pre-upgrade

check-ftype

XFS ftype check.

Check if there is at least 1 XFS volume with ftype=0 in any deployed node.

  • hosts: undercloud, overcloud

  • groups: pre-upgrade

  • parameters:

  • roles: xfs_check_ftype

Role documentation

check-latest-packages-version

Check if latest version of packages is installed.

Makes sure python-tripleoclient is at its latest version before starting an upgrade.

  • hosts: undercloud

  • groups: pre-upgrade

  • parameters:

  • roles: check_latest_packages_version

Role documentation

collect-flavors-and-verify-profiles

Collect and verify role flavors.

This validation checks the flavors assigned to roles exist and have the correct capabilities set.

  • hosts: undercloud

  • groups: pre-deployment, pre-upgrade

  • parameters:

  • roles: collect_flavors_and_verify_profiles

Role documentation

container-status

Ensure container status.

Detect failed containers and raise an error.

  • hosts: undercloud, overcloud

  • groups: pre-upgrade, post-deployment, post-upgrade

  • parameters:

  • roles: container_status

Role documentation

containerized-undercloud-docker

Verify docker containers are up and ports are open.

Ensure relevant docker containers are up and running, with ports open to listen. We iterate through a list of container names and ports provided in defaults, and ensure the system has those available.

  • hosts: undercloud

  • groups: post-deployment, pre-upgrade

  • parameters:

    • open_ports: [111, 873, 3000, 3306, 4369, 5000, 5050, 5672, 6000, 6001, 6002, 6379, 6385, 8000, 8004, 8080, 8088, 8774, 8775, 8778, 8787, 8888, 8989, 9000, 9292, 9696, 11211, 15672, 25672, 35357, 39422, {‘port’: 22, ‘search_regex’: ‘OpenSSH’}]

    • running_containers: [‘glance_api’, ‘heat_api’, ‘heat_api_cfn’, ‘heat_api_cron’, ‘heat_engine’, ‘ironic_api’, ‘ironic_conductor’, ‘ironic_inspector’, ‘ironic_inspector_dnsmasq’, ‘ironic_neutron_agent’, ‘ironic_pxe_http’, ‘ironic_pxe_tftp’, ‘iscsid’, ‘keystone’, ‘keystone_cron’, ‘logrotate_crond’, ‘memcached’, ‘mistral_api’, ‘mistral_engine’, ‘mistral_event_engine’, ‘mistral_executor’, ‘mysql’, ‘neutron_api’, ‘neutron_dhcp’, ‘neutron_l3_agent’, ‘neutron_ovs_agent’, ‘nova_api’, ‘nova_api_cron’, ‘nova_compute’, ‘nova_conductor’, ‘nova_metadata’, ‘nova_placement’, ‘nova_scheduler’, ‘rabbitmq’, ‘swift_account_auditor’, ‘swift_account_reaper’, ‘swift_account_replicator’, ‘swift_account_server’, ‘swift_container_auditor’, ‘swift_container_replicator’, ‘swift_container_server’, ‘swift_container_updater’, ‘swift_object_auditor’, ‘swift_object_expirer’, ‘swift_object_replicator’, ‘swift_object_server’, ‘swift_object_updater’, ‘swift_proxy’, ‘swift_rsync’, ‘tripleo_ui’, ‘zaqar’, ‘zaqar_websocket’]

  • roles: containerized_undercloud_docker

Role documentation

image-serve

Verify image-serve service is working and answering.

Ensures image-serve vhost is configured and httpd is running.

  • hosts: undercloud

  • groups: pre-upgrade, post-deployment, post-upgrade

  • parameters:

  • roles: image_serve

Role documentation

ironic-boot-configuration

Check Ironic boot configuration.

Check if baremetal boot configuration is correct.

  • hosts: undercloud

  • groups: pre-deployment, pre-upgrade

  • parameters:

  • roles: ironic_boot_configuration

Role documentation

node-health

Node health check.

Check if all overcloud nodes can be connected to before starting a scale-up or an upgrade.

  • hosts: undercloud

  • groups: pre-upgrade

  • parameters:

  • roles: node_health

Role documentation

nova-status

Nova Status Upgrade Check.

Performs a release-specific readiness check before restarting services with new code. This command expects to have complete configuration and access to databases and services within a cell. For example, this check may query the Nova API database and one or more cell databases. It may also make requests to other services such as the Placement REST API via the Keystone service catalog The nova-status upgrade check command has three standard return codes: 0 -> All upgrade readiness checks passed successfully and there is nothing to do. 1 -> At least one check encountered an issue and requires further investigation. This is considered a warning but the upgrade may be OK. 2 -> There was an upgrade status check failure that needs to be investigated. This should be considered something that stops an upgrade.

  • hosts: nova_api

  • groups: pre-upgrade

  • parameters:

  • roles: nova_status

Role documentation

openstack-endpoints

Check connectivity to various OpenStack services.

This validation gets the PublicVip address from the deployment and tries to access Horizon and get a Keystone token.

  • hosts: undercloud

  • groups: post-deployment, pre-upgrade, post-upgrade

  • parameters:

  • roles: openstack_endpoints

Role documentation

repos

Check correctness of current repositories.

Detect whether the repositories listed in yum repolist can be connected to and that there is at least one repo configured. Detect if there are any unwanted repositories (such as EPEL) enabled.

  • hosts: undercloud, overcloud

  • groups: pre-upgrade

  • parameters:

  • roles: repos

Role documentation

service-status

Ensure services state.

Detect services status on the target host and fails if we find a failed service.

  • hosts: undercloud, overcloud

  • groups: prep, pre-deployment, pre-upgrade, post-deployment, post-upgrade

  • parameters:

  • roles: service_status

Role documentation

stack-health

Stack Health Check.

Check if all stack resources are in a ‘COMPLETE’ state before starting an upgrade.

  • hosts: undercloud

  • groups: pre-upgrade, post-upgrade

  • parameters:

  • roles: stack_health

Role documentation

undercloud-disk-space-pre-upgrade

Verify undercloud fits the disk space requirements to perform an upgrade.

Make sure that the root partition on the undercloud node has enough free space before starting an upgrade http://tripleo.org/install/environments/baremetal.html#minimum-system-requirements

  • hosts: undercloud

  • groups: pre-upgrade

  • parameters:

    • volumes: [{‘mount’: ‘/var/lib/docker’, ‘min_size’: 10}, {‘mount’: ‘/var/lib/config-data’, ‘min_size’: 3}, {‘mount’: ‘/var’, ‘min_size’: 16}, {‘mount’: ‘/’, ‘min_size’: 20}]

  • roles: undercloud_disk_space

Role documentation

undercloud-heat-purge-deleted

Verify heat-manage purge_deleted is enabled in crontab.

Without a purge_deleted crontab enabled, the heat database can grow very large. This validation checks that the purge_deleted crontab has been set up.

  • hosts: undercloud

  • groups: pre-upgrade, pre-deployment

  • parameters:

    • cron_check: heat-manage purge_deleted

  • roles: undercloud_heat_purge_deleted

Role documentation

undercloud-ram

Verify the undercloud fits the RAM requirements.

Verify that the undercloud has enough RAM. https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/15/html/director_installation_and_usage/planning-your-undercloud#determining-environment-scale

  • hosts: undercloud

  • groups: prep, pre-introspection, pre-upgrade

  • parameters:

    • min_undercloud_ram_gb: 24

  • roles: undercloud_ram

Role documentation

undercloud-service-status

Verify undercloud services state before running update or upgrade.

Check undercloud status before running a stack update - especially minor update and major upgrade.

  • hosts: undercloud

  • groups: post-upgrade, pre-upgrade

  • parameters:

  • roles: undercloud_service_status

Role documentation

validate-selinux

validate-selinux.

Ensures we don’t have any SELinux denials on the system

  • hosts: all

  • groups: pre-deployment, post-deployment, pre-upgrade, post-upgrade

  • parameters:

    • validate_selinux_working_dir: /var/log/validations

    • validate_selinux_audit_source: /var/log/audit/audit.log

    • validate_selinux_skip_list_dest: {{ validate_selinux_working_dir }}/denials-skip-list.txt

    • validate_selinux_filtered_denials_dest: {{ validate_selinux_working_dir }}/denials-filtered.log

    • validate_selinux_strict: False

    • validate_selinux_filter: None

    • validate_selinux_skip_list: {}

  • roles: validate_selinux

Role documentation