Test checks Plugins

avc

Warning

Please, be aware that the documentation below is a work in progress. We are working on fixing it, adding missing bits and generally making it better. Also, it was originally used for command line help only, therefore the formatting is often suboptional.

Check for SELinux AVC denials raised during the test.

The check collects SELinux AVC denials from the audit log, gathers details about them, and together with versions of the selinux-policy and related packages stores them in a report file after the test.

check:
  - name: avc

New in version 1.28.

Configuration

Common Keys

enabled: true|false

Whether the check is enabled or not.

Default: true


dmesg

Save the content of kernel ring buffer (aka “console”) into a file.

The check saves one file before the test, and then again when test finishes.

check:
  - how: dmesg

Check will identify patterns that signal kernel crashes and core dumps, and when detected, it will report as failed result. It is possible to define custom patterns:

check:
  - how: dmesg
    failure-pattern:
      # These are default patterns
      - 'Call Trace:
      - '\ssegfault\s'

      # More patterns to look for
      - '\[Firmware Bug\]'

New in version 1.28.

Changed in version 1.33: failure-pattern has been added.

Configuration

failure-pattern: PATTERN

List of regular expressions to look for in dmesg output. If any of patterns is found, dmesg check will report fail result.

Default: Call Trace:, \ssegfault\s

Common Keys

enabled: true|false

Whether the check is enabled or not.

Default: true


watchdog

Warning

Please, be aware that the documentation below is a work in progress. We are working on fixing it, adding missing bits and generally making it better. Also, it was originally used for command line help only, therefore the formatting is often suboptional.

Take various actions when guest becomes unresponsive.

Watchdog runs selected probes every now and then, and when a given number of probes fail, watchdog would run one or more of the predefined actions.

Check comes with two probes, “ping” and “SSH ping”, and single action, “reboot”.

  • “ping” uses the classic ICMP echo to check whether the guest is still up and running,

  • “SSH ping” tries to establish SSH connection,

  • “reboot” action issues a hard reboot of the guest.

Each probe has a “budget” of allowed failures, and when it runs out, the action is taken. A successful probe replenishes its budget to the original level.

Multiple probes can be enabled at the same time, for the action to happen it’s enough if just one of them runs out of its budget.

check:
  - how: watchdog
    ping: true
    reboot: true
check:
  - how: watchdog

    # Use only SSH ping.
    ping: false
    ssh-ping: true

    # Try every 5 minutes, allow 7 failed attempts, and reboot
    # the guest when we run out of attempts.
    interval: 300
    reboot: true
    ssh-ping-threshold: 7

New in version 1.32.

Configuration

interval:

How often should the watchdog run, in seconds.

Default: 60

ping: true|false

If enabled, watchdog would probe guest’s responsiveness with ICMP packets.

Default: false

ping-packets:

How many ICMP packates to send as one probe.

Default: 1

ping-threshold:

How many failed ping probes before taking any further action.

Default: 10

reboot: true|false

If enabled, watchdog would reboot the guest after enough failed probes.

Default: false

ssh-ping: true|false

If enabled, watchdog would probe guest’s responsiveness by connecting to its SSH port.

Default: false

ssh-ping-threshold:

How many failed SSH connections before taking any further action.

Default: 10

Common Keys

enabled: true|false

Whether the check is enabled or not.

Default: true