Este conteúdo não está disponível no idioma selecionado.
Chapter 4. Configuring the Bare Metal Provisioning service after deployment
When you have deployed your overcloud with the Bare Metal Provisioning service (ironic), you must prepare your overcloud for bare-metal workloads. To prepare your overcloud for bare-metal workloads and enable your cloud users to create bare-metal instances, complete the following tasks:
- Configure the Networking service (neutron) to integrate with the Bare Metal Provisioning service.
- Configure node cleaning.
- Create the bare-metal flavor and resource class.
- Optional: Create the bare-metal images.
- Add physical machines as bare-metal nodes.
- Optional: Configure Redfish virtual media boot.
- Optional: Create host aggregates to separate physical and virtual machine provisioning.
4.1. Configuring the Networking service for bare metal provisioning
You can configure the Networking service (neutron) to integrate with the Bare Metal Provisioning service (ironic). You can configure the bare-metal network by using one of the following methods:
- 
						Create a single flat bare-metal network for the Bare Metal Provisioning conductor services, ironic-conductor. This network must route to the Bare Metal Provisioning services on the control plane network.
- Create a custom composable network to implement Bare Metal Provisioning services in the overcloud.
4.1.1. Configuring the Networking service to integrate with the Bare Metal Provisioning service on a flat network
					You can configure the Networking service (neutron) to integrate with the Bare Metal Provisioning service (ironic) by creating a single flat bare-metal network for the Bare Metal Provisioning conductor services, ironic-conductor. This network must route to the Bare Metal Provisioning services on the control plane network.
				
Procedure
- 
							Log in to the node that hosts the Networking service (neutron) as the rootuser.
- Source your overcloud credentials file: - source ~/<credentials_file> - # source ~/<credentials_file>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
									Replace <credentials_file>with the name of your credentials file, for example,overcloudrc.
 
- 
									Replace 
- Create the flat network over which to provision bare-metal instances: - openstack network create \ --provider-network-type flat \ --provider-physical-network <provider_physical_network> \ --share <network_name> - # openstack network create \ --provider-network-type flat \ --provider-physical-network <provider_physical_network> \ --share <network_name>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
									Replace <provider_physical_network>with the name of the physical network over which you implement the virtual network, which is configured with the parameterNeutronBridgeMappingsin yournetwork-environment.yamlfile.
- 
									Replace <network_name>with a name for this network.
 
- 
									Replace 
- Create the subnet on the flat network: - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
									Replace <network_name>with the name of the provisioning network that you created in the previous step.
- 
									Replace <network_cidr>with the Classless Inter-Domain Routing (CIDR) representation of the block of IP addresses that the subnet represents. The block of IP addresses that you specify in the range starting with<start_ip>and ending with<end_ip>must be within the block of IP addresses specified by<network_cidr>.
- 
									Replace <gateway_ip>with the IP address or host name of the router interface that acts as the gateway for the new subnet. This address must be within the block of IP addresses specified by<network_cidr>, but outside of the block of IP addresses specified by the range that starts with<start_ip>and ends with<end_ip>.
- 
									Replace <start_ip>with the IP address that denotes the start of the range of IP addresses within the new subnet from which floating IP addresses are allocated.
- 
									Replace <end_ip>with the IP address that denotes the end of the range of IP addresses within the new subnet from which floating IP addresses are allocated.
- 
									Replace <subnet_name>with a name for the subnet.
 
- 
									Replace 
- Create a router for the network and subnet to ensure that the Networking service serves metadata requests: - openstack router create <router_name> - # openstack router create <router_name>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
									Replace <router_name>with a name for the router.
 
- 
									Replace 
- Attach the subnet to the new router to enable the metadata requests from - cloud-initto be served and the node to be configured: :- openstack router add subnet <router_name> <subnet> - # openstack router add subnet <router_name> <subnet>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
									Replace <router_name>with the name of your router.
- 
									Replace <subnet>with the ID or name of the bare-metal subnet that you created in the step 4.
 
- 
									Replace 
4.1.2. Configuring the Networking service to integrate with the Bare Metal Provisioning service on a custom composable network
You can configure the Networking service (neutron) to integrate with the Bare Metal Provisioning service (ironic) by creating a custom composable network to implement Bare Metal Provisioning services in the overcloud.
Procedure
- Log in to the undercloud host.
- Source your overcloud credentials file: - source ~/<credentials_file> - $ source ~/<credentials_file>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
									Replace <credentials_file>with the name of your credentials file, for example,overcloudrc.
 
- 
									Replace 
- Retrieve the UUID for the provider network that hosts the Bare Metal Provisioning service: - openstack network show <network_name> -f value -c id - (overcloud)$ openstack network show <network_name> -f value -c id- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
									Replace <network_name>with the name of the provider network that you want to use for the bare-metal instance provisioning network.
 
- 
									Replace 
- 
							Open your local environment file that configures the Bare Metal Provisioning service for your deployment, for example, ironic-overrides.yaml.
- Configure the network to use as the bare-metal instance provisioning network: - parameter_defaults: IronicProvisioningNetwork: <network_uuid> - parameter_defaults: IronicProvisioningNetwork: <network_uuid>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
									Replace <network_uuid>with the UUID of the provider network retrieved in step 3.
 
- 
									Replace 
- Source the - stackrcundercloud credentials file:- source ~/stackrc - $ source ~/stackrc- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- To apply the bare-metal instance provisioning network configuration, add your Bare Metal Provisioning environment files to the stack with your other environment files and deploy the overcloud: - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
									Replace <default_ironic_template>with eitherironic.yamlorironic-overcloud.yaml, depending on the Networking service mechanism driver for your deployment.
 
- 
									Replace 
4.2. Cleaning bare-metal nodes
The Bare Metal Provisioning service cleans nodes to prepare them for provisioning. You can clean bare-metal nodes by using one of the following methods:
- Automatic: You can configure your overcloud to automatically perform node cleaning when you unprovision a node.
- Manual: You can manually clean individual nodes when required.
4.2.1. Configuring automatic node cleaning
					Automatic bare-metal node cleaning runs after you enroll a node, and before the node reaches the available provisioning state. Automatic cleaning is run each time the node is unprovisioned.
				
					By default, the Bare Metal Provisioning service uses a network named provisioning for node cleaning. However, network names are not unique in the Networking service (neutron), so it is possible for a project to create a network with the same name, which causes a conflict with the Bare Metal Provisioning service. To avoid the conflict, use the network UUID to configure the node cleaning network.
				
Procedure
- Log in to the undercloud host.
- Source your overcloud credentials file: - source ~/<credentials_file> - $ source ~/<credentials_file>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
									Replace <credentials_file>with the name of your credentials file, for example,overcloudrc.
 
- 
									Replace 
- Retrieve the UUID for the provider network that hosts the Bare Metal Provisioning service: - openstack network show <network_name> -f value -c id - (overcloud)$ openstack network show <network_name> -f value -c id- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
									Replace <network_name>with the name of the network that you want to use for the bare-metal node cleaning network.
 
- 
									Replace 
- 
							Open your local environment file that configures the Bare Metal Provisioning service for your deployment, for example, ironic-overrides.yaml.
- Configure the network to use as the node cleaning network: - parameter_defaults: IronicCleaningNetwork: <network_uuid> - parameter_defaults: IronicCleaningNetwork: <network_uuid>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
									Replace <network_uuid>with the UUID of the provider network that you retrieved in step 3.
 
- 
									Replace 
- Source the - stackrcundercloud credentials file:- source ~/stackrc - $ source ~/stackrc- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- To apply the node cleaning network configuration, add your Bare Metal Provisioning environment files to the stack with your other environment files and deploy the overcloud: - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
									Replace <default_ironic_template>with eitherironic.yamlorironic-overcloud.yaml, depending on the Networking service mechanism driver for your deployment.
 
- 
									Replace 
4.2.2. Cleaning nodes manually
You can clean specific nodes manually as required. Node cleaning has two modes:
- Metadata only clean: Removes partitions from all disks on the node. The metadata only mode of cleaning is faster than a full clean, but less secure because it erases only partition tables. Use this mode only on trusted tenant environments.
- Full clean: Removes all data from all disks, using either ATA secure erase or by shredding. A full clean can take several hours to complete.
Procedure
- Source your overcloud credentials file: - source ~/<credentials_file> - $ source ~/<credentials_file>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
									Replace <credentials_file>with the name of your credentials file, for example,overcloudrc.
 
- 
									Replace 
- Check the current state of the node: - openstack baremetal node show \ -f value -c provision_state <node> - $ openstack baremetal node show \ -f value -c provision_state <node>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
									Replace <node>with the name or UUID of the node to clean.
 
- 
									Replace 
- If the node is not in the - manageablestate, then set it to- manageable:- openstack baremetal node manage <node> - $ openstack baremetal node manage <node>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Clean the node: - openstack baremetal node clean <node> \ --clean-steps '[{"interface": "deploy", "step": "<clean_mode>"}]'- $ openstack baremetal node clean <node> \ --clean-steps '[{"interface": "deploy", "step": "<clean_mode>"}]'- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
									Replace <node>with the name or UUID of the node to clean.
- Replace - <clean_mode>with the type of cleaning to perform on the node:- 
											erase_devices: Performs a full clean.
- 
											erase_devices_metadata: Performs a metadata only clean.
 
- 
											
 
- 
									Replace 
- Wait for the clean to complete, then check the status of the node: - 
									manageable: The clean was successful, and the node is ready to provision.
- 
									clean failed: The clean was unsuccessful. Inspect thelast_errorfield for the cause of failure.
 
- 
									
4.3. Creating flavors for launching bare-metal instances
You must create flavors that your cloud users can use to request bare-metal instances. You can specify which bare-metal nodes should be used for bare-metal instances launched with a particular flavor by using a resource class. You can tag bare-metal nodes with resource classes that identify the hardware resources on the node, for example, GPUs. The cloud user can select a flavor with the GPU resource class to create an instance for a vGPU workload. The Compute scheduler uses the resource class to identify suitable host bare-metal nodes for instances.
Procedure
- Source the overcloud credentials file: - source ~/overcloudrc - $ source ~/overcloudrc- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Create a flavor for bare-metal instances: - openstack flavor create --id auto \ --ram <ram_size_mb> --disk <disk_size_gb> \ --vcpus <no_vcpus> baremetal - (overcloud)$ openstack flavor create --id auto \ --ram <ram_size_mb> --disk <disk_size_gb> \ --vcpus <no_vcpus> baremetal- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
								Replace <ram_size_mb>with the RAM of the bare metal node, in MB.
- 
								Replace <disk_size_gb>with the size of the disk on the bare metal node, in GB.
- Replace - <no_vcpus>with the number of CPUs on the bare metal node.Note- These properties are not used for scheduling instances. However, the Compute scheduler does use the disk size to determine the root partition size. 
 
- 
								Replace 
- Retrieve a list of your nodes to identify their UUIDs: - openstack baremetal node list - (overcloud)$ openstack baremetal node list- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Tag each bare-metal node with a custom bare-metal resource class: - openstack baremetal node set \ --resource-class baremetal.<CUSTOM> <node> - (overcloud)$ openstack baremetal node set \ --resource-class baremetal.<CUSTOM> <node>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
								Replace <CUSTOM>with a string that identifies the purpose of the resource class. For example, set toGPUto create a custom GPU resource class that you can use to tag bare metal nodes that you want to designate for GPU workloads.
- 
								Replace <node>with the ID of the bare metal node.
 
- 
								Replace 
- Associate the flavor for bare-metal instances with the custom resource class: - openstack flavor set \ --property resources:CUSTOM_BAREMETAL_<CUSTOM>=1 \ baremetal - (overcloud)$ openstack flavor set \ --property resources:CUSTOM_BAREMETAL_<CUSTOM>=1 \ baremetal- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - To determine the name of a custom resource class that corresponds to a resource class of a bare-metal node, convert the resource class to uppercase, replace each punctuation mark with an underscore, and prefix with - CUSTOM_.Note- A flavor can request only one instance of a bare-metal resource class. 
- Set the following flavor properties to prevent the Compute scheduler from using the bare-metal flavor properties to schedule instances: - openstack flavor set \ --property resources:VCPU=0 \ --property resources:MEMORY_MB=0 \ --property resources:DISK_GB=0 baremetal - (overcloud)$ openstack flavor set \ --property resources:VCPU=0 \ --property resources:MEMORY_MB=0 \ --property resources:DISK_GB=0 baremetal- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Verify that the new flavor has the correct values: - openstack flavor list - (overcloud)$ openstack flavor list- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
4.4. Creating images for launching bare-metal instances
An overcloud that includes the Bare Metal Provisioning service (ironic) requires two sets of images:
- 
						Deploy images: The deploy images are the agent.ramdiskandagent.kernelimages that the Bare Metal Provisioning agent (ironic-python-agent) requires to boot the RAM disk over the network and copy the user image for the overcloud nodes to the disk. You install the deploy images as part of the undercloud installation. For more information, see Obtaining images for overcloud nodes.
- User images: The images the cloud user uses to provision their bare-metal instances. The user image consists of a - kernelimage, a- ramdiskimage, and a- mainimage. The main image is either a root partition, or a whole-disk image:- Whole-disk image: An image that contains the partition table and boot loader.
- Root partition image: Contains only the root partition of the operating system.
 
Compatible whole-disk RHEL guest images should work without modification. To create your own custom disk image, see Creating images in the Creating and Managing Images guide.
4.4.1. Uploading the deploy images to the Image service
You must upload the deploy images installed by director to the Image service. The deploy image consists of the following two images:
- 
							The kernel image: /tftpboot/agent.kernel
- 
							The ramdisk image: /tftpboot/agent.ramdisk
These images are installed in the home directory. For more information on how the deploy images were installed, see Obtaining images for overcloud nodes.
Procedure
- Extract the images and upload them to the Image service:
4.5. Configuring deploy interfaces
When you provision bare metal nodes, the Bare Metal Provisioning service (ironic) on the overcloud writes a base operating system image to the disk on the bare metal node. By default, the deploy interface mounts the image on an iSCSI mount and then copies the image to disk on each node. Alternatively, you can use direct deploy, which writes disk images from a HTTP location directly to disk on bare metal nodes.
Support for the iSCSI deploy interface will be deprecated in Red Hat OpenStack Platform (RHOSP) version 17.0, and will be removed in RHOSP 18.0. Direct deploy will be the default deploy interface from RHOSP 17.0.
Deploy interfaces have a critical role in the provisioning process. Deploy interfaces orchestrate the deployment and define the mechanism for transferring the image to the target disk.
Prerequisites
- 
						Dependent packages configured on the bare metal service nodes that run ironic-conductor.
- Configure OpenStack Compute (nova) to use the bare metal service endpoint.
- Create flavors for the available hardware, and nova must boot the new node from the correct flavor.
- Images must be available in the Image service (glance): - bm-deploy-kernel
- bm-deploy-ramdisk
- user-image
- user-image-vmlinuz
- user-image-initrd
 
- Hardware to enroll with the Ironic API service.
Workflow
Use the following example workflow to understand the standard deploy process. Depending on the ironic driver interfaces that you use, some of the steps might differ:
- The Nova scheduler receives a boot instance request from the Nova API.
- The Nova scheduler identifies the relevant hypervisor and identifies the target physical node.
- The Nova compute manager claims the resources of the selected hypervisor.
- The Nova compute manager creates unbound tenant virtual interfaces (VIFs) in the Networking service according to the network interfaces that the nova boot request specifies.
- Nova compute invokes - driver.spawnfrom the Nova compute virt layer to create a spawn task that contains all of the necessary information. During the spawn process, the virt driver completes the following steps.- Updates the target ironic node with information about the deploy image, instance UUID, requested capabilities, and flavor properties.
- Calls the ironic API to validate the power and deploy interfaces of the target node.
- Attaches the VIFs to the node. Each neutron port can be attached to any ironic port or group. Port groups have higher priority than ports.
- Generates config drive.
 
- The Nova ironic virt driver issues a deploy request with the Ironic API to the Ironic conductor that services the bare metal node.
- Virtual interfaces are plugged in and the Neutron API updates DHCP to configure PXE/TFTP options.
- The ironic node boot interface prepares (i)PXE configuration and caches the deploy kernel and ramdisk.
- The ironic node management interface issues commands to enable network boot of the node.
- The ironic node deploy interface caches the instance image, kernel, and ramdisk, if necessary.
- The ironic node power interface instructs the node to power on.
- The node boots the deploy ramdisk.
- With iSCSI deployment, the conductor copies the image over iSCSI to the physical node. With direct deployment, the deploy ramdisk downloads the image from a temporary URL. This URL must be a Swift API compatible object store or a HTTP URL.
- The node boot interface switches PXE configuration to refer to instance images and instructs the ramdisk agent to soft power off the node. If the soft power off fails, the bare metal node is powered off with IPMI/BMC.
- The deploy interface instructs the network interface to remove any provisioning ports, binds the tenant ports to the node, and powers the node on.
				The provisioning state of the new bare metal node is now active.
			
4.5.1. Configuring the direct deploy interface on the overcloud
The iSCSI deploy interface is the default deploy interface. However, you can enable the direct deploy interface to download an image from a HTTP location to the target disk.
Support for the iSCSI deploy interface will be deprecated in Red Hat OpenStack Platform (RHOSP) version 17.0, and will be removed in RHOSP 18.0. Direct deploy will be the default deploy interface from RHOSP 17.0.
Prerequisites
- 
							Your overcloud node memory tmpfsmust have at least 8GB of RAM.
Procedure
- Create or modify a custom environment file - /home/stack/templates/direct_deploy.yamland specify the- IronicEnabledDeployInterfacesand the- IronicDefaultDeployInterfaceparameters.- parameter_defaults: IronicEnabledDeployInterfaces: direct IronicDefaultDeployInterface: direct - parameter_defaults: IronicEnabledDeployInterfaces: direct IronicDefaultDeployInterface: direct- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - If you register your nodes with iSCSI, retain the - iscsivalue in the- IronicEnabledDeployInterfacesparameter:- parameter_defaults: IronicEnabledDeployInterfaces: direct,iscsi IronicDefaultDeployInterface: direct - parameter_defaults: IronicEnabledDeployInterfaces: direct,iscsi IronicDefaultDeployInterface: direct- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- By default, the Bare Metal Provisioning service (ironic) agent on each node obtains the image stored in the Object Storage Service (swift) through a HTTP link. Alternatively, ironic can stream this image directly to the node through the - ironic-conductorHTTP server. To change the service that provides the image, set the- IronicImageDownloadSourceto- httpin the- /home/stack/templates/direct_deploy.yamlfile:- parameter_defaults: IronicEnabledDeployInterfaces: direct IronicDefaultDeployInterface: direct IronicImageDownloadSource: http - parameter_defaults: IronicEnabledDeployInterfaces: direct IronicDefaultDeployInterface: direct IronicImageDownloadSource: http- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Include the custom environment with your overcloud deployment: - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Wait until deployment completes. 
						If you did not specify IronicDefaultDeployInterface or want to use a different deploy interface, specify the deploy interface when you create or update a node:
					
openstack baremetal node create --driver ipmi --deploy-interface direct openstack baremetal node set <NODE> --deploy-interface direct
$ openstack baremetal node create --driver ipmi --deploy-interface direct
$ openstack baremetal node set <NODE> --deploy-interface direct4.6. Adding physical machines as bare metal nodes
Use one of the following methods to enroll a bare metal node:
- Prepare an inventory file with the node details, import the file into the Bare Metal Provisioning service, and make the nodes available.
- 
						Register a physical machine as a bare metal node, and then manually add its hardware details and create ports for each of its Ethernet MAC addresses. You can perform these steps on any node that has your overcloudrcfile.
4.6.1. Enrolling a bare metal node with an inventory file
Prepare an inventory file with the node details, import the file into the Bare Metal Provisioning service (ironic), and make the nodes available.
Prerequisites
- An overcloud deployment that includes the Bare Metal Provisioning service. For more information, see Deploying an overcloud with the Bare Metal Provisioning service.
Procedure
- Create an inventory file, - overcloud-nodes.yaml, that includes the node details. You can enroll multiple nodes with one file.- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
									Replace <ipmi_ip>with the address of the Bare Metal controller.
- 
									Replace <user>with your username.
- 
									Replace <password>with your password.
- 
									Optional: Replace <property>: <value>with an IPMI property that you want to configure, and the property value. For information on the available properties, see Intelligent Platform Management Interface (IPMI) power management driver.
- 
									Replace <cpu_count>with the number of CPUs.
- 
									Replace <cpu_arch>with the type of architecture of the CPUs.
- 
									Replace <memory>with the amount of memory in MiB.
- 
									Replace <root_disk>with the size of the root disk in GiB. Only required when the machine has multiple disks.
- 
									Replace <serial>with the serial number of the disk that you want to use for deployment.
- 
									Replace <mac_address>with the MAC address of the NIC used to PXE boot.
- --driver-info <property>=<value>
 
- 
									Replace 
- Source the - overcloudrcfile:- source ~/overcloudrc - $ source ~/overcloudrc- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Import the inventory file into the Bare Metal Provisioning service: - openstack baremetal create overcloud-nodes.yaml - $ openstack baremetal create overcloud-nodes.yaml- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - The nodes are now in the - enrollstate.
- Specify the deploy kernel and deploy ramdisk on each node: - openstack baremetal node set <node> \ --driver-info deploy_kernel=<kernel_file> \ --driver-info deploy_ramdisk=<initramfs_file> - $ openstack baremetal node set <node> \ --driver-info deploy_kernel=<kernel_file> \ --driver-info deploy_ramdisk=<initramfs_file>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
									Replace <node>with the name or ID of the node.
- 
									Replace <kernel_file>with the path to the.kernelimage, for example,file:///var/lib/ironic/httpboot/agent.kernel.
- 
									Replace <initramfs_file>with the path to the.initramfsimage, for example,file:///var/lib/ironic/httpboot/agent.ramdisk.
 
- 
									Replace 
- Optional: Specify the IPMI cipher suite for each node: - openstack baremetal node set <node> \ --driver-info ipmi_cipher_suite=<version> - $ openstack baremetal node set <node> \ --driver-info ipmi_cipher_suite=<version>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
									Replace <node>with the name or ID of the node.
- Replace - <version>with the cipher suite version to use on the node. Set to one of the following valid values:- 
											3- The node uses the AES-128 with SHA1 cipher suite.
- 
											17- The node uses the AES-128 with SHA256 cipher suite.
 
- 
											
 
- 
									Replace 
- Set the provisioning state of the node to - available:- openstack baremetal node manage <node> openstack baremetal node provide <node> - $ openstack baremetal node manage <node> $ openstack baremetal node provide <node>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - The Bare Metal Provisioning service cleans the node if you enabled node cleaning. 
- Set the local boot option on the node: - openstack baremetal node set <node> --property capabilities="boot_option:local" - $ openstack baremetal node set <node> --property capabilities="boot_option:local"- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Check that the nodes are enrolled: - openstack baremetal node list - $ openstack baremetal node list- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - There might be a delay between enrolling a node and its state being shown. 
4.6.2. Enrolling a bare-metal node manually
					Register a physical machine as a bare metal node, then manually add its hardware details and create ports for each of its Ethernet MAC addresses. You can perform these steps on any node that has your overcloudrc file.
				
Prerequisites
- An overcloud deployment that includes the Bare Metal Provisioning service. For more information, see Deploying an overcloud with the Bare Metal Provisioning service.
- 
							The driver for the new node must be enabled by using the IronicEnabledHardwareTypesparameter. For more information about supported drivers, see Bare metal drivers.
Procedure
- 
							Log in to the undercloud host as the stackuser.
- Source the overcloud credentials file: - source ~/overcloudrc - (undercloud)$ source ~/overcloudrc- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Add a new node: - openstack baremetal node create --driver <driver_name> --name <node_name> - $ openstack baremetal node create --driver <driver_name> --name <node_name>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
									Replace <driver_name>with the name of the driver, for example,ipmi.
- 
									Replace <node_name>with the name of your new bare-metal node.
 
- 
									Replace 
- Note the UUID assigned to the node when it is created.
- Set the boot option to - localfor each registered node:- openstack baremetal node set \ --property capabilities="boot_option:local" <node> - $ openstack baremetal node set \ --property capabilities="boot_option:local" <node>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Replace - <node>with the UUID of the bare metal node.
- Specify the deploy kernel and deploy ramdisk for the node driver: - openstack baremetal node set <node> \ --driver-info deploy_kernel=<kernel_file> \ --driver-info deploy_ramdisk=<initramfs_file> - $ openstack baremetal node set <node> \ --driver-info deploy_kernel=<kernel_file> \ --driver-info deploy_ramdisk=<initramfs_file>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
									Replace <node>with the ID of the bare metal node.
- 
									Replace <kernel_file>with the path to the.kernelimage, for example,file:///var/lib/ironic/httpboot/agent.kernel.
- 
									Replace <initramfs_file>with the path to the.initramfsimage, for example,file:///var/lib/ironic/httpboot/agent.ramdisk.
 
- 
									Replace 
- Update the node properties to match the hardware specifications on the node: - openstack baremetal node set <node> \ --property cpus=<cpu> \ --property memory_mb=<ram> \ --property local_gb=<disk> \ --property cpu_arch=<arch> - $ openstack baremetal node set <node> \ --property cpus=<cpu> \ --property memory_mb=<ram> \ --property local_gb=<disk> \ --property cpu_arch=<arch>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
									Replace <node>with the ID of the bare metal node.
- 
									Replace <cpu>with the number of CPUs.
- 
									Replace <ram>with the RAM in MB.
- 
									Replace <disk>with the disk size in GB.
- 
									Replace <arch>with the architecture type.
 
- 
									Replace 
- Optional: Specify the IPMI cipher suite for each node: - openstack baremetal node set <node> \ --driver-info ipmi_cipher_suite=<version> - $ openstack baremetal node set <node> \ --driver-info ipmi_cipher_suite=<version>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
									Replace <node>with the ID of the bare metal node.
- Replace - <version>with the cipher suite version to use on the node. Set to one of the following valid values:- 
											3- The node uses the AES-128 with SHA1 cipher suite.
- 
											17- The node uses the AES-128 with SHA256 cipher suite.
 
- 
											
 
- 
									Replace 
- Optional: Specify the IPMI details for each node: - openstack baremetal node set <node> \ --driver-info <property>=<value> - $ openstack baremetal node set <node> \ --driver-info <property>=<value>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
									Replace <node>with the ID of the bare metal node.
- 
									Replace <property>with the IPMI property that you want to configure. For information on the available properties, see Intelligent Platform Management Interface (IPMI) power management driver.
- 
									Replace <value>with the property value.
 
- 
									Replace 
- Optional: If you have multiple disks, set the root device hints to inform the deploy ramdisk which disk to use for deployment: - openstack baremetal node set <node> \ --property root_device='{"<property>": "<value>"}'- $ openstack baremetal node set <node> \ --property root_device='{"<property>": "<value>"}'- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
									Replace <node>with the ID of the bare metal node.
- Replace - <property>and- <value>with details about the disk that you want to use for deployment, for example- root_device='{"size": "128"}'- RHOSP supports the following properties: - 
											model(String): Device identifier.
- 
											vendor(String): Device vendor.
- 
											serial(String): Disk serial number.
- 
											hctl(String): Host:Channel:Target:Lun for SCSI.
- 
											size(Integer): Size of the device in GB.
- 
											wwn(String): Unique storage identifier.
- 
											wwn_with_extension(String): Unique storage identifier with the vendor extension appended.
- 
											wwn_vendor_extension(String): Unique vendor storage identifier.
- 
											rotational(Boolean): True for a rotational device (HDD), otherwise false (SSD).
- name(String): The name of the device, for example: /dev/sdb1 Use this property only for devices with persistent names.Note- If you specify more than one property, the device must match all of those properties. 
 
- 
											
 
- 
									Replace 
- Inform the Bare Metal Provisioning service of the node network card by creating a port with the MAC address of the NIC on the provisioning network: - openstack baremetal port create --node <node_uuid> <mac_address> - $ openstack baremetal port create --node <node_uuid> <mac_address>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
									Replace <node>with the unique ID of the bare metal node.
- 
									Replace <mac_address>with the MAC address of the NIC used to PXE boot.
 
- 
									Replace 
- Validate the configuration of the node: - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - The validation output - Resultindicates the following:- 
									False: The interface has failed validation. If the reason provided includes missing theinstance_infoparameters[\'ramdisk', \'kernel', and \'image_source'], this might be because the Compute service populates those missing parameters at the beginning of the deployment process, therefore they have not been set at this point. If you are using a whole disk image, then you might need to only setimage_sourceto pass the validation.
- 
									True: The interface has passed validation.
- 
									None: The interface is not supported for your driver.
 
- 
									
4.6.3. Bare-metal node provisioning states
A bare-metal node transitions through several provisioning states during its lifetime. API requests and conductor events performed on the node initiate the transitions. There are two categories of provisioning states: "stable" and "in transition".
Use the following table to understand the provisioning states a node can be in, and the actions that are available for you to use to transition the node from one provisioning state to another.
| State | Category | Description | 
|---|---|---|
| 
									 | Stable | The initial state of each node. For information on enrolling a node, see Adding physical machines as bare metal nodes. | 
| 
									 | In transition | 
									The Bare Metal Provisioning service validates that it can manage the node by using the  | 
| 
									 | Stable | 
									The node is transitioned to the manageable state when the Bare Metal Provisioning service has verified that it can manage the node. You can transition the node from the  
 
									You must move a node to the  
 
									Move a node into the  | 
| 
									 | In transition | 
									The Bare Metal Provisioning service uses node introspection to update the hardware-derived node properties to reflect the current state of the hardware. The node transitions to  | 
| 
									 | In transition | 
									The provision state that indicates that an asynchronous inspection is in progress. If the node inspection is successful, the node transitions to the  | 
| 
									 | Stable | 
									The provisioning state that indicates that the node inspection failed. You can transition the node from the  
 | 
| 
									 | In transition | 
									Nodes in the  
 | 
| 
									 | In transition | 
									Nodes in the  
									You can interrupt the cleaning process of a node in the  | 
| 
									 | Stable | 
									After nodes have been successfully preconfigured and cleaned, they are moved into the  
 | 
| 
									 | In transition | 
									Nodes in the  
 | 
| 
									 | In transition | 
									Nodes in the  
 
									You can interrupt the deployment of a node in the  | 
| 
									 | Stable | 
									The provisioning state that indicates that the node deployment failed. You can transition the node from the  
 | 
| 
									 | Stable | 
									Nodes in the  
 | 
| 
									 | In transition | 
									When a node is in the  | 
| 
									 | Stable | 
									If a node deletion is unsuccessful, the node is moved into the  
 | 
| 
									 | In transition | 
									You can use the  | 
| 
									 | In transition | 
									Nodes in the  
 | 
| 
									 | In transition | 
									Nodes in the  
									You can interrupt the rescue operation of a node in the  | 
| 
									 | Stable | 
									The provisioning state that indicates that the node rescue failed. You can transition the node from the  
 | 
| 
									 | Stable | 
									Nodes in the  
 | 
| 
									 | In transition | 
									Nodes in the  | 
| 
									 | Stable | 
									The provisioning state that indicates that the node unrescue operation failed. You can transition the node from the  
 | 
4.7. Configuring Redfish virtual media boot
This feature is available in this release as a Technology Preview, and therefore is not fully supported by Red Hat. It should only be used for testing, and should not be deployed in a production environment. For more information about Technology Preview features, see Scope of Coverage Details.
You can use Redfish virtual media boot to supply a boot image to the Baseboard Management Controller (BMC) of a node so that the BMC can insert the image into one of the virtual drives. The node can then boot from the virtual drive into the operating system that exists in the image.
Redfish hardware types support booting deploy, rescue, and user images over virtual media. The Bare Metal Provisioning service (ironic) uses kernel and ramdisk images associated with a node to build bootable ISO images for UEFI or BIOS boot modes at the moment of node deployment. The major advantage of virtual media boot is that you can eliminate the TFTP image transfer phase of PXE and use HTTP GET, or other methods, instead.
4.7.1. Deploying a bare metal server with Redfish virtual media boot
This feature is available in this release as a Technology Preview, and therefore is not fully supported by Red Hat. It should only be used for testing, and should not be deployed in a production environment. For more information about Technology Preview features, see Scope of Coverage Details.
					To boot a node with the redfish hardware type over virtual media, set the boot interface to redfish-virtual-media and, for UEFI nodes, define the EFI System Partition (ESP) image. Then configure an enrolled node to use Redfish virtual media boot.
				
Prerequisites
- 
							Redfish driver enabled in the enabled_hardware_typesparameter in theundercloud.conffile.
- A bare metal node registered and enrolled.
- IPA and instance images in the Image Service (glance).
- For UEFI nodes, you must also have an EFI system partition image (ESP) available in the Image Service (glance).
- A bare metal flavor.
- A network for cleaning and provisioning.
- Sushy library installed: - sudo yum install sushy - $ sudo yum install sushy- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
Procedure
- Set the Bare Metal service (ironic) boot interface to - redfish-virtual-media:- openstack baremetal node set --boot-interface redfish-virtual-media $NODE_NAME - $ openstack baremetal node set --boot-interface redfish-virtual-media $NODE_NAME- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Replace - $NODE_NAMEwith the name of the node.
- For UEFI nodes, set the boot mode to - uefi:- openstack baremetal node set --property capabilities="boot_mode:uefi" $NODE_NAME - $ openstack baremetal node set --property capabilities="boot_mode:uefi" $NODE_NAME- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Replace - $NODE_NAMEwith the name of the node.Note- For BIOS nodes, do not complete this step. 
- For UEFI nodes, define the EFI System Partition (ESP) image: - openstack baremetal node set --driver-info bootloader=$ESP $NODE_NAME - $ openstack baremetal node set --driver-info bootloader=$ESP $NODE_NAME- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Replace - $ESPwith the glance image UUID or URL for the ESP image, and replace- $NODE_NAMEwith the name of the node.Note- For BIOS nodes, do not complete this step. 
- Create a port on the bare metal node and associate the port with the MAC address of the NIC on the bare metal node: - openstack baremetal port create --pxe-enabled True --node $UUID $MAC_ADDRESS - $ openstack baremetal port create --pxe-enabled True --node $UUID $MAC_ADDRESS- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Replace - $UUIDwith the UUID of the bare metal node, and replace- $MAC_ADDRESSwith the MAC address of the NIC on the bare metal node.
- Create the new bare metal server: - openstack server create \ --flavor baremetal \ --image $IMAGE \ --network $NETWORK \ test_instance- $ openstack server create \ --flavor baremetal \ --image $IMAGE \ --network $NETWORK \ test_instance- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Replace - $IMAGEand- $NETWORKwith the names of the image and network that you want to use.
4.8. Using host aggregates to separate physical and virtual machine provisioning
OpenStack Compute uses host aggregates to partition availability zones, and group together nodes that have specific shared properties. When an instance is provisioned, the Compute scheduler compares properties on the flavor with the properties assigned to host aggregates, and ensures that the instance is provisioned in the correct aggregate and on the correct host: either on a physical machine or as a virtual machine.
Complete the steps in this section to perform the following operations:
- 
						Add the property baremetalto your flavors and set it to eithertrueorfalse.
- 
						Create separate host aggregates for bare metal hosts and compute nodes with a matching baremetalproperty. Nodes grouped into an aggregate inherit this property.
Prerequisites
- A successful overcloud deployment that includes the Bare Metal Provisioning service. For more information, see Deploying an overcloud with the Bare Metal Provisioning service.
Procedure
- Set the - baremetalproperty to- trueon the baremetal flavor.- openstack flavor set baremetal --property baremetal=true - $ openstack flavor set baremetal --property baremetal=true- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Set the - baremetalproperty to- falseon the flavors that virtual instances use:- openstack flavor set FLAVOR_NAME --property baremetal=false - $ openstack flavor set FLAVOR_NAME --property baremetal=false- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Create a host aggregate called - baremetal-hosts:- openstack aggregate create --property baremetal=true baremetal-hosts - $ openstack aggregate create --property baremetal=true baremetal-hosts- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Add each Controller node to the - baremetal-hostsaggregate:- openstack aggregate add host baremetal-hosts HOSTNAME - $ openstack aggregate add host baremetal-hosts HOSTNAME- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow Note- If you have created a composable role with the - NovaIronicservice, add all the nodes with this service to the- baremetal-hostsaggregate. By default, only the Controller nodes have the- NovaIronicservice.
- Create a host aggregate called - virtual-hosts:- openstack aggregate create --property baremetal=false virtual-hosts - $ openstack aggregate create --property baremetal=false virtual-hosts- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Add each Compute node to the - virtual-hostsaggregate:- openstack aggregate add host virtual-hosts HOSTNAME - $ openstack aggregate add host virtual-hosts HOSTNAME- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- If you did not add the following Compute filter scheduler when you deployed the overcloud, add it now to the existing list under - scheduler_default_filtersin the- _/etc/nova/nova.conf_file:- AggregateInstanceExtraSpecsFilter - AggregateInstanceExtraSpecsFilter- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow