# Post-Deploy Ironic ## Set Ironic Default PXE Boot Images After running `post-deploy`, two new images will have been downloaded, and added to glance, named `pxe_deploy_kernel` and `pxe_deploy_ramdisk`. Ironic needs to be configured to use these images to netboot nodes, and you'll need the UUIDs that glance assigned to them. Get them either from Horizon, under images, or by running `openstack image show `. To set them as default, add the following to your `defaults.yml` ``` ironic_deploy_kernel: ironic_deploy_ramdisk: ``` Then, run `cc-ansible --site /opt/site-config deploy --tags ironic` to deploy the change. These will be used if not overridden for a specific node, which can be done via: ``` openstack hardware set --deploy_kernel --deploy_ramdisk ``` ## Configure controller's IPMI interface Make sure servers' IPMI (iDRAC) ports are connected to the tenant switch and are accessible by the trunk port (controller's internal interface). Assign an ip in the IPAM subnet to the internal bridge. Try pinging the IPAM ports from the controller. They must be accessible. For instance, if the IPAM subnet is `192.168.0.0/16`, we assign an arbitrary address `192.168.2.31/16` to `brinternal` bridge on the controller. ``` brinternal: mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 32:0e:5f:b1:8d:f3 brd ff:ff:ff:ff:ff:ff inet 10.20.111.11/23 brd 10.20.111.255 scope global brinternal valid_lft forever preferred_lft forever inet 192.168.2.31/16 brd 192.168.255.255 scope global brinternal valid_lft forever preferred_lft forever inet 10.20.111.254/32 scope global brinternal valid_lft forever preferred_lft forever ``` ## Configure Ironic PXE network On the Baremetal nodes, at least one of the registered network interfaces (those interfaces that are mentioned during the enrollment) must be PXE capable and connected to the tenants switch. PXE capabality of a network intrerface should be enabled from BIOS settings. This interface gets an IP from ironic provisioning network during the netboot. The Ironic provisioning network is a Neutron network used to netboot nodes and load images onto them. It is created during post-deploy, with the subnet `ironic_provisioning_network_cidr`, on physnet1, with the vlan `ironic_provisioning_network_vlan`. The ironic provisioning subnet MUST be able to route to the `kolla_internal_vip_address`. This can be done by creating a virtual router on the tenant switch, connecting the trunk VLAN and `ironic_provisioning_network_vlan`. The configuration procedure is shown with the following assumptions ``` ironic_provisioning_network_vlan: 200 ironic_provisioning_network_vlan: 10.51.0.0/24 kolla_internal_vip_address: 10.20.111.254 kolla_internal_network: 10.20.110.0/23 ``` 1. Create 2 ipv4 interfaces on the tenant switch, each of them facing one VLAN. ![Add ipv4 interfaces](/files/IXOtsuG9KGWqodoeQpDa) 2. Create a virtual router (VRRP) on the tenant switch, add the interfaces from the previous step. ![Add ipv4 interfaces](/files/jp1i0mCVxkVcB8Ni7U3C) 3. Create this route on the controller ``` sudo ip route add 10.51.0.0/24 via 10.20.110.1 ``` ## Configure IPMI console Make sure the ipmitool-shellinabox console interface is enabled, for example: ``` $ vim site-config/node_custom_config/ironic.conf ... # enable serial console for baremetal instances enabled_console_interfaces = ipmitool-shellinabox,no-console ... ``` ## Networking note Make sure there is no management interface on the baremetal nodes other than IPMI (iDRAC). Otherwise users will be exposed to the management network! --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://kth-expeca.gitbook.io/testbedconfig/deploy/barematel.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.