1.Install Openstack With Neutron
2.Create and delete vm to test the setup
3.Configure existing setup for ironic
3.1.Configure ironic user in keystone
# keystone user-create --name=ironic --pass=IRONIC_PASSWORD --email=ironic@example.com
# keystone user-role-add --user=ironic --tenant=service --role=admin
3.2.Register ironic with keystone
# keystone service-create --name=ironic --type=baremetal --description="Ironic bare metal provisioning service" # keystone endpoint-create --service-id=the_service_id_above --publicurl=http://IRONIC_NODE:6385 --internalurl=http://IRONIC_NODE:6385 -- adminurl=http://IRONIC_NODE:6385
3.3.Setup DataBase
# mysql -u root -p mysql> CREATE DATABASE ironic CHARACTER SET utf8; mysql> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' IDENTIFIED BY 'IRONIC_DBPASSWORD'; mysql> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' IDENTIFIED BY 'IRONIC_DBPASSWORD';
3.4.The Bare Metal Service is configured via its configuration file.
This file is typically located at /etc/ironic/ironic.conf.
[DEFAULT] enabled_drivers = pxe_ipmitool debug=True auth_strategy=keystone log_dir=/var/log/ironic/ rabbit_host=<rabbitmq_server> [api] port=6385 [conductor] [database] connection = mysql://ironic:ironic@<database_server>/ironic?charset=utf8 [glance] glance_host=<glance_server> glance_port=9292 glance_protocol=http glance_num_retries=2 auth_strategy=keystone [ipmi] [keystone_authtoken] signing_dir = /var/cache/ironic/api admin_password = ironic admin_user = ironic admin_tenant_name = service auth_uri = http://<keystone_server>:5000/v2.0 identity_uri = http://<keystone_server>:35357 auth_protocol = http auth_port = 35357 auth_host = <keystone_server> admin_token = token123 [matchmaker_redis] [matchmaker_ring] [neutron] url=http://<neutron_server>:9696 [pxe] [rpc_notifier2] [seamicro] [ssh] [ssl]
3.5.Create the Bare Metal Service database tables:
#ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema
3.6.Restart the Bare Metal Service:
#service ironic-api restart
#service ironic-conductor restart
3.7.Configure the compute service
compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler compute_driver=ironic.nova.virt.ironic.IronicDriver scheduler_host_manager=ironic.nova.scheduler.ironic_host_manager.IronicHostManager ram_allocation_ratio=1.0 reserved_host_memory_mb=0
[ironic] # Ironic keystone admin name admin_username=ironic #Ironic keystone admin password. admin_password=ironic # keystone API endpoint admin_url=http://<keystone_server>:35357/v2.0 # Ironic keystone tenant name. admin_tenant_name=service # URL for Ironic API endpoint. api_endpoint=http://<ironic_api_server>:6385/v1
3.8.Restart Nova services
#service nova-scheduler restart
#service nova-compute restart
3.9.Configure Neutron
3.9.1.Edit /etc/neutron/plugins/ml2/ml2_conf.ini and modify these:
[ml2] type_drivers = flat tenant_network_types = flat mechanism_drivers = openvswitch [ml2_type_flat] flat_networks = physnet1 [securitygroup] firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver enable_security_group = True [ovs] network_vlan_ranges = physnet1 bridge_mappings = physnet1:br-em2 # Replace eth2 with the interface on the neutron node which you # are using to connect to the bare metal server
3.9.2.Add the integration bridge to Open vSwitch:
#ovs-vsctl add-br br-int
3.9.3.Create the br-eth2 network bridge to handle communication between the OpenStack (and Bare Metal services) and the bare metal nodes using eth2. Replace eth2 with the interface on the neutron node which you are using to connect to the Bare Metal Service:
# ovs-vsctl add-br br-em2
# ovs-vsctl add-port br-em2 em2
3.9.4.Restart the Open vSwitch agent:
#service neutron-plugin-openvswitch-agent restart #ovs-vsctl show Bridge br-ex Port "em1" Interface "em1" Port br-ex Interface br-ex type: internal Bridge br-int Port "int-br-em2" Interface "int-br-em2" Port br-int Interface br-int type: internal Bridge "br-em2" Port "br-em2" Interface "br-em2" type: internal Port "phy-br-em2" Interface "phy-br-em2" Port "em2" Interface "em2" ovs_version: "2.0.1"
3.9.5.Create the flat network on which you are going to launch the instances:
#neutron net-create --tenant-id $TENANT_ID sharednet1 --shared --provider:network_type flat --provider:physical_network physnet1
3.9.6.Create subnet
#neutron subnet-create sharednet1 --gateway <GateWay> <Network_CIDR> --name subnet1
3.10.Bare Metal provisioning requires two sets of images: the deploy images and the user images.
The disk-image-builder can be used to create images required for deployment and the actual OS which the user is going to run.
3.10.1.Clone the project and run the subsequent commands from the project directory:
#git clone https://github.com/openstack/diskimage-builder.git #cd diskimage-builder
3.10.2.Build the image your users will run (Ubuntu image has been taken as an example):
#bin/disk-image-create -u ubuntu -o my-image
The above command creates my-image.qcow2 file. If you want to use Fedora image, replace ubuntu with fedora in the above command.
3.10.3.Extract the kernel & ramdisk:
#bin/disk-image-get-kernel -d ./ -o my -i $(pwd)/my-image.qcow2
The above command creates my-vmlinuz and my-initrd files. These images are used while deploying the actual OS the users will run, my-image in our case.
3.10.4.Build the deploy image:
#bin/ramdisk-image-create ubuntu deploy-ironic -o my-deploy-ramdisk
The above command creates my-deploy-ramdisk.kernel and my-deploy-ramdisk.initramfs files which are used initially for preparing the server (creating disk partitions) before the actual OS deploy. If you want to use a Fedora image, replace ubuntu with fedora in the above command.
3.10.5.Add the user images to glance
Load all the images created in the below steps into Glance, and note the glance image UUIDs for each one as it is generated.
3.10.6.Add the kernel and ramdisk images to glance:
#glance image-create --name my-kernel --public --disk-format aki < my-vmlinuz
3.10.7.Store the image uuid obtained from the above step as $MY_VMLINUZ_UUID.
#glance image-create --name my-ramdisk --public --disk-format ari < my-initrd
3.10.8.Add the my-image to glance which is going to be the OS that the user is going to run. Also associate the above created images with this OS image.
These two operations can be done by executing the following command:
#glance image-create --name my-image --public --disk-format qcow2 --container-format bare --property kernel_id=$MY_VMLINUZ_UUID --property ramdisk_id=$MY_INITRD_UUID < my-image
3.10.9.Add the deploy images to glance
Add the my-deploy-ramdisk.kernel and my-deploy-ramdisk.initramfs images to glance:
# glance image-create --name deploy-vmlinuz --public --disk-format aki < my-deploy-ramdisk.kernel
Store the image UUID obtained from the above step as $DEPLOY_VMLINUZ_UUID.
# glance image-create --name deploy-initrd --public --disk-format ari < my-deploy-ramdisk.initramfs
Store the image UUID obtained from the above step as $DEPLOY_INITRD_UUID.
3.11.You’ll need to create a special Bare Metal flavor in Nova.
The flavor is mapped to the bare metal server through the hardware specifications.
Change these to match your hardware
RAM_MB=1024 CPU=2 DISK_GB=100 ARCH={i686|x86_64}
#nova flavor-create my-baremetal-flavor auto $RAM_MB $DISK_GB $CPU #nova flavor-key my-baremetal-flavor set cpu_arch=$ARCH "baremetal:deploy_kernel_id"=$DEPLOY_VMLINUZ_UUID "baremetal:deploy_ramdisk_id"=$DEPLOY_INITRD_UUID
3.12. Create node in ironic
# ironic node-create -d pxe_ipmitool -i ipmi_address=<ipmi_address> -i ipmi_username=<ipmi_username> -i ipmi_password=<ipmi_password> # ironic node-update $NODE_UUID add driver_info/pxe_deploy_kernel=$DEPLOY_VMLINUZ_UUID driver_info/pxe_deploy_ramdisk=$DEPLOY_INITRD_UUID # ironic port-create -n <node_id> -a<mac_id of server>
3.13.If you will be using PXE, it needs to be set up on the Bare Metal Service node(s) where ironic-conductor is running.
Make sure the tftp root directory exist and can be written to by the user the ironic-conductor is running as. For example:
#sudo mkdir -p /tftpboot #sudo chown -R ironic -p /tftpboot
Ubuntu:
#sudo apt-get install tftpd-hpa syslinux syslinux-common
#sudo yum install tftp-server syslinux-tftpboot #Setup tftp server to serve /tftpboot.
Copy the PXE image to /tftpboot. The PXE image might be found at [1]:
Ubuntu:
#sudo cp /usr/lib/syslinux/pxelinux.0 /tftpboot #Go to /etc/defaults/tftp-hpa remove everything and paste following TFTP_USERNAME="tftp" TFTP_DIRECTORY="/tftpboot" TFTP_ADDRESS="[::]:69" #TFTP_OPTIONS="--secure" TFTP_OPTIONS="--map-file /tftpboot/map-file -v -v -v -v"
To be able to access absolute path on tftp do following steps
Create a map file in /tftpboot/map-file
r ^([^/]) /tftpboot/1
tftp service should be running like below
/usr/sbin/in.tftpd --listen --user tftp --address [::]:69 --map-file /tftpboot/map-file -v -v -v -v /tftpboot
3.14.IPMI support
If using the IPMITool driver, the ipmitool command must be present on the service node(s) where ironic-conductor is running. On most distros, this is provided as part of the ipmitool package. Source code is available at http://ipmitool.sourceforge.net/
Note that certain distros, notably Mac OS X and SLES, install openipmi instead of ipmitool by default. THIS DRIVER IS NOT COMPATIBLE WITH openipmi AS IT RELIES ON ERROR HANDLING OPTIONS NOT PROVIDED BY THIS TOOL.
Check that you can connect to and authenticate with the IPMI controller in your bare metal server by using ipmitool:
ipmitool -I lanplus -H <ip-address> -U <username> -P <password> chassis power status
3.15.Test Setup with nova
nova boot --flavor baremetal --key-name mykey --image my-image --nic net-id=d3b9b3c5-378e-493b-9515-22c17433c23a bm1
3.16. Debug commands
3.16.1.Sometimes vm goes in error state and does not got deleted ,for that run following command in ironic
ironic node-update 0d78301c-2d78-42e0-b14d-4a031e5a7cd4 remove instance_uuid
3.16.2.Always Check the node is not in maintenance mode if it is in maintenance mode then remove it
ironic node-update 0d78301c-2d78-42e0-b14d-4a031e5a7cd4 replace maintenance=False