Post-Deploy Ironic

Set Ironic Default PXE Boot Images

After running post-deploy, two new images will have been downloaded, and added to glance, named pxe_deploy_kernel and pxe_deploy_ramdisk.

Ironic needs to be configured to use these images to netboot nodes, and you'll need the UUIDs that glance assigned to them. Get them either from Horizon, under images, or by running openstack image show <name>.

To set them as default, add the following to your defaults.yml

ironic_deploy_kernel: <pxe_deploy_kernel_uuid>
ironic_deploy_ramdisk: <pxe_deploy_ramdisk_uuid>

Then, run cc-ansible --site /opt/site-config deploy --tags ironic to deploy the change.

These will be used if not overridden for a specific node, which can be done via:

openstack hardware set --deploy_kernel <deploy_kernel_uuid> --deploy_ramdisk <deploy_ramdisk_uuid> <node_uuid>

Configure controller's IPMI interface

Make sure servers' IPMI (iDRAC) ports are connected to the tenant switch and are accessible by the trunk port (controller's internal interface). Assign an ip in the IPAM subnet to the internal bridge. Try pinging the IPAM ports from the controller. They must be accessible.

For instance, if the IPAM subnet is 192.168.0.0/16, we assign an arbitrary address 192.168.2.31/16 to brinternal bridge on the controller.

brinternal: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 32:0e:5f:b1:8d:f3 brd ff:ff:ff:ff:ff:ff
    inet 10.20.111.11/23 brd 10.20.111.255 scope global brinternal
       valid_lft forever preferred_lft forever
    inet 192.168.2.31/16 brd 192.168.255.255 scope global brinternal
       valid_lft forever preferred_lft forever
    inet 10.20.111.254/32 scope global brinternal
       valid_lft forever preferred_lft forever

Configure Ironic PXE network

On the Baremetal nodes, at least one of the registered network interfaces (those interfaces that are mentioned during the enrollment) must be PXE capable and connected to the tenants switch. PXE capabality of a network intrerface should be enabled from BIOS settings. This interface gets an IP from ironic provisioning network during the netboot.

The Ironic provisioning network is a Neutron network used to netboot nodes and load images onto them. It is created during post-deploy, with the subnet ironic_provisioning_network_cidr, on physnet1, with the vlan ironic_provisioning_network_vlan. The ironic provisioning subnet MUST be able to route to the kolla_internal_vip_address. This can be done by creating a virtual router on the tenant switch, connecting the trunk VLAN and ironic_provisioning_network_vlan.

The configuration procedure is shown with the following assumptions

ironic_provisioning_network_vlan: 200
ironic_provisioning_network_vlan: 10.51.0.0/24
kolla_internal_vip_address: 10.20.111.254
kolla_internal_network: 10.20.110.0/23

  1. Create 2 ipv4 interfaces on the tenant switch, each of them facing one VLAN.

  2. Create a virtual router (VRRP) on the tenant switch, add the interfaces from the previous step.

  3. Create this route on the controller

    sudo ip route add 10.51.0.0/24 via 10.20.110.1

Configure IPMI console

Make sure the ipmitool-shellinabox console interface is enabled, for example:

$ vim site-config/node_custom_config/ironic.conf
...
# enable serial console for baremetal instances
enabled_console_interfaces = ipmitool-shellinabox,no-console
...

Networking note

Make sure there is no management interface on the baremetal nodes other than IPMI (iDRAC). Otherwise users will be exposed to the management network!

PreviousSet Up Admin ConsoleNextDeploy Monitoring Services

Last updated