Chapter 3. Deploying an Overcloud with the Bare Metal Service
For full details about overcloud deployment with the director, see Director Installation and Usage. This chapter covers only the deployment steps specific to ironic.
3.1. Creating the Ironic template
Use an environment file to deploy the overcloud with the Bare Metal service enabled. A template is located on the director node at /usr/share/openstack-tripleo-heat-templates/environments/services/ironic-overcloud.yaml.
Filling in the template
Additional configuration can be specified either in the provided template or in an additional yaml file, for example ~/templates/ironic.yaml.
For a hybrid deployment with both bare metal and virtual instances, you must add
AggregateInstanceExtraSpecsFilterto the list ofNovaSchedulerDefaultFilters. If you have not setNovaSchedulerDefaultFiltersanywhere, you can do so in ironic.yaml. For an example, see Section 3.3, “Example Templates”.NoteIf you are using SR-IOV, NovaSchedulerDefaultFilters is already set in
tripleo-heat-templates/environments/neutron-sriov.yaml. AppendAggregateInstanceExtraSpecsFilterto this list.-
The type of cleaning that occurs before and between deployments is set by
IronicCleaningDiskErase. By default, this is set to ‘full’ bydeployment/ironic/ironic-conductor-container-puppet.yaml. Setting this to ‘metadata’ can substantially speed up the process, as it cleans only the partition table, however, since the deployment will be less secure in a multi-tenant environment, you should do this only in a trusted tenant environment. -
You can add drivers with the
IronicEnabledDriversparameter. By default,ipmi,idracandiloare enabled.
For a full list of configuration parameters, see Bare Metal in the Overcloud Parameters guide.
3.2. Network Configuration
If you use the default flat bare metal network, you must create a bridge br-baremetal for ironic to use. You can specify this in an additional template:
~/templates/network-environment.yaml
parameter_defaults: NeutronBridgeMappings: datacentre:br-ex,baremetal:br-baremetal NeutronFlatNetworks: datacentre,baremetal
You can configure this bridge either in the provisioning network (control plane) of the controllers, so that you can reuse this network as the bare metal network, or add a dedicated network. The configuration requirements are the same, however the bare metal network cannot be VLAN-tagged, as it is used for provisioning.
~/templates/nic-configs/controller.yaml
network_config:
-
type: ovs_bridge
name: br-baremetal
use_dhcp: false
members:
-
type: interface
name: eth1The Bare Metal service in the overcloud is designed for a trusted tenant environment, as the bare metal nodes have direct access to the control plane network of your OpenStack installation.
3.2.1. Configuring a Custom Provisioning Network
The default flat provisioning network can introduce security concerns in a customer environment as a tenant can interfere with the undercloud network. To prevent this risk, you can configure a custom composable bare metal provisioning network for ironic services that does not have access to the control plane:
Configure the shell to access Identity as the administrative user:
$ source ~/overcloudrc
Copy the
network_data.yamlfile:(undercloud) [stack@host01 ~]$ cp /usr/share/openstack-tripleo-heat-templates/network_data.yaml .
Edit the new
network_data.yamlfile and add a new network for Overcloud provisioning:# custom network for Overcloud provisioning - name: OcProvisioning name_lower: oc_provisioning vip: true vlan: 205 ip_subnet: '172.23.3.0/24' allocation_pools: [{'start': '172.23.3.10', 'end': '172.23.3.200'}]Update the
network_environments.yamlandnic-configs/controller.yamlfiles to use the new network.In the
network_environments.yamlfile, add Vlan and remap Ironic networks:ServiceNetMap: IronicApiNetwork: oc_provisioning IronicNetwork: oc_provisioning
In the
nic-configs/controller.yamlfile, add an interface and necessary parameters:$network_config: - type: vlan vlan_id: get_param: OcProvisioningNetworkVlanID addresses: - ip_netmask: get_param: OcProvisioningIpSubnet
Copy the
roles_data.yamlfile:(undercloud) [stack@host01 ~]$ cp /usr/share/openstack-tripleo-heat-templates/roles_data.yaml .
Edit the new
roles_data.yamland add the new network for the controller:networks: ... - OcProvisioningInclude the new
network_data.yamlandroles_data.yamlfiles in the deploy command:-n /home/stack/network_data.yaml \ -r /home/stack/roles_data.yaml \
3.3. Example Templates
The following is an example template file. This file might not meet the requirements of your environment. Before using this example, ensure that it does not interfere with any existing configuration in your environment.
~/templates/ironic.yaml
parameter_defaults:
NovaSchedulerDefaultFilters:
- RetryFilter
- AggregateInstanceExtraSpecsFilter
- AvailabilityZoneFilter
- DiskFilter
- ComputeFilter
- ComputeCapabilitiesFilter
- ImagePropertiesFilter
IronicCleaningDiskErase: metadataIn this example:
-
The
AggregateInstanceExtraSpecsFilterallows both virtual and bare metal instances, for a hybrid deployment. - Disk cleaning that is done before and between deployments erases only the partition table (metadata).
3.4. Enabling Ironic Introspection in the Overcloud
To enable Bare Metal introspection in the Overcloud, include both the ironic.yaml and the ironic-inspector.yaml environment files in the deploy command. You can find these files in the /usr/share/openstack-tripleo-heat-templates/environments/services directory. Use the following example to include configuration details for the ironic inspector that correspond to your environment:
parameter_defaults:
IronicInspectorSubnets:
- ip_range: 192.168.101.201,192.168.101.250
IPAImageURLs: '["http://192.168.24.1:8088/agent.kernel", "http://192.168.24.1:8088/agent.ramdisk"]'
IronicInspectorInterface: 'br-baremetal'IronicInspectorSubnets
This parameter can contain multiple ranges and works with both spine and leaf.
IPAImageURLs
This parameter contains details about the IPA kernel and ramdisk. In most cases, you can use the same images that you use on the undercloud. If you omit this parameter, place alternatives on each controller.
IronicInspectorInterface
Use this parameter to specify the bare metal network interface.
If you use a composable Ironic or IronicConductor role, you must include the IronicInspector service in the Ironic role in your roles file.
ServicesDefault: OS::TripleO::Services::IronicInspector
3.5. Deploying the Overcloud
To enable the Bare Metal service, include your ironic environment files with the -e option when deploying or redeploying the overcloud, along with the rest of your overcloud configuration.
For example:
$ openstack overcloud deploy \ --templates \ -e ~/templates/node-info.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/network-isolation.yaml \ -e ~/templates/network-environment.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/services/ironic-overcloud.yaml \ -e ~/templates/ironic.yaml \
For more information about deploying the overcloud, see Deployment command options and Including Environment Files in Overcloud Creation in the Director Installation and Usage guide.
3.6. Testing the Bare Metal Service
You can use the OpenStack Integration Test Suite to validate your Red Hat OpenStack deployment. For more information, see the OpenStack Integration Test Suite Guide.
Additional Ways to Verify the Bare Metal Service:
Configure the shell to access Identity as the administrative user:
$ source ~/overcloudrc
Check that the
nova-computeservice is running on the controller nodes:$ openstack compute service list -c Binary -c Host -c Status
If you have changed the default ironic drivers, ensure that the required drivers are enabled:
$ openstack baremetal driver list
Ensure that the ironic endpoints are listed:
$ openstack catalog list
