Chapter 3. Deploying an Overcloud with the Bare Metal Service
For full details about overcloud deployment with the director, see Director Installation and Usage. This chapter only covers deployment steps specific to ironic.
3.1. Creating the Ironic template
				Use an environment file to deploy the overcloud with the Bare Metal service enabled. A template is located on the director node at /usr/share/openstack-tripleo-heat-templates/environments/services-docker/ironic.yaml.
			
Filling in the template
					Additional configuration can be specified either in the provided template or in an additional yaml file, for example ~/templates/ironic.yaml.
				
- For a hybrid deployment with both bare metal and virtual instances, you must add - AggregateInstanceExtraSpecsFilterto the list of- NovaSchedulerDefaultFilters. If you have not set- NovaSchedulerDefaultFiltersanywhere, you can do so in ironic.yaml. For an example, see Section 3.3, “Example Templates”.Note- If you are using SR-IOV, NovaSchedulerDefaultFilters is already set in - tripleo-heat-templates/environments/neutron-sriov.yaml. Append- AggregateInstanceExtraSpecsFilterto this list.
- 
						The type of cleaning that occurs before and between deployments is set by IronicCleaningDiskErase. By default, this is set to ‘full’ bypuppet/services/ironic-conductor.yaml. Setting this to ‘metadata’ can substantially speed up the process, as it only cleans the partition table, however, since the deployment will be less secure in a multi-tenant environment, you should only do this in a trusted tenant environment.
- 
						You can add drivers with the IronicEnabledDriversparameter. By default,pxe_ipmitool,pxe_dracandpxe_iloare enabled.
For a full list of configuration parameters, see Bare Metal in the Overcloud Parameters guide.
3.2. Network Configuration
				If you use the default flat bare metal network, you must create a bridge br-baremetal for ironic to use. You can specify this in an additional template:
			
				~/templates/network-environment.yaml
			
parameter_defaults: NeutronBridgeMappings: datacentre:br-ex,baremetal:br-baremetal NeutronFlatNetworks: datacentre,baremetal
parameter_defaults:
  NeutronBridgeMappings: datacentre:br-ex,baremetal:br-baremetal
  NeutronFlatNetworks: datacentre,baremetalYou can either configure this bridge in the provisioning network (control plane) of the controllers, so you can reuse this network as the bare metal network, or add a dedicated network. The configuration requirements are the same, however the bare metal network cannot be VLAN-tagged, as it is used for provisioning.
				~/templates/nic-configs/controller.yaml
			
The Bare Metal service in the overcloud is designed for a trusted tenant environment, as the bare metal nodes have direct access to the control plane network of your OpenStack installation.
3.2.1. Configuring a Custom Provisioning Network
The default flat provisioning network can introduce security concerns in a customer environment as a tenant can interfere with the undercloud network. To prevent this risk, you can configure a custom composable bare metal provisioning network for ironic services that does not have access to the control plane:
- Configure the shell to access Identity as the administrative user: - source ~/overcloudrc - $ source ~/overcloudrc- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Copy the - network_data.yamlfile:- cp /usr/share/openstack-tripleo-heat-templates/network_data.yaml . - (undercloud) [stack@host01 ~]$ cp /usr/share/openstack-tripleo-heat-templates/network_data.yaml .- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Edit the new - network_data.yamlfile and add a new network for Overcloud provisioning:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Update the - network_environments.yamland- nic-configs/controller.yamlfiles to use the new network.- In the - network_environments.yamlfile, add Vlan and remap Ironic networks:- ServiceNetMap: IronicApiNetwork: oc_provisioning IronicNetwork: oc_provisioning - ServiceNetMap: IronicApiNetwork: oc_provisioning IronicNetwork: oc_provisioning- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- In the - nic-configs/controller.yamlfile, add an interface and necessary parameters:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
 
- Copy the - roles_data.yamlfile:- cp /usr/share/openstack-tripleo-heat-templates/roles_data.yaml . - (undercloud) [stack@host01 ~]$ cp /usr/share/openstack-tripleo-heat-templates/roles_data.yaml .- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Edit the new - roles_data.yamland add the new network for the controller:- networks: ... - OcProvisioning- networks: ... - OcProvisioning- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Include the new - network_data.yamland- roles_data.yamlfiles in the deploy command:- -n /home/stack/network_data.yaml \ -r /home/stack/roles_data.yaml \ - -n /home/stack/network_data.yaml \ -r /home/stack/roles_data.yaml \- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
3.3. Example Templates
The following is an example template file. This file may not meet the requirements of your environment. Before using this example, make sure it does not interfere with any existing configuration in your environment.
				~/templates/ironic.yaml
			
In this example:
- 
						The AggregateInstanceExtraSpecsFilterallows both virtual and bare metal instances, for a hybrid deployment.
- Disk cleaning that is done before and between deployments only erases the partition table (metadata).
3.4. Deploying the Overcloud
				To enable the Bare Metal service, include your ironic environment files with -e when deploying or redeploying the overcloud, along with the rest of your overcloud configuration.
			
For example:
For more information about deploying the overcloud, see Creating the Overcloud with the CLI Tools and Including Environment Files in Overcloud Creation.
3.5. Testing the Bare Metal Service
You can use the OpenStack Integration Test Suite to validate your Red Hat OpenStack deployment. For more information, see the OpenStack Integration Test Suite Guide.
Additional Ways to Verify the Bare Metal Service:
- Set up the shell to access Identity as the administrative user: - source ~/overcloudrc - $ source ~/overcloudrc- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Check that the - nova-computeservice is running on the controller nodes:- openstack compute service list -c Binary -c Host -c Status - $ openstack compute service list -c Binary -c Host -c Status- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- If you have changed the default ironic drivers, make sure the required drivers are enabled: - openstack baremetal driver list - $ openstack baremetal driver list- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Ensure that the ironic endpoints are listed: - openstack catalog list - $ openstack catalog list- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow