pre-update
==========

.. _pre-update_check-for-dangling-images:

check-for-dangling-images
-------------------------

Check for podman dangling images.

Make sure before update we do not have any dangling images.


- **hosts**: undercloud
- **groups**: pre-update
- **parameters**:

  - **check_for_dangling_images_debug**: False
- **roles**: check_for_dangling_images

Role documentation

.. toctree::

   roles/role-check_for_dangling_images

.. _pre-update_compute-tsx:

compute-tsx
-----------

RHEL8.x kernel flag for Compute nodes validation.

RHEL-8.3 kernel disabled the Intel TSX (Transactional
Synchronization Extensions) feature by default as a preemptive
security measure, but it breaks live migration from RHEL-7.9
(or even RHEL-8.1 or RHEL-8.2) to RHEL-8.3.

Operators are expected to explicitly define the TSX flag in
their KernelArgs for the compute role to prevent live-migration
issues during the upgrade process.

This also impacts upstream CentOS systems.


- **hosts**: nova_libvirt
- **groups**: pre-upgrade, pre-system-upgrade, pre-overcloud-prepare, pre-overcloud-upgrade, pre-overcloud-converge, pre-update, pre-update-prepare, pre-update-run, pre-update-converge
- **parameters**:

  - **compute_tsx_debug**: False

  - **compute_tsx_warning**: False
- **roles**: compute_tsx

Role documentation

.. toctree::

   roles/role-compute_tsx

.. _pre-update_container-status:

container-status
----------------

Ensure container status.

Detect failed containers and raise an error.


- **hosts**: undercloud, allovercloud
- **groups**: pre-upgrade, pre-update, post-deployment, post-upgrade
- **parameters**:
- **roles**: container_status

Role documentation

.. toctree::

   roles/role-container_status

.. _pre-update_openstack-endpoints:

openstack-endpoints
-------------------

Check connectivity to various OpenStack services.

This validation gets the PublicVip address from the deployment and
tries to access Horizon and get a Keystone token.


- **hosts**: undercloud
- **groups**: post-deployment, pre-upgrade, post-upgrade, pre-update, post-update
- **parameters**:
- **roles**: openstack_endpoints

Role documentation

.. toctree::

   roles/role-openstack_endpoints

.. _pre-update_package-version:

package-version
---------------

package-version.

Ensures we can access the wanted package version. Especially useful
when you are switching repositories, for instance during an upgrade.


- **hosts**: all
- **groups**: prep, pre-deployment, pre-upgrade, pre-update, pre-system-upgrade, pre-undercloud-upgrade, pre-overcloud-prepare, pre-overcloud-upgrade, pre-overcloud-converge, pre-ceph
- **parameters**:

  - **package_version_debug**: False
- **roles**: package_version

Role documentation

.. toctree::

   roles/role-package_version

.. _pre-update_repos:

repos
-----

Check correctness of current repositories.

Detect whether the repositories listed in `yum repolist`
can be connected to and that there is at least one repo
configured.

Detect if there are any unwanted repositories (such as EPEL) enabled.


- **hosts**: undercloud, allovercloud
- **groups**: pre-upgrade, pre-update
- **parameters**:
- **roles**: repos

Role documentation

.. toctree::

   roles/role-repos

.. _pre-update_system_encoding:

system_encoding
---------------

System encoding.

Ensure the local is unicode


- **hosts**: all
- **groups**: pre-deployment, pre-upgrade, pre-update
- **parameters**:

  - **system_encoding_debug**: False
- **roles**: system_encoding

Role documentation

.. toctree::

   roles/role-system_encoding

.. _pre-update_undercloud-heat-purge-deleted:

undercloud-heat-purge-deleted
-----------------------------

Verify heat-manage purge_deleted is enabled in crontab.

Without a purge_deleted crontab enabled, the
heat database can grow very large. This validation checks that
the purge_deleted crontab has been set up.


- **hosts**: undercloud
- **groups**: pre-upgrade, pre-update, pre-deployment
- **parameters**:

  - **cron_check**: heat-manage purge_deleted
- **roles**: undercloud_heat_purge_deleted

Role documentation

.. toctree::

   roles/role-undercloud_heat_purge_deleted

.. _pre-update_undercloud-ipa-server-check:

undercloud-ipa-server-check
---------------------------

Verify that the IPA server has the right permissions and ACI.

This validation is relevant for systems where TLS Everywhere is enabled.

A new ACI is needed on the FreeIPA server to ensure that certificates with IP SANs can be
issued. This ACI will be delivered by default from FreeIPA 4.8.5.

In addition, a new permission is needed to add DNS zones for tripleo-ipa. This
permission is an addition to the current permissions for the Nova Host Manager role.

This validation confirms that the new permission and ACI are present.

https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/features/tls-introduction.html


- **hosts**: undercloud
- **groups**: pre-upgrade, pre-update
- **parameters**:
- **roles**: tls_everywhere

Role documentation

.. toctree::

   roles/role-tls_everywhere

.. _pre-update_undercloud-service-status:

undercloud-service-status
-------------------------

Verify undercloud services state before running update or upgrade.

Check undercloud status before running a stack update - especially minor update and major upgrade.


- **hosts**: undercloud
- **groups**: post-upgrade, pre-upgrade, post-update, pre-update
- **parameters**:
- **roles**: undercloud_service_status

Role documentation

.. toctree::

   roles/role-undercloud_service_status
