Chapter 5. Test Environment Supportability

The Supportability tests, also known as openstack/supportable, ensure that the test environment is compliant with Red Hat’s support policy. This test is required for all OpenStack software certifications. The test confirms that the test node (an OpenStack deployment-under-test) consists only of components supported by Red Hat (Red Hat OpenStack Platform, Red Hat Enterprise Linux) or supported by the Partner. An OpenStack deployment-under-test refers to the node where the plugin/application-under-test is installed and also the Undercloud Director node.

The openstack/supportable tests include the following subtests.

5.1. Kernel

This subtest verifies that kernel is from Red Hat and inspect kernel is appropriate and supported for RHEL version included in the OpenStack deployment-under-test, and has not been modified. The kernel version may be the original General Availability (GA) version or any subsequent kernel released for the RHEL major releases.

Note

For more information on Red Hat Enterprise Linux Life Cycle and Kernel Versions, refer Red Hat Enterprise Linux Life Cycle and Red Hat Enterprise Linux Release Dates.

The kernel subtest also ensures that the kernel is not tainted when running in the environment. For more information about kernel tainting, see Why is the kernel "tainted" and how are the taint values deciphered?

Success Criteria

The running kernel is a Red Hat released kernel which should not be tainted and can be used with the RHEL version.

5.2. Kernel Modules

This subtest confirms the loaded kernel modules are from Red Hat, either from the running kernel’s package or a Red Hat Driver Update ( see Where can I download Driver Update Program (DUP) disks ). This subtest also ensures the kernel modules do not identify as Technology Preview when running in the environment ( see What does a "Technology Preview" feature mean ).

Success Criteria

The kernel modules are from Red Hat and supported.

5.3. Hardware Health

The Hardware Health subtest checks the system’s health by testing if the hardware is supported, meets the requirements, and has any known hardware vulnerabilities. The subtest does the following:

  • Checks that the Red Hat Enterprise Linux (RHEL) kernel does not identify hardware as unsupported. When the kernel identifies unsupported hardware, it will display an unsupported hardware message in the system logs and/or trigger an unsupported kernel taint. This subtest prevents customers from possible production risks which may arise from running Red Hat products on unsupported configurations and environments.

    In hypervisor, partitioning, cloud instances, and other virtual machine situations, the kernel may trigger an unsupported hardware message or taint based on the hardware data presented to RHEL by the virtual machine (VM).

  • Checks that the system under test (SUT) meets the minimum hardware requirements[1] as follows:

    • RHEL 8: Minimum system RAM should be 1.5GB, per CPU logical core count[2]
    • RHEL 7: Minimum system RAM should be 1GB, per CPU logical core count[3]
  • Checks if the kernel has reported any known hardware vulnerabilities, if those vulnerabilities have mitigations and if those mitigations have resolved the vulnerability. Many mitigations are automatic to ensure that customers do not need to take active steps to resolve vulnerabilities. In some cases this is not possible; where most of these remaining cases require changes to the configuration of the system BIOS/firmware which may not be modifiable by customers in all situations.
  • Confirms the system does not have any offline CPUs.
  • Confirms if Simultaneous Multithreading (SMT) is available, enabled, and active in the system.

Failing any of these tests will result in a WARN from the test suite and should be verified by the partner to have correct and intended behavior.

Success Criteria:

  • The kernel does not have the UNSUPPORTEDHARDWARE taint bit set.
  • The kernel does not report an unsupported hardware system message.
  • The kernel does not report any vulnerabilities with mitigations as vulnerable.
  • The kernel does not report the logic core to installed memory ratio as out of range.
  • The kernel does not report CPUs in an offline state.

5.4. Installed RPMs

This subtest confirms that RPM packages installed on the system are from Red Hat and are not modified. This prevents potential significant risks to customer environments and ensures that customers make use of a supported environment.

Non Red Hat packages may be installed if they are necessary to enable the cloud environment but they are acceptable only when they are documented and do not modify or conflict with Red Hat packages/software. This subtest will require detailed review at Red Hat to confirm success or failure if Non Red Hat packages are installed.

For more information on Red Hat support policies on third-party software, see Production Support Scope of Coverage.

Success Criteria

  • The RMP packages installed are provided by Red Hat and is available in offering
  • The installed Red Hat RPM packages are not modified
  • The installed Non Red Hat RPM packages are necessary to enable the cloud environment, documented, and
  • The installed Non Red Hat RPM packages do not conflict with available Red Hat provided packages/software and Red Hat products included in the offering.

5.5. Security-Enhanced Linux (SELinux)

This subtest confirms that SELinux is running in enforcing mode on the OpenStack deployment-under test.

SELinux adds Mandatory Access Control (MAC) to the Linux kernel, and is enabled by default in Red Hat Enterprise Linux.

SELinux policy is administratively-defined, enforced system-wide, and is not set at user discretion reducing vulnerability to privilege escalation attacks helping limit the damage made by configuration mistakes. If a process becomes compromised, the attacker only has access to the normal functions of that process and to files the process has been configured to..

For more information on SELinux in RHEL, see SELinux Users and Administrators Guide.

Success Criteria

SELinux is configured and running in enforcing mode on the OpenStack deployment-under-test.



[2] For more information about hardware support available in RHEL 7 but removed from RHEL 8, see chapter Hardware Enablement in the Considerations in Adopting Red Hat Enterprise Linux 8 document.
[3] For more information about hardware support available in RHEL 6 but removed from RHEL 7, see chapter Changes to Packages, Functionality, and Support in the RHEL 7 Migration Planning Guide document.