Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 3. Deploying an overcloud with the Bare Metal Provisioning service

To deploy an overcloud with the Bare Metal Provisioning service (ironic), you must create and configure the bare metal network, and configure the overcloud to enable bare metal provisioning.

  1. Create the bare metal network. You can reuse the provisioning network interface on the Controller nodes to create a flat network, or you can create a custom network:

  2. Configure the overcloud to enable bare metal provisioning:

Note

If you use Open Virtual Network (OVN), the Bare Metal Provisioning service is supported only with the DHCP agent defined in the ironic-overcloud.yaml file, neutron-dhcp-agent. The built-in DHCP server on OVN cannot provision bare metal nodes or serve DHCP for the provisioning networks. To enable iPXE chain loading you must set the --dhcp-match tag in dnsmasq, which is not supported by the OVN DHCP server.

Prerequisites

3.1. Configuring the default flat network
Copy link

To use the default flat bare metal network, you reuse the provisioning network interface on the Controller nodes to create a bridge for the Bare Metal Provisioning service (ironic).

Procedure

  1. Log in to the undercloud as the stack user.

  2. Source the stackrc file: 

    [stack@director ~]$ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  3. Modify the /home/stack/templates/nic-configs/controller.yaml file to reuse the provisioning network interface on the Controller nodes, eth1, to create a bridge for the bare metal network: 

    network_config:
- type: ovs_bridge
  name: br-baremetal
  use_dhcp: false
  members:
    - type: interface
      name: eth1
  addresses:
    - ip_netmask:
        list_join:
        - /
        - - get_param: ControlPlaneIp
          - get_param: ControlPlaneSubnetCidr
    Copy to Clipboard Toggle word wrap
    Note

    You cannot VLAN tag the bare metal network when you create it by reusing the provisioning network.

  4. Add br-baremetal to the NeutronBridgeMappings parameter in your network-environment.yaml file: 

    parameter_defaults:
  NeutronBridgeMappings: datacentre:br-ex,baremetal:br-baremetal
    Copy to Clipboard Toggle word wrap

  5. Add baremetal to the list of networks specified by the NeutronFlatNetworks parameter in your network-environment.yaml file: 

    parameter_defaults:
  NeutronBridgeMappings: datacentre:br-ex,baremetal:br-baremetal
  NeutronFlatNetworks: datacentre,baremetal
    Copy to Clipboard Toggle word wrap

Next steps

Create a custom IPv4 provisioning network to provision and deploy the overcloud over IPv4.

Procedure

  1. Log in to the undercloud host as the stack user.

  2. Source the stackrc undercloud credentials file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  3. Copy the network_data.yaml file to your environment file directory: 

    (undercloud) [stack@host01 ~]$ cp /usr/share/openstack-tripleo-heat-templates/network_data.yaml /home/stack/templates/network_data.yaml
    Copy to Clipboard Toggle word wrap

  4. Add a new network for overcloud provisioning to your network_data.yaml file: 

    # custom network for overcloud provisioning
- name: OcProvisioning
  name_lower: oc_provisioning
  vip: true
  vlan: 205
  ip_subnet: '<ipv4_subnet_address>/<ipv4_mask>'
  allocation_pools: [{'start': '<ipv4_start_address>', 'end': '<ipv4_end_address>'}]
    Copy to Clipboard Toggle word wrap
    • Replace <ipv4_subnet_address> with the IPv4 address of your IPv4 subnet.
    • Replace <ipv4_mask> with the IPv4 network mask for your IPv4 subnet.
    • Replace <ipv4_start_address> and <ipv4_end_address> with the IPv4 range that you want to use for address allocation.

  5. Configure IronicApiNetwork and IronicNetwork in your ServiceNetMap configuration to use the new IPv4 provisioning network: 

    ServiceNetMap:
  IronicApiNetwork: oc_provisioning
  IronicNetwork: oc_provisioning
    Copy to Clipboard Toggle word wrap

  6. Add the new network as an interface to your local Controller NIC configuration file: 

    network_config:
- type: vlan
  vlan_id:
    get_param: OcProvisioningNetworkVlanID
  addresses:
  - ip_netmask:
      get_param: OcProvisioningIpSubnet
    Copy to Clipboard Toggle word wrap

  7. Copy the roles_data.yaml file to your environment file directory: 

    (undercloud) [stack@host01 ~]$ cp /usr/share/openstack-tripleo-heat-templates/roles_data.yaml /home/stack/templates/roles_data.yaml
    Copy to Clipboard Toggle word wrap

  8. Add the new network for the controller to your roles_data.yaml file: 

    networks:
  ...
  OcProvisioning:
    subnet: oc_provisioning_subnet
    Copy to Clipboard Toggle word wrap

  9. Include the IronicInspector service in the Ironic role in your roles_data.yaml file, if not already present: 

    ServicesDefault:
  OS::TripleO::Services::IronicInspector
    Copy to Clipboard Toggle word wrap

Next steps

Create a custom IPv6 provisioning network to provision and deploy the overcloud over IPv6.

Procedure

  1. Log in to the undercloud as the stack user.

  2. Source the stackrc file: 

    [stack@director ~]$ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  3. Copy the network_data.yaml file to your environment file directory: 

    (undercloud) [stack@host01 ~]$ cp /usr/share/openstack-tripleo-heat-templates/network_data.yaml /home/stack/templates/network_data.yaml
    Copy to Clipboard Toggle word wrap

  4. Add a new IPv6 network for overcloud provisioning to your network_data.yaml file: 

    # custom network for IPv6 overcloud provisioning
- name: OcProvisioningIPv6
  vip: true
  name_lower: oc_provisioning_ipv6
  vlan: 10
  ipv6: true
  ipv6_subnet: '<ipv6_subnet_address>/<ipv6_prefix>'
  ipv6_allocation_pools: [{'start': '<ipv6_start_address>', 'end': '<ipv6_end_address>'}]
  gateway_ipv6: '<ipv6_gw_address>'
    Copy to Clipboard Toggle word wrap
    • Replace <ipv6_subnet_address> with the IPv6 address of your IPv6 subnet.
    • Replace <ipv6_prefix> with the IPv6 network prefix for your IPv6 subnet.
    • Replace <ipv6_start_address> and <ipv6_end_address> with the IPv6 range that you want to use for address allocation.
    • Replace <ipv6_gw_address> with the IPv6 address of your gateway.

  5. Create a new file network_environment_overrides.yaml in your environment file directory: 

    $ touch /home/stack/templates/network_environment_overrides.yaml
    Copy to Clipboard Toggle word wrap

  6. Configure IronicApiNetwork and IronicNetwork in your network_environment_overrides.yaml file to use the new IPv6 provisioning network: 

    ServiceNetMap:
  IronicApiNetwork: oc_provisioning_ipv6
  IronicNetwork: oc_provisioning_ipv6
    Copy to Clipboard Toggle word wrap

  7. Set the IronicIpVersion parameter to 6: 

    parameter_defaults:
  IronicIpVersion: 6
    Copy to Clipboard Toggle word wrap

  8. Enable the RabbitIPv6, MysqlIPv6, and RedisIPv6 parameters: 

    parameter_defaults:
  RabbitIPv6: True
  MysqlIPv6: True
  RedisIPv6: True
    Copy to Clipboard Toggle word wrap

  9. Add the new network as an interface to your local Controller NIC configuration file: 

    network_config:
- type: vlan
  vlan_id:
    get_param: OcProvisioningIPv6NetworkVlanID
  addresses:
  - ip_netmask:
      get_param: OcProvisioningIPv6IpSubnet
    Copy to Clipboard Toggle word wrap

  10. Copy the roles_data.yaml file to your environment file directory: 

    (undercloud) [stack@host01 ~]$ cp /usr/share/openstack-tripleo-heat-templates/roles_data.yaml /home/stack/templates/roles_data.yaml
    Copy to Clipboard Toggle word wrap

  11. Add the new network for the Controller role to your roles_data.yaml file: 

    networks:
  ...
  - OcProvisioningIPv6
    Copy to Clipboard Toggle word wrap

  12. Include the IronicInspector service in the Ironic role in your roles_data.yaml file, if not already present: 

    ServicesDefault:
  OS::TripleO::Services::IronicInspector
    Copy to Clipboard Toggle word wrap

Next steps

Use one of the default templates located in the /usr/share/openstack-tripleo-heat-templates/environments/services directory to deploy the overcloud with the Bare Metal Provisioning service (ironic) enabled:

  • For deployments that use OVS: ironic.yaml
  • For deployments that use OVN: ironic-overcloud.yaml

You can create a local environment file to override the default configuration, as required by your deployment.

Procedure

  1. Create an environment file in your local directory to configure the Bare Metal Provisioning service for your deployment, for example, ironic-overrides.yaml.

  2. Optional: Configure the type of cleaning that is performed on the bare metal machines before and between provisioning: 

    parameter_defaults:
  IronicCleaningDiskErase: <cleaning_type>
    Copy to Clipboard Toggle word wrap

    Replace <cleaning_type> with one of the following values:

    • full: (Default) Performs a full clean.
    • metadata: Clean only the partition table. This type of cleaning substantially speeds up the cleaning process. However, because the deployment is less secure in a multi-tenant environment, use this option only in a trusted tenant environment.

  3. Optional: Add additional drivers to the default drivers: 

    parameter_defaults:
  IronicEnabledHardwareTypes: ipmi,idrac,ilo,[additional_driver_1],...,[additional_driver_n]
    Copy to Clipboard Toggle word wrap

    Replace [additional_driver_1], and optionally all drivers up to [additional_driver_n], with the additional drivers you want to enable.

  4. To enable bare metal introspection, add the following configuration to your local Bare Metal Provisioning service environment file, ironic-overrides.yaml: 

    parameter_defaults:
  IronicInspectorSubnets:
    - ip_range: <ip_range>
  IPAImageURLs: '["http://<ip_address>:<port>/agent.kernel", "http://<ip_address>:<port>/agent.ramdisk"]'
  IronicInspectorInterface: '<baremetal_interface>'
    Copy to Clipboard Toggle word wrap
    • Replace <ip_range> with the IP ranges for your environments, for example, 192.168.0.100,192.168.0.120.
    • Replace <ip_address>:<port> with the IP address and port of the web server that hosts the IPA kernel and ramdisk. To use the same images that you use on the undercloud, set the IP address to the undercloud IP address, and the port to 8088. If you omit this parameter, you must include alternatives on each Controller node.
    • Replace <baremetal_interface> with the bare metal network interface, for example, br-baremetal.

  5. Add your new role and custom environment files to the stack with your other environment files and deploy the overcloud: 

    (undercloud)$ openstack overcloud deploy --templates \
  -e [your environment files] \
  -e /home/stack/templates/node-info.yaml
  -r /home/stack/templates/roles_data.yaml \
  -e /usr/share/openstack-tripleo-heat-templates/network-environment.yaml \
  -e /usr/share/openstack-tripleo-heat-templates/environments/services/<default_ironic_template> \
  -e /usr/share/openstack-tripleo-heat-templates/environments/services/ironic-inspector.yaml \
  -e /home/stack/templates/network_environment_overrides.yaml
  -n /home/stack/templates/network_data.yaml
  -e /home/stack/templates/ironic-overrides.yaml \
    Copy to Clipboard Toggle word wrap
    • Replace <default_ironic_template> with either ironic.yaml or ironic-overcloud.yaml, depending on the Networking service mechanism driver for your deployment.
    Note

    The order that you pass your environment files to the openstack overcloud deploy command is important, as the configuration in the later files takes precedence. Therefore, your environment file that enables and configures bare metal provisioning on your overcloud must be passed to the command after any network configuration files.

3.5. Testing the Bare Metal Provisioning service
Copy link

You can use the OpenStack Integration Test Suite to validate your Red Hat OpenStack deployment. For more information, see the OpenStack Integration Test Suite Guide.

Additional verification methods for the Bare Metal Provisioning service:

  1. Configure the shell to access Identity as the administrative user: 

    $ source ~/overcloudrc
    Copy to Clipboard Toggle word wrap

  2. Check that the nova-compute service is running on the Controller nodes: 

    $ openstack compute service list -c Binary -c Host -c Status
    Copy to Clipboard Toggle word wrap

  3. If you changed the default ironic drivers, ensure that the required drivers are enabled: 

    $ openstack baremetal driver list
    Copy to Clipboard Toggle word wrap

  4. Ensure that the ironic endpoints are listed: 

    $ openstack catalog list
    Copy to Clipboard Toggle word wrap

3.6. Additional resources
Copy link

Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat