path: environments/ips-from-pool-all.yaml

  • roles: network_environment

Role documentation

node-disks

Check node disk configuration.

Check node disk numbers and sizes and whether root device hints are set.

  • hosts: undercloud

  • groups: pre-deployment

  • parameters:

    • ironic_conf_file: /var/lib/config-data/puppet-generated/ironic/etc/ironic/ironic.conf

  • roles: node_disks

Role documentation

service-status

Ensure services state.

Detect services status on the target host and fails if we find a failed service.

  • hosts: undercloud, overcloud

  • groups: prep, pre-deployment, pre-upgrade, post-deployment, post-upgrade

  • parameters:

  • roles: service_status

Role documentation

switch-vlans

Compare switch port VLANs to VLANs in nic config.

LLDP data received during introspection contains the configured VLANs for each switch port attached to the nodes interfaces. Compare the VLAN IDs set on the switch port to those configured in nic config files. Since the mapping of roles to nodes isn’t known prior to deployment, this check can only check VLANs across all switch ports, not on a particular switch port.

  • hosts: undercloud

  • groups: pre-deployment

  • parameters:

    • network_environment_path: environments/network-environment.yaml

    • ironic_inspector_conf_file: /var/lib/config-data/puppet-generated/ironic_inspector/etc/ironic-inspector/inspector.conf

  • roles: switch_vlans

Role documentation

tls-everywhere-pre-deployment

Confirm undercloud is setup correctly prior to overcloud deploy.

Checks that the undercloud has novajoin set up corectly and that we are ready to do the overcloud deploy with tls-everywhere.

  • hosts: undercloud

  • groups: pre-deployment

  • parameters:

  • roles: tls_everywhere

Role documentation

undercloud-debug

Undercloud Services Debug Check.

The undercloud’s openstack services should _not_ have debug enabled. This will check if debug is enabled on undercloud services. If debug is enabled, the root filesystem can fill up quickly, and is not a good thing.

  • hosts: undercloud

  • groups: pre-deployment

  • parameters:

    • debug_check: True

  • roles: undercloud_debug

Role documentation

undercloud-heat-purge-deleted

Verify heat-manage purge_deleted is enabled in crontab.

Without a purge_deleted crontab enabled, the heat database can grow very large. This validation checks that the purge_deleted crontab has been set up.

  • hosts: undercloud

  • groups: pre-upgrade, pre-deployment

  • parameters:

    • cron_check: heat-manage purge_deleted

  • roles: undercloud_heat_purge_deleted

Role documentation

undercloud-process-count

Check the number of OpenStack processes on undercloud.

The default settings for OpenStack is to run one process (heat-engine, keystone, etc.) per CPU core. On a machine with a lot of cores this is both unnecessary and can consume a significant amount of RAM, leading to crashes due to OOMKiller.

  • hosts: undercloud

  • groups: pre-deployment

  • parameters:

    • max_process_count: 8

  • roles: undercloud_process_count

Role documentation

validate-selinux

validate-selinux.

Ensures we don’t have any SELinux denials on the system

  • hosts: all

  • groups: pre-deployment, post-deployment, pre-upgrade, post-upgrade

  • parameters:

    • validate_selinux_working_dir: /var/log/validations

    • validate_selinux_audit_source: /var/log/audit/audit.log

    • validate_selinux_skip_list_dest: {{ validate_selinux_working_dir }}/denials-skip-list.txt

    • validate_selinux_filtered_denials_dest: {{ validate_selinux_working_dir }}/denials-filtered.log

    • validate_selinux_strict: False

    • validate_selinux_filter: None

    • validate_selinux_skip_list: {}

  • roles: validate_selinux

Role documentation