Test checks Plugins
avc
Warning
Please, be aware that the documentation below is a work in progress. We are working on fixing it, adding missing bits and generally making it better. Also, it was originaly used for command line help only, therefore the formatting is often suboptional.
Check for SELinux AVC denials raised during the test.
The check collects SELinux AVC denials from the audit log,
gathers details about them, and together with versions of
the selinux-policy
and related packages stores them in
a report file after the test.
check:
- name: avc
New in version 1.28.
Configuration
Common Keys
- enabled:
true|false
Whether the check is enabled or not.
Default:
true
dmesg
Warning
Please, be aware that the documentation below is a work in progress. We are working on fixing it, adding missing bits and generally making it better. Also, it was originaly used for command line help only, therefore the formatting is often suboptional.
Save the content of kernel ring buffer (aka “console”) into a file.
The check saves one file before the test, and then again when test finishes.
check:
- name: dmesg
New in version 1.28.
Configuration
Common Keys
- enabled:
true|false
Whether the check is enabled or not.
Default:
true
watchdog
Warning
Please, be aware that the documentation below is a work in progress. We are working on fixing it, adding missing bits and generally making it better. Also, it was originaly used for command line help only, therefore the formatting is often suboptional.
Take various actions when guest becomes unresponsive.
Watchdog runs selected probes every now and then, and when a given number of probes fail, watchdog would run one or more of the predefined actions.
Check comes with two probes, “ping” and “SSH ping”, and single action, “reboot”.
“ping” uses the classic ICMP echo to check whether the guest is still up and running,
“SSH ping” tries to establish SSH connection,
“reboot” action issues a hard reboot of the guest.
Each probe has a “budget” of allowed failures, and when it runs out, the action is taken. A successfull probe replenishes its budget to the original level.
Multiple probes can be enabled at the same time, for the action to happen it’s enough if just one of them runs out of its budget.
check:
- how: watchdog
ping: true
reboot: true
check:
- how: watchdog
# Use only SSH ping.
ping: false
ssh-ping: true
# Try every 5 minutes, allow 7 failed attempts, and reboot
# the guest when we run out of attempts.
interval: 300
reboot: true
ssh-ping-threshold: 7
New in version 1.32.
Configuration
- interval:
How often should the watchdog run, in seconds.
Default:
60
- ping:
true|false
If enabled, watchdog would probe guest’s responsiveness with ICMP packets.
Default:
false
- ping-packets:
How many ICMP packates to send as one probe.
Default:
1
- ping-threshold:
How many failed ping probes before taking any further action.
Default:
10
- reboot:
true|false
If enabled, watchdog would reboot the guest after enough failed probes.
Default:
false
- ssh-ping:
true|false
If enabled, watchdog would probe guest’s responsiveness by connecting to its SSH port.
Default:
false
- ssh-ping-threshold:
How many failed SSH connections before taking any further action.
Default:
10
Common Keys
- enabled:
true|false
Whether the check is enabled or not.
Default:
true