Difference between revisions of "OpenStack:Ironic"
(→Ironic POC basic test environment: Add a note on the interface to the IPMI network) |
(Add docs for getting Ironic up and running from scratch) |
||
| Line 1: | Line 1: | ||
| + | == Recommended kolla-ansible overrides == | ||
| + | Overrides in <code>/etc/kolla/globals.yml</code> enabling Ironic and its Neutron agent (OpenStack Stein): | ||
| + | |||
| + | <nowiki> | ||
| + | enable_ironic: "yes" | ||
| + | enable_ironic_neutron_agent: "yes" | ||
| + | </nowiki> | ||
| + | |||
| + | Overrides in <code>/etc/kolla/config/ironic/ironic-conductor.conf</code>: | ||
| + | |||
| + | <nowiki> | ||
| + | [DEFAULT] | ||
| + | enabled_network_interfaces = noop,flat | ||
| + | default_network_interface = flat | ||
| + | |||
| + | [pxe] | ||
| + | tftp_server = <ip-of-a-dedicated-interface> | ||
| + | pxe_append_params = nofb nomodeset vga=normal console=ttyS1,115200 console=tty0 sshkey="ssh-rsa AAAA..." ipa-debug=1 coreos.autologin | ||
| + | |||
| + | [deploy] | ||
| + | default_boot_option = local | ||
| + | |||
| + | [agent] | ||
| + | deploy_logs_collect = on_failure | ||
| + | |||
| + | [conductor] | ||
| + | clean_callback_timeout = 300 | ||
| + | </nowiki> | ||
| + | The IP for "tftp_server" can be the same as for the interface on which internal OpenStack APIs are running on the host that's hosting Ironic (only setup with one controller hosting all Ironic components has been tested). | ||
| + | Also set "sshkey" to the public key of your deploy node or headnode to enable SSH access to the node that's being deployed. | ||
| + | |||
| + | |||
| + | == Recommended post-deployment configuration == | ||
| + | NOTE: Steps described here are for localboot nodes and Ironic without multitenancy only. | ||
| + | |||
| + | First, build CoreOS-based Ironic Python Agent (IPA) deploy images. Here are commands to set up your IPA image building environment on a Ubuntu Xenial: | ||
| + | |||
| + | <nowiki> | ||
| + | $ sudo apt-get update | ||
| + | $ sudo apt-get install docker.io gzip uuid-runtime cpio findutils grep gnupg cgroup-lite git build-essential python-pip python-dev -y | ||
| + | $ sudo service docker start | ||
| + | $ git clone https://git.openstack.org/openstack/ironic-python-agent | ||
| + | $ cd ironic-python-agent/imagebuild/coreos | ||
| + | $ git checkout cf30024f96e798f5607c9664b0b6236db3232119 | ||
| + | $ sudo pip install -r ~/ironic-python-agent/requirements.txt | ||
| + | $ sudo make | ||
| + | </nowiki> | ||
| + | |||
| + | Transfer/mount images from the <code>UPLOAD</code> subdirectory to your controller/headnode and add them to Glance: | ||
| + | |||
| + | <nowiki> | ||
| + | $ openstack image create --public --container-format aki --disk-format aki --file ~/coreos_production_pxe.vmlinuz ironic-deploy_kernel | ||
| + | $ openstack image create --public --container-format ari --disk-format ari --file ~/coreos_production_pxe_image-oem.cpio.gz ironic-deploy_ramdisk | ||
| + | </nowiki> | ||
| + | Also add regular operating system images - no special options are required here and regular cloud images can be used. Here is an example for a CentOS image: | ||
| + | |||
| + | <nowiki> | ||
| + | $ openstack image create --public --container-format bare --disk-format qcow2 --file ~/CentOS-7-x86_64-GenericCloud-1907.qcow2 centos7-1907 | ||
| + | </nowiki> | ||
| + | |||
| + | Create a flavour for your baremetal nodes: | ||
| + | |||
| + | <nowiki> | ||
| + | $ openstack flavor create --ram 1024 --vcpus 2 --disk 100 baremetal.small | ||
| + | $ openstack flavor set --property resources:CUSTOM_BAREMETAL=1 baremetal.small | ||
| + | $ openstack flavor set --property resources:VCPU=0 baremetal.small | ||
| + | $ openstack flavor set --property resources:MEMORY_MB=0 baremetal.small | ||
| + | $ openstack flavor set --property resources:DISK_GB=0 baremetal.small | ||
| + | </nowiki> | ||
| + | |||
| + | Create a provisioning network and a subnet. These can be just regular flat provider networks, or can be using VLANs. Here is an example for an interface on a VLAN: | ||
| + | |||
| + | <nowiki> | ||
| + | $ openstack network create public304 --provider-physical-network physnet1 --provider-network-type vlan --provider-segment 304 | ||
| + | $ openstack subnet create --dhcp --allocation-pool start=10.6.44.101,end=10.6.47.254 --network public304 --subnet-range 10.6.44.0/22 --gateway 10.6.44.1 public304-subnet | ||
| + | </nowiki> | ||
| + | |||
| + | Finaly, add your nodes to Ironic's database: | ||
| + | |||
| + | <nowiki> | ||
| + | $ openstack baremetal node create --driver ipmi --name <node-name> --driver-info ipmi_username=<ipmi-username> --driver-info ipmi_password=<ipmi-password> --driver-info ipmi_address=<ipmi-address> --driver-info cleaning_network=<uuid-of-the-provisioning-network> --driver-info provisioning_network=<uuid-of-the-provisioning-network> --driver-info deploy_kernel=<uuid-of-the-ironic-deploy_kernel-image> --driver-info deploy_ramdisk=<uuid-of-the-ironic-deploy_ramdisk-image> --resource-class baremetal --network-interface flat | ||
| + | $ openstack baremetal port create <mac-address-of-the-node's-provisioning-interface> --node <node-uuid> | ||
| + | $ openstack baremetal node manage <node-name> | ||
| + | $ openstack baremetal node provide <node-name> | ||
| + | </nowiki> | ||
| + | |||
| + | If everything went well, a deploy by launching instances, like so: | ||
| + | |||
| + | <nowiki> | ||
| + | $ openstack server create --image <image-to-provision-node-with> --flavor baremetal.small --security-group ping-and-ssh --key-name mykey --network <name-of-the-provisioning-network> <instance-name> | ||
| + | </nowiki> | ||
| + | |||
| + | === References === | ||
| + | # https://docs.openstack.org/kolla-ansible/rocky/reference/ironic-guide.html#post-deployment-configuration | ||
| + | # https://docs.openstack.org/ironic/rocky/install/configure-glance-images.html | ||
| + | # https://github.com/openstack/ironic-python-agent/tree/cf30024f96e798f5607c9664b0b6236db3232119/imagebuild/coreos | ||
| + | |||
| + | |||
== Ironic POC basic test environment == | == Ironic POC basic test environment == | ||
Revision as of 14:04, 4 October 2019
Recommended kolla-ansible overrides
Overrides in /etc/kolla/globals.yml enabling Ironic and its Neutron agent (OpenStack Stein):
enable_ironic: "yes" enable_ironic_neutron_agent: "yes"
Overrides in /etc/kolla/config/ironic/ironic-conductor.conf:
[DEFAULT] enabled_network_interfaces = noop,flat default_network_interface = flat [pxe] tftp_server = <ip-of-a-dedicated-interface> pxe_append_params = nofb nomodeset vga=normal console=ttyS1,115200 console=tty0 sshkey="ssh-rsa AAAA..." ipa-debug=1 coreos.autologin [deploy] default_boot_option = local [agent] deploy_logs_collect = on_failure [conductor] clean_callback_timeout = 300
The IP for "tftp_server" can be the same as for the interface on which internal OpenStack APIs are running on the host that's hosting Ironic (only setup with one controller hosting all Ironic components has been tested). Also set "sshkey" to the public key of your deploy node or headnode to enable SSH access to the node that's being deployed.
Recommended post-deployment configuration
NOTE: Steps described here are for localboot nodes and Ironic without multitenancy only.
First, build CoreOS-based Ironic Python Agent (IPA) deploy images. Here are commands to set up your IPA image building environment on a Ubuntu Xenial:
$ sudo apt-get update $ sudo apt-get install docker.io gzip uuid-runtime cpio findutils grep gnupg cgroup-lite git build-essential python-pip python-dev -y $ sudo service docker start $ git clone https://git.openstack.org/openstack/ironic-python-agent $ cd ironic-python-agent/imagebuild/coreos $ git checkout cf30024f96e798f5607c9664b0b6236db3232119 $ sudo pip install -r ~/ironic-python-agent/requirements.txt $ sudo make
Transfer/mount images from the UPLOAD subdirectory to your controller/headnode and add them to Glance:
$ openstack image create --public --container-format aki --disk-format aki --file ~/coreos_production_pxe.vmlinuz ironic-deploy_kernel $ openstack image create --public --container-format ari --disk-format ari --file ~/coreos_production_pxe_image-oem.cpio.gz ironic-deploy_ramdisk
Also add regular operating system images - no special options are required here and regular cloud images can be used. Here is an example for a CentOS image:
$ openstack image create --public --container-format bare --disk-format qcow2 --file ~/CentOS-7-x86_64-GenericCloud-1907.qcow2 centos7-1907
Create a flavour for your baremetal nodes:
$ openstack flavor create --ram 1024 --vcpus 2 --disk 100 baremetal.small $ openstack flavor set --property resources:CUSTOM_BAREMETAL=1 baremetal.small $ openstack flavor set --property resources:VCPU=0 baremetal.small $ openstack flavor set --property resources:MEMORY_MB=0 baremetal.small $ openstack flavor set --property resources:DISK_GB=0 baremetal.small
Create a provisioning network and a subnet. These can be just regular flat provider networks, or can be using VLANs. Here is an example for an interface on a VLAN:
$ openstack network create public304 --provider-physical-network physnet1 --provider-network-type vlan --provider-segment 304 $ openstack subnet create --dhcp --allocation-pool start=10.6.44.101,end=10.6.47.254 --network public304 --subnet-range 10.6.44.0/22 --gateway 10.6.44.1 public304-subnet
Finaly, add your nodes to Ironic's database:
$ openstack baremetal node create --driver ipmi --name <node-name> --driver-info ipmi_username=<ipmi-username> --driver-info ipmi_password=<ipmi-password> --driver-info ipmi_address=<ipmi-address> --driver-info cleaning_network=<uuid-of-the-provisioning-network> --driver-info provisioning_network=<uuid-of-the-provisioning-network> --driver-info deploy_kernel=<uuid-of-the-ironic-deploy_kernel-image> --driver-info deploy_ramdisk=<uuid-of-the-ironic-deploy_ramdisk-image> --resource-class baremetal --network-interface flat $ openstack baremetal port create <mac-address-of-the-node's-provisioning-interface> --node <node-uuid> $ openstack baremetal node manage <node-name> $ openstack baremetal node provide <node-name>
If everything went well, a deploy by launching instances, like so:
$ openstack server create --image <image-to-provision-node-with> --flavor baremetal.small --security-group ping-and-ssh --key-name mykey --network <name-of-the-provisioning-network> <instance-name>
References
- https://docs.openstack.org/kolla-ansible/rocky/reference/ironic-guide.html#post-deployment-configuration
- https://docs.openstack.org/ironic/rocky/install/configure-glance-images.html
- https://github.com/openstack/ironic-python-agent/tree/cf30024f96e798f5607c9664b0b6236db3232119/imagebuild/coreos
Ironic POC basic test environment
Revision of kolla-ansible used (branch stable/rocky):
commit 668da3c332fcd58fa2b023e8bb74ca8225e222bc
Author: Jeffrey Zhang <zhang.lei.fly@gmail.com>
Date: Tue Dec 11 16:01:03 2018 +0800
Add cache configuration for ceilometer project
when using ceilometer+gnocchi, for every notification sample, ceilometer
will update the resource even if is not updated.
We should add [cache] section to make ceilometer cache the resource, and
stop send the useless update request.
Closes-Bug: #1807841
Change-Id: Ic33b4cd5ba8165c20878cab068f38a3948c9d31d
(cherry picked from commit 55bf29ec6c459dc46cefdee69acb8e427763e409)
Standard all-in-one inventory has been used.
kolla-ansible config (/etc/kolla/globals.yml):
---
config_strategy: "COPY_ALWAYS"
kolla_base_distro: "centos"
kolla_install_type: "binary"
openstack_release: "7.0.2"
kolla_internal_vip_address: "192.168.10.254"
kolla_external_vip_address: "172.28.128.254"
docker_registry: "registry.vscaler.com:5000"
network_interface: "enp131s0f1.10"
kolla_external_vip_interface: "eno1"
neutron_external_interface: "enp131s0f0"
neutron_bridge_name: "br-ironic"
neutron_plugin_agent: "openvswitch"
enable_cinder_backup: "no"
enable_haproxy: "yes"
enable_heat: "yes"
enable_horizon: "yes"
enable_horizon_ironic: "{{ enable_ironic | bool }}"
enable_ironic: "yes"
enable_ironic_neutron_agent: "yes"
enable_swift: "no"
tempest_image_id:
tempest_flavor_ref_id:
tempest_public_network_id:
tempest_floating_network_name:
neutron_tenant_network_types: "vlan,flat"
enable_neutron_provider_networks: yes
Config overrides for Ironic (/etc/kolla/config/ironic/ironic-conductor.conf):
[DEFAULT] my_ip=192.168.10.10 enabled_network_interfaces=noop,flat,neutron default_network_interface=flat [deploy] default_boot_option = netboot
Here, eno1 is the interface providing access to the Ironic host from inside the Labs:
[root@alanis ~]# cat /etc/sysconfig/network-scripts/ifcfg-eno1 TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" BOOTPROTO="none" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" IPV6_ADDR_GEN_MODE="stable-privacy" NAME="eno1" UUID="7e04ebd9-2e2a-4297-b417-b9cb5e498259" DEVICE="eno1" ONBOOT="yes" IPADDR="172.28.128.1" PREFIX="16" GATEWAY="172.28.0.2" DNS1="172.28.0.2" DNS2="8.8.8.8" IPV6_PRIVACY="no"
enp131s0f0 is an interface that is up, but has no IP set (this will be used by Neutron to put external bridge on) and enp131s0f1.10 is a tagged secondary interface used for hosting internal OpenStack APIs and Ironic's TFTP server.
[root@alanis ~]# cat /etc/sysconfig/network-scripts/ifcfg-enp131s0f1.10 DEVICE=enp131s0f1.10 NAME=enp131s0f1.10 BOOTPROTO=none ONBOOT=yes IPADDR=192.168.10.10 PREFIX=24 NETWORK=192.168.10.0 VLAN=yes
IPMI to the baremetal host is available through another tagged interface, enp131s0f1.201:
[root@alanis ~]# cat /etc/sysconfig/network-scripts/ifcfg-enp131s0f1.201 DEVICE=enp131s0f1.201 NAME=enp131s0f1.201 BOOTPROTO=none ONBOOT=yes IPADDR=192.168.201.254 PREFIX=24 NETWORK=192.168.201.0 VLAN=yes
Note that because OpenStack here is deployed on a single machine, HAProxy is not strictly required.
If your playbook creates the ironic_dnsmasq container, stop/remove it, so you don't run into potential problems with 2 DHCPs on the same network.
Post deployment setup
For building baremetal images follow https://docs.openstack.org/ironic/rocky/install/configure-glance-images.html Here is an example of an Ubuntu image with a heat agent allowing to run script-based software deployments:
$ disk-image-create baremetal ubuntu dhcp-all-interfaces os-collect-config os-refresh-config os-apply-config heat-config heat-config-cfn-init heat-config-script -o ubuntu-software-config-ironic.qcow2
Add images to Glance:
$ openstack image create --container-format aki --disk-format aki --file ~/ubuntu-software-config-ironic.vmlinuz ubuntu-software-config-ironic_kernel $ openstack image create --container-format ari --disk-format ari --file ~/ubuntu-software-config-ironic.initrd ubuntu-software-config-ironic_initramfs $ openstack image create --public --container-format bare --disk-format qcow2 --file ~/ubuntu-software-config-dgx.qcow2 --property kernel_id=a8743614-38dc-43ed-8d3b-f4e1b4240eb0 --property ramdisk_id=1d370924-762b-49a0-8619-7f13aa8dafe1 ubuntu-software-config-dgx
In the last command kernel_id and ramdisk_id point to UUIDs of kernel and ramdisk images assigned them by Glance.
Note on localboot:
The above setup is susceptible to this bug: https://storyboard.openstack.org/#!/story/2002929. To avoid the problem you can set default_boot_option = local in Ironic overrides, so that your baremetal servers will be able to boot from their local disk after they are done provisioning. More importantly, with local boot you can use regular cloud images - without having to extract kernel and ramdisk out of them first (you'll still need the kernel and ramdisk for initial deploy).
This approach will be used in the next section.
Ironic POC with multi-tenancy
TODO: Add diagram
kolla-ansible config (/etc/kolla/globals.yml):
---
config_strategy: "COPY_ALWAYS"
kolla_base_distro: "centos"
kolla_install_type: "binary"
openstack_release: "7.0.2"
kolla_internal_vip_address: "192.168.10.254"
kolla_external_vip_address: "172.28.128.254"
docker_registry: "registry.vscaler.com:5000"
network_interface: "enp131s0f1.10"
kolla_external_vip_interface: "eno1"
neutron_external_interface: "enp131s0f0"
neutron_bridge_name: "br-ironic"
neutron_plugin_agent: "openvswitch"
enable_cinder_backup: "no"
enable_haproxy: "yes"
enable_heat: "yes"
enable_horizon: "yes"
enable_horizon_ironic: "{{ enable_ironic | bool }}"
enable_ironic: "yes"
enable_ironic_neutron_agent: "yes"
enable_swift: "no"
neutron_tenant_network_types: "vlan,flat"
neutron_server_image: "registry.vscaler.com:5000/kolla/centos-source-neutron-server-with-genericswitch"
neutron_server_tag: "7.1.0"
tempest_image_id:
tempest_flavor_ref_id:
tempest_public_network_id:
tempest_floating_network_name:
enable_neutron_provider_networks: yes
Ironic-specific overrides (/etc/kolla/config/ironic/ironic-conductor.conf):
[DEFAULT] my_ip=192.168.10.10 enabled_network_interfaces=noop,flat,neutron default_network_interface=neutron [deploy] default_boot_option = local
Network interface config is exactly the same as in the previous iteration of the deployment (without multi-tenancy).