ikurni/ocp-health-check.yaml

## ocp-health-check.yaml
---
- hosts: clients
  tasks:
  - name: Check Swap, make sure it's off
    shell: ansible nodes -m shell -a 'free -m | grep "^Swap"'

  - name: Check Kubelet Config
    shell: ansible nodes -m shell -a 'grep -A10 "^kubeletArguments" /etc/origin/node/node-config.yaml'

  - name: Selinux Status
    shell: ansible nodes -a '/usr/sbin/sestatus'

  - name: Check Docker Storage status
    shell: ansible nodes -m shell -a 'docker info | grep "Space"'

  - name: Check ephemeral storage usage
    shell: ansible nodes -m shell -a 'df -h /var/lib/origin'

  - name: Check disk space
    shell: ansible nodes -a 'grep OPTIONS /etc/sysconfig/docker'

  - name: Check NTP Status
    shell: ansible nodes -m shell -a 'timedatectl status'

  - name: Check cluster subnet service layer
    shell: oc get clusternetwork

  - name: Check for htpasswd provider
    shell: ansible masters -m shell -a 'grep identityProviders /etc/origin/master/master-config.yaml -A10'

  - name: Check for insecure registries availability
    shell: ansible nodes -m shell -a 'docker info | grep Registry -A3'

  - name: Check images and container GC
    shell: ansible nodes -m shell -a 'grep kubeletAr -A10 /etc/origin/node/node-config.yaml'

  - name: Check oc adm diagnostics status
    shell: oc adm diagnostics --config=/etc/origin/master/admin.kubeconfig

  - name: Check logging options for docker
    shell: ansible nodes -a 'grep OPTIONS /etc/sysconfig/docker'

  - name: Check Self-provisioner role in system-authenticated
    shell: oc describe clusterrolebinding self-provisioner

  - name: Check 'default' project availability
    shell: ansible masters -m shell -a 'grep -A3 projectConfig /etc/origin/master/master-config.yaml'

  - name: Check who are the cluster admins
    shell: oc get clusterrolebinding cluster-admin


###name: Check Certificate expiry date
###ansible-playbook -v -i <inventory_file> /usr/share/ansible/openshift-ansible/playbooks/certificate_expiry/easy-mode.yaml
	---
	- hosts: clients
	tasks:
	- name: Check Swap, make sure it's off
	shell: ansible nodes -m shell -a 'free -m \| grep "^Swap"'

	- name: Check Kubelet Config
	shell: ansible nodes -m shell -a 'grep -A10 "^kubeletArguments" /etc/origin/node/node-config.yaml'

	- name: Selinux Status
	shell: ansible nodes -a '/usr/sbin/sestatus'

	- name: Check Docker Storage status
	shell: ansible nodes -m shell -a 'docker info \| grep "Space"'

	- name: Check ephemeral storage usage
	shell: ansible nodes -m shell -a 'df -h /var/lib/origin'

	- name: Check disk space
	shell: ansible nodes -a 'grep OPTIONS /etc/sysconfig/docker'

	- name: Check NTP Status
	shell: ansible nodes -m shell -a 'timedatectl status'

	- name: Check cluster subnet service layer
	shell: oc get clusternetwork

	- name: Check for htpasswd provider
	shell: ansible masters -m shell -a 'grep identityProviders /etc/origin/master/master-config.yaml -A10'

	- name: Check for insecure registries availability
	shell: ansible nodes -m shell -a 'docker info \| grep Registry -A3'

	- name: Check images and container GC
	shell: ansible nodes -m shell -a 'grep kubeletAr -A10 /etc/origin/node/node-config.yaml'

	- name: Check oc adm diagnostics status
	shell: oc adm diagnostics --config=/etc/origin/master/admin.kubeconfig

	- name: Check logging options for docker
	shell: ansible nodes -a 'grep OPTIONS /etc/sysconfig/docker'

	- name: Check Self-provisioner role in system-authenticated
	shell: oc describe clusterrolebinding self-provisioner

	- name: Check 'default' project availability
	shell: ansible masters -m shell -a 'grep -A3 projectConfig /etc/origin/master/master-config.yaml'

	- name: Check who are the cluster admins
	shell: oc get clusterrolebinding cluster-admin


	###name: Check Certificate expiry date
	###ansible-playbook -v -i <inventory_file> /usr/share/ansible/openshift-ansible/playbooks/certificate_expiry/easy-mode.yaml