Test checks Plugins
Common Keys
The following keys are accepted by all plugins of the test-checks
step.
- enabled:
true|false
Whether the check is enabled or not.
Default:
true
avc
Check for SELinux AVC denials raised during the test.
The check collects SELinux AVC denials from the audit log,
gathers details about them, and together with versions of
the selinux-policy
and related packages stores them in
a report file after the test.
check:
- name: avc
Note
To work correctly, the check requires SELinux to be enabled on the
guest, and auditd
must be running. Without SELinux, the
check will turn into no-op, reporting
skip result, and
without auditd
, the check will discover no AVC denials,
reporting pass.
If the test manipulates auditd
or SELinux in general, the
check may report unexpected results.
Added in version 1.28.
dmesg
Save the content of kernel ring buffer (aka “console”) into a file.
The check saves one file before the test, and then again when test finishes.
check:
- how: dmesg
Check will identify patterns that signal kernel crashes and core dumps, and when detected, it will report as failed result. It is possible to define custom patterns:
check:
- how: dmesg
failure-pattern:
# These are default patterns
- 'Call Trace:
- '\ssegfault\s'
# More patterns to look for
- '\[Firmware Bug\]'
Added in version 1.28.
Changed in version 1.33: failure-pattern
has been added.
Configuration
See also Common Keys accepted by the plugin.
- failure-pattern:
PATTERN
List of regular expressions to look for in
dmesg
output. If any of patterns is found,dmesg
check will reportfail
result.Default:
Call Trace:
,\ssegfault\s
watchdog
Warning
Please, be aware that the documentation below is a work in progress. We are working on fixing it, adding missing bits and generally making it better. Also, it was originally used for command line help only, therefore the formatting is often suboptional.
Take various actions when guest becomes unresponsive.
Watchdog runs selected probes every now and then, and when a given number of probes fail, watchdog would run one or more of the predefined actions.
Check comes with two probes, “ping” and “SSH ping”, and single action, “reboot”.
“ping” uses the classic ICMP echo to check whether the guest is still up and running,
“SSH ping” tries to establish SSH connection,
“reboot” action issues a hard reboot of the guest.
Warning
Be aware that this feature may be limited depending on how the guest was provisioned. See Hard reboot.
Each probe has a “budget” of allowed failures, and when it runs out, the action is taken. A successful probe replenishes its budget to the original level.
Multiple probes can be enabled at the same time, for the action to happen it’s enough if just one of them runs out of its budget.
check:
- how: watchdog
ping: true
reboot: true
check:
- how: watchdog
# Use only SSH ping.
ping: false
ssh-ping: true
# Try every 5 minutes, allow 7 failed attempts, and reboot
# the guest when we run out of attempts.
interval: 300
reboot: true
ssh-ping-threshold: 7
Added in version 1.32.
Configuration
See also Common Keys accepted by the plugin.
- interval:
How often should the watchdog run, in seconds.
Default:
60
- ping:
true|false
If enabled, watchdog would probe guest’s responsiveness with ICMP packets.
Default:
false
- ping-packets:
How many ICMP packates to send as one probe.
Default:
1
- ping-threshold:
How many failed ping probes before taking any further action.
Default:
10
- reboot:
true|false
If enabled, watchdog would reboot the guest after enough failed probes.
Default:
false
- ssh-ping:
true|false
If enabled, watchdog would probe guest’s responsiveness by connecting to its SSH port.
Default:
false
- ssh-ping-threshold:
How many failed SSH connections before taking any further action.
Default:
10