Chapter 2. Planning for Bare Metal Provisioning
This chapter outlines the requirements for configuring the Bare Metal service, including installation assumptions, hardware requirements, and networking requirements.
2.1. Installation Assumptions
This guide assumes that you have installed the director on the undercloud node, and are ready to install the Bare Metal service along with the rest of the overcloud. For more information on installing the director, see Installing the Undercloud.
The Bare Metal service in the overcloud is designed for a trusted tenant environment, as the bare metal nodes have direct access to the control plane network of your OpenStack installation. If you implement a custom composable network for Ironic services in the overcloud, users do not need to access the control plane.
2.2. Hardware Requirements
Overcloud Requirements
The hardware requirements for an overcloud with the Bare Metal service are the same as for the standard overcloud. For more information, see Overcloud Requirements in the Director Installation and Usage guide.
Bare Metal Machine Requirements
The hardware requirements for bare metal machines that will be provisioned vary depending on the operating system you are installing.
- For Red Hat Enterprise Linux 8, see the Red Hat Enterprise Linux 8 Performing a standard RHEL installation Guide.
- For Red Hat Enterprise Linux 7, see the Red Hat Enterprise Linux 7 Installation Guide.
- For Red Hat Enterprise Linux 6, see the Red Hat Enterprise Linux 6 Installation Guide.
All bare metal machines that you want to provision require the following:
- A NIC to connect to the bare metal network.
-
A power management interface (for example, IPMI) connected to a network reachable from the
ironic-conductor
service. By default,ironic-conductor
runs on all of the controller nodes, unless you are using composable roles and runningironic-conductor
elsewhere. - PXE boot on the bare metal network. Disable PXE boot on all other NICs in the deployment.
2.3. Networking requirements
The bare metal network:
This is a private network that the Bare Metal service uses for the following operations:
- The provisioning and management of bare metal machines on the overcloud.
- Cleaning bare metal nodes before and between deployments.
- Tenant access to the bare metal nodes.
The bare metal network provides DHCP and PXE boot functions to discover bare metal systems. This network must use a native VLAN on a trunked interface so that the Bare Metal service can serve PXE boot and DHCP requests.
You can configure the bare metal network in two ways:
- Use a flat bare metal network for Ironic Conductor services. This network must route to the Ironic services on the control plane. If you define an isolated bare metal network, the bare metal notes cannot PXE boot.
- Use a custom composable network to implement Ironic services in the overcloud.
The Bare Metal service in the overcloud is designed for a trusted tenant environment, as the bare metal nodes have direct access to the control plane network of your OpenStack installation. If you implement a custom composable network for Ironic services in the overcloud, users do not need to access the control plane.
Network tagging:
- The control plane network (the director’s provisioning network) is always untagged.
- The bare metal network must be untagged for provisioning, and must also have access to the Ironic API.
- Other networks may be tagged.
Overcloud controllers:
The controller nodes with the Bare Metal service must have access to the bare metal network.
Bare metal nodes:
The NIC which the bare metal node is configured to PXE-boot from must have access to the bare metal network.
2.3.1. The Default Bare Metal Network
In this architecture, the bare metal network is separated from the control plane network. The bare metal network is a flat network that also acts as the tenant network.
- The bare metal network is created by the OpenStack operator. This network requires a route to the director provisioning network.
- Ironic users have access to the public OpenStack APIs, and to the bare metal network. Since the bare metal network is routed to the director’s provisioning network, users also have indirect access to the control plane.
- Ironic uses the bare metal network for node cleaning.
Default bare metal network architecture diagram
2.3.2. The Custom Composable Network
In this architecture, the bare metal network is a custom composable network that does not have access to the control plane. Creating this network might be preferable if you want to limit access to the control plane.
- The custom composable bare metal network is created by the OpenStack operator.
- Ironic users have access to the public OpenStack APIs, and to the custom composable bare metal network.
- Ironic uses the custom composable bare metal network for node cleaning. :leveloffset: +1