Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 3. Deploying an Overcloud with the Bare Metal Service

For full details about overcloud deployment with the director, see Director Installation and Usage. This chapter covers only the deployment steps specific to ironic.

3.1. Creating the Ironic template
Copy link

Use an environment file to deploy the overcloud with the Bare Metal service enabled. A template is located on the director node at /usr/share/openstack-tripleo-heat-templates/environments/services/ironic-overcloud.yaml.

Filling in the template

Additional configuration can be specified either in the provided template or in an additional yaml file, for example ~/templates/ironic.yaml.

  • For a hybrid deployment with both bare metal and virtual instances, you must add AggregateInstanceExtraSpecsFilter to the list of NovaSchedulerDefaultFilters. If you have not set NovaSchedulerDefaultFilters anywhere, you can do so in ironic.yaml. For an example, see Section 3.3, “Example Templates”.

    Note

    If you are using SR-IOV, NovaSchedulerDefaultFilters is already set in tripleo-heat-templates/environments/neutron-sriov.yaml. Append AggregateInstanceExtraSpecsFilter to this list.

  • The type of cleaning that occurs before and between deployments is set by IronicCleaningDiskErase. By default, this is set to ‘full’ by deployment/ironic/ironic-conductor-container-puppet.yaml. Setting this to ‘metadata’ can substantially speed up the process, as it cleans only the partition table, however, since the deployment will be less secure in a multi-tenant environment, you should do this only in a trusted tenant environment.
  • You can add drivers with the IronicEnabledDrivers parameter. By default, ipmi, idrac and ilo are enabled.

For a full list of configuration parameters, see Bare Metal in the Overcloud Parameters guide.

3.2. Network Configuration
Copy link

If you use the default flat bare metal network, you must create a bridge br-baremetal for ironic to use. You can specify this in an additional template:

~/templates/network-environment.yaml 

parameter_defaults:
  NeutronBridgeMappings: datacentre:br-ex,baremetal:br-baremetal
  NeutronFlatNetworks: datacentre,baremetal
Copy to Clipboard Toggle word wrap

You can configure this bridge either in the provisioning network (control plane) of the controllers, so that you can reuse this network as the bare metal network, or add a dedicated network. The configuration requirements are the same, however the bare metal network cannot be VLAN-tagged, as it is used for provisioning.

~/templates/nic-configs/controller.yaml 

network_config:
    -
      type: ovs_bridge
          name: br-baremetal
          use_dhcp: false
          members:
            -
              type: interface
              name: eth1
Copy to Clipboard Toggle word wrap
Note

The Bare Metal service in the overcloud is designed for a trusted tenant environment, as the bare metal nodes have direct access to the control plane network of your OpenStack installation.

3.2.1. Configuring a Custom Provisioning Network
Copy link

The default flat provisioning network can introduce security concerns in a customer environment as a tenant can interfere with the undercloud network. To prevent this risk, you can configure a custom composable bare metal provisioning network for ironic services that does not have access to the control plane:

  1. Configure the shell to access Identity as the administrative user: 

    $ source ~/overcloudrc
    Copy to Clipboard Toggle word wrap

  2. Copy the network_data.yaml file: 

    (undercloud) [stack@host01 ~]$ cp /usr/share/openstack-tripleo-heat-templates/network_data.yaml .
    Copy to Clipboard Toggle word wrap

  3. Edit the new network_data.yaml file and add a new network for Overcloud provisioning: 

    # custom network for Overcloud provisioning
- name: OcProvisioning
name_lower: oc_provisioning
vip: true
vlan: 205
ip_subnet: '172.23.3.0/24'
allocation_pools: [{'start': '172.23.3.10', 'end': '172.23.3.200'}]
    Copy to Clipboard Toggle word wrap

  4. Update the network_environments.yaml and nic-configs/controller.yaml files to use the new network.

    1. In the network_environments.yaml file, add Vlan and remap Ironic networks: 

      ServiceNetMap:
   IronicApiNetwork: oc_provisioning
   IronicNetwork: oc_provisioning
      Copy to Clipboard Toggle word wrap

    2. In the nic-configs/controller.yaml file, add an interface and necessary parameters: 

      $network_config:
     - type: vlan
         vlan_id:
           get_param: OcProvisioningNetworkVlanID
         addresses:
         - ip_netmask:
             get_param: OcProvisioningIpSubnet
      Copy to Clipboard Toggle word wrap

  5. Copy the roles_data.yaml file: 

    (undercloud) [stack@host01 ~]$ cp /usr/share/openstack-tripleo-heat-templates/roles_data.yaml .
    Copy to Clipboard Toggle word wrap

  6. Edit the new roles_data.yaml and add the new network for the controller: 

      networks:
   ...
    - OcProvisioning
    Copy to Clipboard Toggle word wrap

  7. Include the new network_data.yaml and roles_data.yaml files in the deploy command: 

    -n /home/stack/network_data.yaml \
-r /home/stack/roles_data.yaml \
    Copy to Clipboard Toggle word wrap

3.3. Example Templates
Copy link

The following is an example template file. This file might not meet the requirements of your environment. Before using this example, ensure that it does not interfere with any existing configuration in your environment.

~/templates/ironic.yaml 

parameter_defaults:

    NovaSchedulerDefaultFilters:
        - RetryFilter
        - AggregateInstanceExtraSpecsFilter
        - AvailabilityZoneFilter
        - DiskFilter
        - ComputeFilter
        - ComputeCapabilitiesFilter
        - ImagePropertiesFilter

    IronicCleaningDiskErase: metadata
Copy to Clipboard Toggle word wrap

In this example:

  • The AggregateInstanceExtraSpecsFilter allows both virtual and bare metal instances, for a hybrid deployment.
  • Disk cleaning that is done before and between deployments erases only the partition table (metadata).

To enable Bare Metal introspection in the Overcloud, include both the ironic.yaml and the ironic-inspector.yaml environment files in the deploy command. You can find these files in the /usr/share/openstack-tripleo-heat-templates/environments/services directory. Use the following example to include configuration details for the ironic inspector that correspond to your environment: 

parameter_defaults:
  IronicInspectorSubnets:
    - ip_range: 192.168.101.201,192.168.101.250
  IPAImageURLs: '["http://192.168.24.1:8088/agent.kernel", "http://192.168.24.1:8088/agent.ramdisk"]'
  IronicInspectorInterface: 'br-baremetal'
Copy to Clipboard Toggle word wrap

IronicInspectorSubnets

This parameter can contain multiple ranges and works with both spine and leaf.

IPAImageURLs

This parameter contains details about the IPA kernel and ramdisk. In most cases, you can use the same images that you use on the undercloud. If you omit this parameter, place alternatives on each controller.

IronicInspectorInterface

Use this parameter to specify the bare metal network interface.

Note

If you use a composable Ironic or IronicConductor role, you must include the IronicInspector service in the Ironic role in your roles file. 

ServicesDefault:
  OS::TripleO::Services::IronicInspector
Copy to Clipboard Toggle word wrap

3.5. Deploying the Overcloud
Copy link

To enable the Bare Metal service, include your ironic environment files with the -e option when deploying or redeploying the overcloud, along with the rest of your overcloud configuration.

For example: 

$ openstack overcloud deploy \
  --templates \
  -e ~/templates/node-info.yaml \
  -e /usr/share/openstack-tripleo-heat-templates/environments/network-isolation.yaml \
  -e ~/templates/network-environment.yaml \
  -e /usr/share/openstack-tripleo-heat-templates/environments/services/ironic-overcloud.yaml \
  -e ~/templates/ironic.yaml \
Copy to Clipboard Toggle word wrap

For more information about deploying the overcloud, see Deployment command options and Including Environment Files in Overcloud Creation in the Director Installation and Usage guide.

3.6. Testing the Bare Metal Service
Copy link

You can use the OpenStack Integration Test Suite to validate your Red Hat OpenStack deployment. For more information, see the OpenStack Integration Test Suite Guide.

Additional Ways to Verify the Bare Metal Service:

  1. Configure the shell to access Identity as the administrative user: 

    $ source ~/overcloudrc
    Copy to Clipboard Toggle word wrap

  2. Check that the nova-compute service is running on the controller nodes: 

    $ openstack compute service list -c Binary -c Host -c Status
    Copy to Clipboard Toggle word wrap

  3. If you have changed the default ironic drivers, ensure that the required drivers are enabled: 

    $ openstack baremetal driver list
    Copy to Clipboard Toggle word wrap

  4. Ensure that the ironic endpoints are listed: 

    $ openstack catalog list
    Copy to Clipboard Toggle word wrap
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat