Test checks Plugins
avc
Warning
Please, be aware that the documentation below is a work in progress. We are working on fixing it, adding missing bits and generally making it better. Also, it was originally used for command line help only, therefore the formatting is often suboptional.
Check for SELinux AVC denials raised during the test.
The check collects SELinux AVC denials from the audit log,
gathers details about them, and together with versions of
the selinux-policy and related packages stores them in
a report file after the test.
check:
- name: avc
New in version 1.28.
Configuration
Common Keys
- enabled:
true|false Whether the check is enabled or not.
Default:
true
dmesg
Save the content of kernel ring buffer (aka “console”) into a file.
The check saves one file before the test, and then again when test finishes.
check:
- how: dmesg
Check will identify patterns that signal kernel crashes and core dumps, and when detected, it will report as failed result. It is possible to define custom patterns:
check:
- how: dmesg
failure-pattern:
# These are default patterns
- 'Call Trace:
- '\ssegfault\s'
# More patterns to look for
- '\[Firmware Bug\]'
New in version 1.28.
Changed in version 1.33: failure-pattern has been added.
Configuration
- failure-pattern:
PATTERN List of regular expressions to look for in
dmesgoutput. If any of patterns is found,dmesgcheck will reportfailresult.Default:
Call Trace:,\ssegfault\s
Common Keys
- enabled:
true|false Whether the check is enabled or not.
Default:
true
watchdog
Warning
Please, be aware that the documentation below is a work in progress. We are working on fixing it, adding missing bits and generally making it better. Also, it was originally used for command line help only, therefore the formatting is often suboptional.
Take various actions when guest becomes unresponsive.
Watchdog runs selected probes every now and then, and when a given number of probes fail, watchdog would run one or more of the predefined actions.
Check comes with two probes, “ping” and “SSH ping”, and single action, “reboot”.
“ping” uses the classic ICMP echo to check whether the guest is still up and running,
“SSH ping” tries to establish SSH connection,
“reboot” action issues a hard reboot of the guest.
Each probe has a “budget” of allowed failures, and when it runs out, the action is taken. A successful probe replenishes its budget to the original level.
Multiple probes can be enabled at the same time, for the action to happen it’s enough if just one of them runs out of its budget.
check:
- how: watchdog
ping: true
reboot: true
check:
- how: watchdog
# Use only SSH ping.
ping: false
ssh-ping: true
# Try every 5 minutes, allow 7 failed attempts, and reboot
# the guest when we run out of attempts.
interval: 300
reboot: true
ssh-ping-threshold: 7
New in version 1.32.
Configuration
- interval:
How often should the watchdog run, in seconds.
Default:
60- ping:
true|false If enabled, watchdog would probe guest’s responsiveness with ICMP packets.
Default:
false- ping-packets:
How many ICMP packates to send as one probe.
Default:
1- ping-threshold:
How many failed ping probes before taking any further action.
Default:
10- reboot:
true|false If enabled, watchdog would reboot the guest after enough failed probes.
Default:
false- ssh-ping:
true|false If enabled, watchdog would probe guest’s responsiveness by connecting to its SSH port.
Default:
false- ssh-ping-threshold:
How many failed SSH connections before taking any further action.
Default:
10
Common Keys
- enabled:
true|false Whether the check is enabled or not.
Default:
true