Ironic/Drivers/iLODrivers/mitaka

Overview
iLO drivers enable to take advantage of features of iLO management engine in HP ProLiant servers. iLO drivers are targeted for HP ProLiant Gen 8 systems and above which have iLO 4 management engine.

Currently there are 3 iLO drivers:


 * iscsi_ilo
 * agent_ilo
 * pxe_ilo

The iscsi_ilo and agent_ilo drivers provide security enhanced PXE-less deployment by using iLO virtual media to boot up the bare metal node. These drivers send management info through management channel and separates it from data channel which is used for deployment. iscsi_ilo driver deploys from Ironic conductor node and can do both net-boot and lcaol-boot. agent_ilo driver deploys from bare metal node and always does local-boot.

pxe_ilo driver uses PXE/iSCSI for deployment (just like normal PXE driver), but support automatic setting of requested boot mode from nova. This driver doesn't require iLO Advanced license.

iscsi_ilo and agent_ilo could be used along with swift or a local web server for uploading the temporary images required during deploy. For deploying using swift service, refer Configure Glance Image Service. For deploying without swift service (Standalone Ironic environment), refer Web server configuration for Standalone iLO Drivers.

Standalone Ironic: It means to setup Ironic without any other OpenStack services. However, for multi-conductor setup, its better to have Neutron serving for DHCP server.

Enabling HTTPS in Swift
iLO drivers iscsi_ilo and agent_ilo use Swift for storing boot images and management information (information for Ironic conductor to provision bare metal hardware). By default, HTTPS is not enabled in Swift. HTTPS is required to encrypt all communication between Swift and Ironic conductor and Swift and bare metal (via Virtual Media). It can be enabled in one of the following ways:

cd /etc/swift openssl req -new -x509 -nodes -out cert.crt -keyout cert.key bind_port = 443  693 cert_file = /etc/swift/cert.crt  694 key_file = /etc/swift/cert.key   695
 * Using an SSL termination proxy. For more information, refer http://docs.openstack.org/security-guide/content/tls-proxies-and-http-services.html.
 * Using native SSL support in Swift (recommended only for testing purpose by Swift):
 * Create self-signed cert for SSL using the following commands::
 * Add the following lines to /etc/swift/proxy-server.conf under [DEFAULT]::
 * Restart the Swift proxy server.

Web server configuration for Standalone iLO Drivers

 * Set up the web server that serves the deploy ramdisks, outside of the ironic-conductor host. This web server should be accessible to the conductor nodes.
 * Upload the deploy ramdisk images such that the web server in above step can serve them properly.
 * Set up a web server on each conductor. This step is required only for agent_ilo and iscsi_ilo.

Images must be created (see :ref:`BuildingDibBasedDeployRamdisk`) and made available for download via HTTP(S) URL. This document does not describe the installation or configuration of HTTP(S) servers, however,
 * If using [i]PXE, then the network boot loader must be able to initiate a request to download the kernel and ramdisk images from "http_url", and the ironic-conductor must be able to write files to "http_root" that will be served from "http_url".
 * The deployment agent must be able to initiate a request to download the instance image from "http_url".

Requirements for Standalone iLO Drivers

 * iLO 4 Advanced License needs to be installed on iLO to enable Virtual Media feature.
 * Local web server on conductor - ilo driver uses web server on the conductor node to store temporary FAT images as well as boot ISO images. It needs to be configured on each conductor node.
 * HTTP(s) web server - When using ilo driver, the image containing the agent/deploy ramdisk is retrieved from HTTP(s) web server directly by iLO. This web server need not be on conductor node. For more information, see `HTTP(s) based Deploy`__.
 * See `Web server configuration for Standalone iLO Drivers`_

Configure Standalone iLO Drivers
1. Add http_url and http_root in the [deploy] section in /etc/ironic/ironic.conf. For example:

http_url = https://10.10.1.10:8080/httpboot/ http_root = /opt/stack/data/ironic/httpboot/

These determine how the web server on the conductor serves images. http_url is the URL prefix which is used for serving images. http_root is the path on disk that the web server is serving at http_url.

2. Restart the Ironic conductor service:

$ service ironic-conductor restart

Requirements with Glance Image Service

 * iLO 4 Advanced License needs to be installed on iLO to enable Virtual Media feature.
 * Swift Object Storage Service - ilo driver uses Swift to store temporary FAT images/boot iso.
 * Glance Image Service with Swift configured as its backend - When using ilo drivers, the image containing the agent/deploy ramdisk is retrieved from Swift directly by the iLO.

Configure Glance Image Service
1. Configure Glance image service with its storage backend as Swift. See [4]_ for configuration instructions.

2. Set a temp-url key for Glance user in Swift. For example, if you have configured Glance with user `glance-swift and tenant as service,then run the below command:: swift --os-username=service:glance-swift post -m temp-url-key:mysecretkeyforglance

3. Fill the required parameters in the [glance] section  in /etc/ironic/ironic.conf. Normally you would be required to fill in the following details.: [glance] swift_temp_url_key=mysecretkeyforglance swift_endpoint_url=https://10.10.1.10:8080 swift_api_version=v1 swift_account=AUTH_51ea2fb400c34c9eb005ca945c0dc9e1 swift_container=glance The details can be retrieved by running the below command: $ swift --os-username=service:glance-swift stat -v | grep -i url StorageURL:    http://10.10.1.10:8080/v1/AUTH_51ea2fb400c34c9eb005ca945c0dc9e1 Meta Temp-Url-Key: mysecretkeyforglance

4. Swift must be accessible with the same admin credentials configured in Ironic. For example, if Ironic is configured with the below credentials in /etc/ironic/ironic.conf: [keystone_authtoken] admin_password = password admin_user = ironic admin_tenant_name = service

Ensure auth_version in keystone_authtoken to 2. Then, the below command should work.: $ swift --os-username ironic --os-password password --os-tenant-name service --auth-version 2 stat

Account: AUTH_22af34365a104e4689c46400297f00cb Containers: 2 Objects: 18 Bytes: 1728346241 Objects in policy "policy-0": 18 Bytes in policy "policy-0": 1728346241 Meta Temp-Url-Key: mysecretkeyforglance X-Timestamp: 1409763763.84427 X-Trans-Id: tx51de96a28f27401eb2833-005433924b Content-Type: text/plain; charset=utf-8 Accept-Ranges: bytes

5. Restart the Ironic conductor service.: $ service ironic-conductor restart

Prerequisites

 * proliantutils is a python package which contains a set of modules for managing HP ProLiant hardware. Install proliantutils module on the Ironic conductor node. Minimum version required is 2.1.5.

$ pip install "proliantutils>=2.1.5"


 * ipmitool command must be present on the service node(s) where ironic-conductor is running. On most Linux distributions, this is provided as part of the ipmitool package. Source code is available at http://ipmitool.sourceforge.net/.

Overview
iscsi_ilo driver was introduced as an alternative to pxe_ipmitool and pxe_ipminative drivers for HP ProLiant servers. iscsi_ilo uses virtual media feature in iLO to boot up the bare metal node instead of using PXE or iPXE.

Target Users

 * Users who do not want to use PXE/TFTP protocol on their data centres.
 * Users who have concerns on PXE driver's security issues and want to have a security enhanced PXE-less deployment mechanism - The PXE driver passes management information in clear-text to the baremetal node. However, if Swift proxy server has an HTTPS endpoint (See  Enabling HTTPS in Swift for more information), the iscsi_ilo driver provides enhanced security by passing management information to and from Swift endpoint over HTTPS.  The management information and boot image will be retrieved over encrypted management network via iLO virtual media.

Tested Platforms
This driver should work on HP ProLiant Gen8 Servers and above with iLO 4.

It has been tested with the following servers:
 * ProLiant SL230s Gen8
 * ProLiant DL320e Gen8
 * ProLiant DL380e Gen8
 * ProLiant DL580e Gen8
 * ProLiant BL460c Gen8
 * ProLiant DL180 Gen9 UEFI
 * ProLiant DL360 Gen9 UEFI
 * ProLiant DL380 Gen9 UEFI
 * ProLiant BL460c Gen9

Features

 * PXE-less deployment with virtual media.
 * Automatic detection of current boot mode.
 * Automatic setting of the required boot mode if UEFI boot mode is requested by the nova flavor's extra spec.
 * Supports booting the instance from virtual media as well as booting locally from disk. Default is booting from virtual media.
 * UEFI Boot
 * UEFI Secure Boot
 * Passing management information via secure, encrypted management network (virtual media) if Swift proxy server has an HTTPS endpoint. See Enabling HTTPS in Swift for more info. Provisioning is done using iSCSI over data network, so this driver has the benefit of security enhancement with the same performance. It segregates management info from data channel.
 * Remote Console (based on IPMI)
 * HW Sensors
 * Works well for machines with resource constraints (lesser amount of memory).
 * Local boot (both BIOS and UEFI)
 * Supports deployment of whole disk image.
 * Support for out-of-band hardware inspection.
 * Node cleaning.
 * Standalone iLO drivers.

Requirements

 * iLO 4 Advanced License needs to be installed on iLO to enable Virtual Media feature.
 * Swift Object Storage Service Or HTTP(s) web server on conductor - iLO driver uses either Swift/HTTP(s) web server on the conductor node to store temporary FAT images as well as boot ISO images.
 * Glance Image Service with Swift configured as its backend Or HTTP(s) web server - When using iscsi_ilo driver, the image containing the deploy ramdisk is retrieved from Swift/HTTP(s) web server directly by the iLO.

Deploy Process

 * Admin configures the Proliant baremetal node for iscsi_ilo driver. The Ironic node configured will have the ilo_deploy_iso property in its driver_info. This will contain the Glance UUID or HTTP(s) location of the ISO deploy ramdisk image.
 * Ironic gets a request to deploy a Glance/HTTP(s) image on the baremetal node.
 * iscsi_ilo driver powers off the baremetal node.
 * If ilo_deploy_iso is a Glance UUID, the driver generates a swift-temp-url for the deploy ramdisk image and attaches it as Virtual Media CDROM on the iLO. If ilo_deploy_iso is a HTTP(s)  URL, the driver attaches it directly as Virtual Media CDROM on the iLO.
 * The driver creates a small FAT32 image containing parameters to the deploy ramdisk. This image is uploaded to Swift/HTTP(s) web server and its swift-temp-url/HTTP(s) URL is attached as Virtual Media Floppy on the iLO.
 * The driver sets the node to boot one-time from CDROM.
 * The driver powers on the baremetal node.
 * The deploy kernel/ramdisk is booted on the baremetal node. The ramdisk exposes the local disk over iSCSI and requests Ironic conductor to complete the deployment.
 * The driver on the Ironic conductor writes the glance/HTTP(s) image to the baremetal node's disk.
 * If local-boot is requested, Ironic conductor asks the deployment ramdisk to install the boot loader.
 * If it's a netboot (default), the driver bundles the boot kernel/ramdisk for the deploy image into an ISO and then uploads it to Swift/HTTP(s) web server. This ISO image will be used for booting the deployed instance.
 * The driver reboots the node.
 * For netboot, on the first and subsequent reboots iscsi_ilo driver attaches this boot ISO image in Swift/HTTP(s) as Virtual Media CDROM and then sets iLO to boot from it. If boot_option was set to local, then the instance is booted from disk.

Configuring and Enabling the driver
Note: The steps to create HTTP(s) web server and uploading the images to HTTP(s) web server is out-of-scope of Ironic.

1. Prepare an ISO deploy ramdisk image from diskimage-builder [3]_. This can be done by adding the iso element to the ramdisk-image-create command. This command creates the deploy kernel/ramdisk as well as a bootable ISO image containing the deploy kernel and ramdisk. The below command creates files named deploy-ramdisk.kernel, deploy-ramdisk.initramfs and deploy-ramdisk.iso in the current working directory

pip install "diskimage-builder" ramdisk-image-create -o deploy-ramdisk ubuntu deploy-ironic iso

2. Upload this image to Glance.::

glance image-create --name deploy-ramdisk.iso --disk-format iso --container-format bare < deploy-ramdisk.iso

3. Add iscsi_ilo to the list of enabled_drivers in /etc/ironic/ironic.conf. For example:::

enabled_drivers = fake,pxe_ssh,pxe_ipmitool,iscsi_ilo

If using HTTP(s) web server:

4. Add http_url and http_root in the [deploy] section in /etc/ironic/ironic.conf. For example:::

http_url = http://10.10.1.10:8080/httpboot/ http_root = /opt/stack/data/ironic/httpboot/

If using Glance image service with its storage backend as Swift:

5. Configure Glance image service with its storage backend as Swift. See here for configuration instructions.

6. Set a temp-url key for Glance user in Swift. For example, if you have configured Glance with user glance-swift and tenant as service, then run the below command::

swift --os-username=service:glance-swift post -m temp-url-key:mysecretkeyforglance

7. Fill the required parameters in the [glance] section  in /etc/ironic/ironic.conf. Normally you would be required to fill in the following details.::

[glance] swift_temp_url_key=mysecretkeyforglance swift_endpoint_url=http://10.10.1.10:8080 swift_api_version=v1 swift_account=AUTH_51ea2fb400c34c9eb005ca945c0dc9e1 swift_container=glance

The details can be retrieved by running the below command:

$ swift --os-username=service:glance-swift stat -v | grep -i url StorageURL:    http://10.10.1.10:8080/v1/AUTH_51ea2fb400c34c9eb005ca945c0dc9e1 Meta Temp-Url-Key: mysecretkeyforglance

8. Swift must be accessible with the same admin credentials configured in Ironic. For example, if Ironic is configured with the below credentials in /etc/ironic/ironic.conf.::

[keystone_authtoken] admin_password = password admin_user = ironic admin_tenant_name = service auth_version = 2

Then, the below command should work.::

$ swift --os-username ironic --os-password password --os-tenant-name service --auth-version 2 stat Account: AUTH_22af34365a104e4689c46400297f00cb Containers: 2 Objects: 18 Bytes: 1728346241 Objects in policy "policy-0": 18 Bytes in policy "policy-0": 1728346241 Meta Temp-Url-Key: mysecretkeyforglance X-Timestamp: 1409763763.84427 X-Trans-Id: tx51de96a28f27401eb2833-005433924b Content-Type: text/plain; charset=utf-8 Accept-Ranges: bytes

Finally:

8. Restart the Ironic conductor service.

$ service ironic-conductor restart

Registering Proliant node in Ironic
Nodes configured for iLO driver should have the driver property set to iscsi_ilo. The following configuration values are also required in driver_info:


 * ilo_address: IP address or hostname of the iLO.
 * ilo_username: Username for the iLO with administrator privileges.
 * ilo_password: Password for the above iLO user.
 * ilo_deploy_iso: The Glance UUID or HTTP(s) URL of the deploy ramdisk ISO image.
 * client_port: (optional) Port to be used for iLO operations if you are using a custom port on the iLO. Default port used is 443.
 * client_timeout: (optional) Timeout for iLO operations. Default timeout is 60 seconds.
 * console_port: (optional) Node's UDP port for console access. Any unused port on the Ironic conductor node may be used.

Boot modes
iscsi_ilo driver supports automatic detection of boot mode (Legacy BIOS or UEFI) and setting of boot mode from BIOS to UEFI. Please see Note below for details.


 * When no boot mode setting is provided, iscsi_ilo driver preserves the current boot mode of the bare metal on the deployed instance.
 * A requirement of a specific boot mode may be provided by adding boot_mode:bios or boot_mode:uefi to capabilities property within the properties field of an Ironic node. iscsi_ilo''' driver will then deploy and configure the instance in the specified boot mode.

For example, to make a Proliant baremetal node boot always in UEFI mode, run the following command::

ironic node-update  add properties/capabilities='boot_mode:uefi'

NOTE:


 * We recommend setting the boot_mode property on systems that support both UEFI and legacy modes if user wants facility in Nova to choose a baremetal node with appropriate boot mode. This is for Gen8 (ProLiant DL580 only) and Gen9 systems.
 * iscsi_ilo driver automatically sets boot mode from BIOS to UEFI, if the requested boot mode in nova boot is UEFI. However, users will need to pre-configure boot mode to Legacy on Gen8 (ProLiant DL580 only) and Gen9 servers if they want to deploy the node in legacy mode.
 * The automatic boot ISO creation for UEFI boot mode has been enabled in Kilo. The manual creation of boot ISO for UEFI boot mode is also supported. For the latter, the boot ISO for the deploy image needs to be built separately and the deploy image's boot_iso property in Glance should contain the Glance UUID of the boot ISO. For building boot ISO, add the iso element after adding the baremetal element while building disk images with diskimage-builder

disk-image-create ubuntu baremetal iso


 * From nova, specific boot mode may be requested by using the ComputeCapabilitesFilter. For example, it can be set in a flavor like below::

nova flavor-key ironic-test-3 set capabilities:boot_mode="uefi" nova boot --flavor ironic-test-3 --image test-image instance-1

Overview
agent_ilo driver was introduced as an alternative to agent_ipmitool and agent_ipminative drivers for HP Proliant servers. agent_ilo driver uses virtual media feature in HP Proliant baremetal servers to boot up the Ironic Python Agent (IPA) on the baremetal node instead of using PXE. For more information on IPA, refer https://wiki.openstack.org/wiki/Ironic-python-agent.

Target Users

 * Users who do not want to use PXE/TFTP protocol on their data centres.

Tested Platforms
This driver should work on HP Proliant Gen8 Servers and above with iLO 4.

It has been tested with the following servers:
 * ProLiant SL230s Gen8
 * ProLiant DL320e Gen8
 * ProLiant DL380e Gen8
 * ProLiant DL580e Gen8
 * ProLiant BL460c Gen8
 * ProLiant DL180 Gen9 UEFI
 * ProLiant DL360 Gen9 UEFI
 * ProLiant DL380 Gen9 UEFI
 * ProLiant BL460c Gen9

Features

 * PXE-less deploy with virtual media using Ironic Python Agent.
 * Remote Console (based on IPMI)
 * HW Sensors
 * Automatic detection of current boot mode.
 * Automatic setting of the required boot mode if UEFI boot mode is requested by the nova flavor's extra spec.
 * UEFI Boot
 * UEFI Secure Boot
 * Supports booting the instance from virtual media as well as booting locally from disk.
 * Supports deployment of whole disk image and partition image.
 * Local boot (both BIOS and UEFI)
 * Segregates management info from data channel.
 * Support for out-of-band hardware inspection.
 * Node cleaning.
 * Standalone iLO drivers.

Requirements

 * iLO 4 Advanced License needs to be installed on iLO to enable virtual media feature.
 * Swift Object Storage Service Or HTTP(s) web server on conductor - iLO driver uses either Swift/HTTP(s) web server on the conductor node to store temporary FAT images as well as boot ISO images.
 * Glance Image Service with Swift configured as its backend Or HTTP(s) web server - When using agent_ilo driver, the image containing the agent is retrieved from Swift/HTTP(s) web server directly by the iLO.

Deploy Process

 * Admin configures the Proliant baremetal node for agent_ilo driver. The Ironic node configured will have the ilo_deploy_iso property in its driver_info. This will contain the Glance UUID/HTTP(s) URL of the ISO deploy agent image containing the agent.
 * Ironic gets a request to deploy a Glance/HTTP(s) image on the baremetal node.
 * Driver powers off the baremetal node.
 * If ilo_deploy_iso is a Glance UUID, the driver generates a swift-temp-url for the deploy agent image and attaches it as Virtual Media CDROM on the iLO. If ilo_deploy_iso is a HTTP(s) URL, the driver attaches it directly as Virtual Media CDROM on the iLO.
 * Driver creates a small FAT32 image containing parameters to the agent ramdisk. This image is uploaded to Swift/HTTP(s) and its swift-temp-url/HTTP(s) URL is attached as Virtual Media Floppy on the iLO.
 * Driver sets the node to boot one-time from CDROM.
 * Driver powers on the baremetal node.
 * The deploy kernel/ramdisk containing the agent is booted on the baremetal node. The agent ramdisk talks to the Ironic conductor, downloads the image directly from Swift/HTTP(s) and writes the image to chosen disk on the node.
 * Driver sets the node to permanently boot from disk and then reboots the node.

Configuring and Enabling the driver
1. Prepare an ISO deploy Ironic Python Agent image containing the agent [5]_. This can be done by using the iso-image-create script found within the agent. The below set of commands will create a file ipa-ramdisk.iso in the below directory UPLOAD::

$ pip install "diskimage-builder" $ disk-image-create -o ipa-ramdisk fedora ironic-agent iso

2. Upload the IPA ramdisk image to Glance.::

glance image-create --name ipa-ramdisk.iso --disk-format iso --container-format bare < ipa-ramdisk.iso

3. Configure Glance image service with its storage backend as Swift. See [4]_ for configuration instructions. 4. Set a temp-url key for Glance user in Swift. For example, if you have configured Glance with user glance-swift and tenant as service, then run the below command::

swift --os-username=service:glance-swift post -m temp-url-key:mysecretkeyforglance

5. Fill the required parameters in the [glance] section in /etc/ironic/ironic.conf. Normally you would be required to fill in the following details.::

[glance] swift_temp_url_key=mysecretkeyforglance swift_endpoint_url=http://10.10.1.10:8080 swift_api_version=v1 swift_account=AUTH_51ea2fb400c34c9eb005ca945c0dc9e1 swift_container=glance

The details can be retrieved by running the below command:::

$ swift --os-username=service:glance-swift stat -v | grep -i url StorageURL:    http://10.10.1.10:8080/v1/AUTH_51ea2fb400c34c9eb005ca945c0dc9e1 Meta Temp-Url-Key: mysecretkeyforglance

6. Swift must be accessible with the same admin credentials configured in Ironic. For example, if Ironic is configured with the below credentials in /etc/ironic/ironic.conf.::

[keystone_authtoken] admin_password = password admin_user = ironic admin_tenant_name = service auth_version = 2

Then, the below command should work.::

$ swift --os-username ironic --os-password password --os-tenant-name service --auth-version 2 stat Account: AUTH_22af34365a104e4689c46400297f00cb Containers: 2 Objects: 18 Bytes: 1728346241 Objects in policy "policy-0": 18 Bytes in policy "policy-0": 1728346241 Meta Temp-Url-Key: mysecretkeyforglance X-Timestamp: 1409763763.84427 X-Trans-Id: tx51de96a28f27401eb2833-005433924b Content-Type: text/plain; charset=utf-8 Accept-Ranges: bytes

7. Add agent_ilo to the list of enabled_drivers in /etc/ironic/ironic.conf. For example:::

enabled_drivers = fake,pxe_ssh,pxe_ipmitool,agent_ilo

8. Restart the Ironic conductor service.::

$ service ironic-conductor restart

Registering Proliant node in Ironic
Nodes configured for iLO driver should have the driver property set to agent_ilo. The following configuration values are also required in driver_info:


 * ilo_address: IP address or hostname of the iLO.
 * ilo_username: Username for the iLO with administrator privileges.
 * ilo_password: Password for the above iLO user.
 * ilo_deploy_iso: The Glance UUID of the deploy agent ISO image containing the agent.
 * client_port: (optional) Port to be used for iLO operations if you are using a custom port on the iLO. Default port used is 443.
 * client_timeout: (optional) Timeout for iLO operations. Default timeout is 60 seconds.
 * console_port: (optional) Node's UDP port for console access. Any unused port on the Ironic conductor node may be used.

Boot modes
agent_ilo driver supports automatic detection of boot mode (Legacy BIOS or UEFI) and setting of boot mode from BIOS to UEFI. Please see Note below for details.


 * When no boot mode setting is provided, agent_ilo driver preserves the current boot mode on the deployed instance.
 * A requirement of a specific boot mode may be provided by adding boot_mode:bios or boot_mode:uefi to capabilities property within the properties field of an Ironic node. Then agent_ilo driver will deploy and configure the instance in the appropriate boot mode.

For example, to make a Proliant baremetal node boot in UEFI mode, run the following command::

ironic node-update  add properties/capabilities='boot_mode:uefi'

NOTE:


 * We recommend setting the boot_mode property on systems that support both UEFI and legacy modes if user wants facility in Nova to choose a baremetal node with appropriate boot mode. This is for ProLiant DL580 Gen8 and Gen9 systems.
 * agent_ilo driver automatically set boot mode from BIOS to UEFI, if the requested boot mode in nova boot is UEFI. However, users will need to pre-configure boot mode to Legacy on Gen8 (ProLiant DL580 only) and Gen9 servers if they want to deploy the node in legacy mode.
 * From nova, specific boot mode may be requested by using the ComputeCapabilitesFilter. For example, it can be set in a flavor like below::

nova flavor-key ironic-test-3 set capabilities:boot_mode="uefi" nova boot --flavor ironic-test-3 --image test-image instance-1

Overview
pxe_ilo driver uses PXE/iSCSI (just like pxe_ipmitool driver) to deploy the image and uses iLO to do all management operations on the baremetal node(instead of using IPMI).

Target Users

 * Users who want to use PXE/iSCSI for deployment in their environment or who don't have Advanced License in their iLO.
 * Users who don't want to configure boot mode and boot device manually on the baremetal node.
 * User who wants to use iLO driver value-add features such as boot mode management, out-of-band node cleaning and hardware introspection.

Tested Platforms
This driver should work on HP Proliant Gen8 Servers and above with iLO 4.

It has been tested with the following servers:
 * ProLiant SL230s Gen8
 * ProLiant DL320e Gen8
 * ProLiant DL380e Gen8
 * ProLiant DL580e Gen8
 * ProLiant BL460c Gen8
 * ProLiant DL180 Gen9 UEFI
 * ProLiant DL360 Gen9 UEFI
 * ProLiant DL380 Gen9 UEFI
 * ProLiant BL460c Gen9

Features

 * Automatic detection of current boot mode.
 * Automatic setting of the required boot mode if UEFI boot mode is requested by the nova flavor's extra spec.
 * Remote Console (based on IPMI)
 * HW Sensors
 * UEFI Boot
 * UEFI Secure Boot
 * Local boot (both BIOS and UEFI)
 * Supports deployment of whole disk image and partition image.
 * Supports booting the instance from PXE as well as booting locally from disk.
 * Segregates management info from data channel.
 * Support for out-of-band hardware inspection.
 * Node cleaning
 * Standalone iLO drivers.

Requirements
None.

Configuring and Enabling the driver
1. Prepare an ISO deploy ramdisk image from diskimage-builder [3]. The below command creates a file named deploy-ramdisk.kernel and deploy-ramdisk.initramfs in the current working directory::

ramdisk-image-create -o deploy-ramdisk ubuntu deploy-ironic

2. Upload this image to Glance.::

glance image-create --name deploy-ramdisk.kernel --disk-format aki --container-format aki < deploy-ramdisk.kernel glance image-create --name deploy-ramdisk.initramfs --disk-format ari --container-format ari < deploy-ramdisk.initramfs

7. Add pxe_ilo to the list of enabled_drivers in /etc/ironic/ironic.conf. For example:::

enabled_drivers = fake,pxe_ssh,pxe_ipmitool,pxe_ilo

8. Restart the Ironic conductor service.::

service ironic-conductor restart

Registering Proliant node in Ironic
Nodes configured for iLO driver should have the driver property set to pxe_ilo. The following configuration values are also required in driver_info:


 * ilo_address: IP address or hostname of the iLO.
 * ilo_username: Username for the iLO with administrator privileges.
 * ilo_password: Password for the above iLO user.
 * pxe_deploy_kernel: The Glance UUID of the deployment kernel.
 * pxe_deploy_ramdisk: The Glance UUID of the deployment ramdisk.
 * client_port: (optional) Port to be used for iLO operations if you are using a custom port on the iLO. Default port used is 443.
 * client_timeout: (optional) Timeout for iLO operations. Default timeout is 60 seconds.
 * console_port: (optional) Node's UDP port for console access. Any unused port on the Ironic conductor node may be used.

Boot modes
pxe_ilo driver supports automatic detection of boot mode (Legacy BIOS or UEFI) and setting of boot mode from BIOS to UEFI. Please see Note below for details.


 * When no boot mode setting is provided, pxe_ilo driver preserves the current boot mode on the deployed instance.
 * A requirement of a specific boot mode may be provided by adding boot_mode:bios or boot_mode:uefi to capabilities property within the properties field of an Ironic node. Then pxe_ilo driver will deploy and configure the instance in the appropriate boot mode.::

ironic node-update  add properties/capabilities='boot_mode:uefi'

NOTE:


 * We recommend setting the boot_mode property on systems that support both UEFI and legacy modes if user wants facility in Nova to choose a baremetal node with appropriate boot mode. This is for ProLiant DL580 Gen8 and Gen9 systems.
 * pxe_ilo driver automatically set boot mode from BIOS to UEFI, if the requested boot mode in nova boot is UEFI. However, users will need to pre-configure boot mode to Legacy on DL580 Gen8 and Gen9 servers if they want to deploy the node in legacy mode.
 * From nova, specific boot mode may be requested by using the ComputeCapabilitesFilter. For example, it can be set in a flavor like below::

nova flavor-key ironic-test-3 set capabilities:boot_mode="uefi" nova boot --flavor ironic-test-3 --image test-image instance-1

UEFI Secure Boot support

 * The following drivers support UEFI secure boot deploy:
 * iscsi_ilo
 * agent_ilo
 * pxe_ilo

Tested Platforms: This feature is available on HP Proliant Gen9 servers and above with iLO 4. It has been tested with the following servers:
 * ProLiant DL360 Gen9 UEFI
 * ProLiant DL380 Gen9 UEFI

The UEFI secure boot mode can be configured in Ironic by adding secure_boot parameter in the capabilities parameter within properties field of an Ironic node.

secure_boot is a boolean parameter and takes value as true or false.

To enable secure_boot on a node add it to capabilities as below:: ironic node-update  add properties/capabilities='secure_boot:true'

or, alternatively use hardware inspection to populate the secure boot capability.

Nodes having secure_boot set to true may be requested by adding an extra_spec to the Nova flavor:: nova flavor-key ironic-test-3 set capabilities:secure_boot="true" nova boot --flavor ironic-test-3 --image test-image instance-1

If capabilities is used in extra_spec as above, Nova scheduler (ComputeCapabilitiesFilter) will match only Ironic nodes which have the secure_boot set appropriately in properties/capabilities. It will filter out rest of the nodes.

The above facility for matching in Nova can be used in heterogeneous environments where there is a mix of machines supporting and not supporting UEFI secure boot, and operator wants to provide a choice to the user regarding secure boot. If the flavor doesn't contain secure_boot then Nova scheduler will not consider secure boot mode as a placement criteria, hence user may get a secure boot capable machine that matches with user specified flavors but deployment would not use its secure boot capability. Secure boot deploy would happen only when it is explicitly specified through flavor

Use element ubuntu-signed or fedora to build signed ubuntu deploy iso and user images from  diskimage-builder_. The below command creates files named deploy-ramdisk.kernel, deploy-ramdisk.initramfs and deploy-ramdisk.iso in the current working directory

pip install "diskimage-builder" ramdisk-image-create -o deploy-ramdisk ubuntu-signed deploy-ironic iso

The below command creates files named cloud-image-boot.iso, cloud-image.initrd, cloud-image.vmlinuz and cloud-image.qcow2 in the current working directory

disk-image-create -o cloud-image ubuntu-signed baremetal iso

NOTE:


 * UEFI secure boot is enabled when instance image is getting booted. The bare metal deploy happens in UEFI boot mode.


 * In UEFI secure boot, digitally signed bootloader should be able to validate digital signatures of kernel during boot process. This requires that the bootloader contains the digital signatures of the kernel. For iscsi_ilo driver, it is recommended that boot_iso property for user image contains the Glance UUID of the boot ISO. If boot_iso property is not updated in Glance for the user image, it would create the boot_iso using bootloader from the deploy iso. This boot_iso will be able to boot the user image in UEFI secure boot environment only if the bootloader is signed and can validate digital signatures of user image kernel.


 * For pxe_ilo driver, in case of deploy of partition image, ensure that the signed grub2 bootloader used during deploy can validate digital signature of the kernel in the instance partition image. If signed grub2 cannot validate kernel in the instance partition image, boot will fail for the same.


 * Ensure the public key of the signed image is loaded into baremetal to deploy signed images. For HP Proliant Gen9 servers, one can enroll public key using iLO System Utilities UI. Please refer to section Accessing Secure Boot options in HP UEFI System Utilities User Guide. One can also refer to white paper on Secure Boot for Linux on HP Proliant servers for additional details.

Hardware Inspection
Hardware inspection is supported by following drivers:
 * pxe_ilo
 * iscsi_ilo
 * agent_ilo

ironic node-set-provision-state  manage ironic node-set-provision-state  inspect
 * The inspection can be initiated by using following commands:
 * Move node to manageable state:
 * Initiate inspection:

NOTE:
 * The RAID should be pre-configured prior to inspection otherwise proliantutils returns 0 (zero) for disk size.
 * The disk size can be retrieved only for real Smart Array controllers with RAID configured.
 * For direct storage and Dynamic Smart Array controllers, operator has to manually enter the disk size after inspection.
 * The iLO firmware version should be 2.10 or above for nic_capacity to be discovered.

The inspection process will discover the following essential properties (properties required for scheduling deployment):


 * memory_mb: memory size


 * cpus: number of cpus


 * cpu_arch: cpu architecture


 * local_gb: disk size

Inspection can also discover the following extra capabilities for iLO drivers:


 * ilo_firmware_version: iLO firmware version


 * rom_firmware_version: System ROM firmware version


 * secure_boot: secure boot is supported or not. The possible values are 'true' or 'false'. The value is returned as 'true' if secure boot is supported by the server.


 * server_model: server model


 * pci_gpu_devices: number of gpu devices connected to the baremetal.


 * nic_capacity: the max speed of the embedded NIC adapter.

The operator can specify these capabilities in nova flavor for node to be selected for scheduling:

nova flavor-key my-baremetal-flavor set capabilities:server_model=" Gen8" nova flavor-key my-baremetal-flavor set capabilities:pci_gpu_devices="> 0" nova flavor-key my-baremetal-flavor set capabilities:nic_capacity="10Gb" nova flavor-key my-baremetal-flavor set capabilities:ilo_firmware_version=" 2.10" nova flavor-key my-baremetal-flavor set capabilities:secure_boot="true"

The above are just the examples of using the capabilities in nova flavor.

Enabling HTTPS in Swift
iLO drivers iscsi_ilo and agent_ilo use Swift for storing boot images and management information. By default, HTTPS is not enabled in Swift. HTTPS is required to encrypt all communication between Ironic Conductor and Swift proxy server, thereby preventing eavesdropping of network packets. It can be enabled in one of the following ways:

cd /etc/swift openssl req -new -x509 -nodes -out cert.crt -keyout cert.key bind_port = 443 cert_file = /etc/swift/cert.crt key_file = /etc/swift/cert.key
 * Using an SSL termination proxy. For more information, refer to http://docs.openstack.org/security-guide/content/tls-proxies-and-http-services.html
 * Using native SSL support in Swift (currently recommended only for testing purpose).
 * Create self-signed cert for SSL using the following commands:
 * Add the following lines to /etc/swift/proxy-server.conf under [DEFAULT]
 * Restart the Swift proxy server.

Node Cleaning Support

 * The following drivers support node cleaning:
 * pxe_ilo
 * iscsi_ilo
 * agent_ilo

Ironic provides two modes for node cleaning: automated and manual. Automated cleaning is automatically performed before the first workload has been assigned to a node and when hardware is recycled from one workload to another whereas Manual cleaning must be invoked by the operator.

Automated cleaning
Node automated cleaning is enabled by default. This setting can be changed in ironic.conf. (Prior to Mitaka, this option was named ‘clean_nodes’) [conductor] automated_clean=true OR [conductor] automated_clean=false

Nodes are set to cleaning state in either of the following -
 * During deletion of an existing instance, i.e. when the node moves from ACTIVE -> AVAILABLE state

ironic node-set-provision-state  deleted
 * Or while moving the node from MANAGEABLE -> AVAILABLE state

ironic node-set-provision-state  provide

Currently, supported out-of-band iLO automated cleaning operations are:
 * reset_bios_to_default: Resets system ROM / BIOS Settings to default. This clean step is supported only on Gen9 and above servers. By default, enabled with priority 10.
 * reset_secure_boot_keys_to_default: Resets secure boot keys to manufacturer’s defaults. This step is supported only on Gen9 and above servers. By default, enabled with priority 20.
 * reset_ilo_credential: Resets the iLO password, if ‘ilo_change_password’ is specified as part of node’s driver_info. By default, enabled with priority 30.
 * clear_secure_boot_keys: Clears all secure boot keys. This step is supported only on Gen9 and above servers. By default, this step is disabled.
 * reset_ilo: Resets the iLO. By default, this step is disabled.

Additionally, agent_ilo driver supports inband disk erase operation. You may also need to configure a Cleaning Network. To disable or change the priority of the particular automated clean step, respective configuration options to be updated in ironic.conf. [ilo] clean_priority_reset_ilo=0 clean_priority_reset_bios_to_default=10 clean_priority_reset_secure_boot_keys_to_default=20 clean_priority_clear_secure_boot_keys=0 clean_priority_reset_ilo_credential=30 clean_priority_erase_devices=10

To disable a particular automated clean step, update the priority of step to 0. For more information on node automated cleaning, see Automated cleaning

Manual cleaning
When initiating a manual clean, the operator specifies the cleaning steps to be performed. Manual cleaning can only be performed when a node is in the MANAGEABLE state. Once the manual cleaning is finished, the node will be put in the MANAGEABLE state again. Manual cleaning can only be performed when the REST API request to initiate it is available in API version 1.15 and higher. So, from command line you need to do: ironic --ironic-api-version 1.15 node-set-provision-state --clean-steps input_manual_clean_steps.json  clean

Currently, supported out-of-band iLO manual cleaning operations are:
 * activate_license:
 * Activates the iLO Advanced license. This is an out-of-band manual cleaning step associated with the management interface. Please note that this operation cannot be performed using virtual media based drivers like iscsi_ilo and agent_ilo as they need this type of advanced license already active to use virtual media to boot into to start cleaning operation. Virtual media is an advanced feature. If an advanced license is already active and the user wants to overwrite the current license key, for example in case of a multi-server activation key delivered with a flexible-quantity kit or after completing an Activation Key Agreement (AKA), then these drivers can still be used for executing this cleaning step.
 * See Activating iLO Advanced license as manual clean step for user guidance on usage.


 * update_firmware:
 * Updates the firmware of the devices. Also an out-of-band step associated with the management interface. The supported devices for firmware update are: ilo, cpld, power_pic, bios and chassis. Some devices firmware cannot be updated via this method, such as: storage controllers, host bus adapters, disk drive firmware, network interfaces and Onboard Administrator (OA). Refer below table for the above components' commonly used descriptions.
 * {| class="wikitable"

! Device !! Description
 * ilo || BMC for HPE ProLiant servers
 * cpld || System programmable logic device
 * power_pic || Power management controller
 * bios || HPE ProLiant System ROM
 * chassis || System chassis device
 * }
 * See Initiating firmware update as manual clean step for user guidance on usage.
 * bios || HPE ProLiant System ROM
 * chassis || System chassis device
 * }
 * See Initiating firmware update as manual clean step for user guidance on usage.
 * See Initiating firmware update as manual clean step for user guidance on usage.

And, for more information on node manual cleaning, see Manual cleaning

Activating iLO Advanced license as manual clean step
iLO drivers can activate the iLO Advanced license key as a manual cleaning step. Any manual cleaning step can only be initiated when a node is in the MANAGEABLE state. Once the manual cleaning is finished, the node will be put in the MANAGEABLE state again. User can follow steps from Manual cleaning to initiate manual cleaning operation on a node. Refer the following in executing the iLO advanced license activation as a manual clean step via ironic client for the purpose of illustration:

ironic node-set-provision-state  manage ironic --ironic-api-version latest node-set-provision-state --clean-steps /home/deray/license_activation_clean_step.json  clean

An example of a manual clean step with activate_license as the only clean step could be (or a typical content of license_activation_clean_step.json file):

[{     "interface": "management", "step": "activate_license", "args": { "ilo_license_key": "ABC12-XXXXX-XXXXX-XXXXX-YZ345" }   }]

What the different attributes of activate_license clean step stand for are as follows:


 * {| class="wikitable"

! Attribute !! Description
 * interface || Interface of clean step, here management
 * step || Name of clean step, here activate_license
 * args || Keyword-argument entry being passed to clean step
 * args.ilo_license_key || iLO Advanced license key to activate enterprise features. This is mandatory.
 * }
 * args || Keyword-argument entry being passed to clean step
 * args.ilo_license_key || iLO Advanced license key to activate enterprise features. This is mandatory.
 * }
 * }

Initiating firmware update as manual clean step
iLO drivers can invoke secure firmware update as a manual cleaning step. Any manual cleaning step can only be initiated when a node is in the MANAGEABLE state. Once the manual cleaning is finished, the node will be put in the MANAGEABLE state again. User can follow steps from Manual cleaning to initiate manual cleaning operation on a node. Refer the following in executing the iLO based firmware update as a manual clean step via ironic client for the purpose of illustration:

ironic node-set-provision-state  manage ironic --ironic-api-version latest node-set-provision-state --clean-steps /home/deray/firmware_update_clean_step.json  clean

An example of a manual clean step with update_firmware as the only clean step could be (or a typical content of firmware_update_clean_step.json file):

[{     "interface": "management", "step": "update_firmware", "args": { "firmware_update_mode": "ilo", "firmware_images":[ {           "url": "file:///firmware_images/ilo/1.5/CP024444.scexe", "checksum": "a94e683ea16d9ae44768f0a65942234d", "component": "ilo" },         {            "url": "swift://firmware_container/cpld2.3.rpm", "checksum": "", "component": "cpld" },         {            "url": "http://my_address:port/firmwares/bios_vLatest.scexe", "checksum": "<md5-checksum-of-this-file>", "component": "bios" },         {            "url": "https://my_secure_address_url/firmwares/chassis_vLatest.scexe", "checksum": "<md5-checksum-of-this-file>", "component": "chassis" },         {            "url": "file:///home/ubuntu/firmware_images/power_pic/pmc_v3.0.bin", "checksum": "<md5-checksum-of-this-file>", "component": "power_pic" }       ]      }    }]

What the different attributes of update_firmware clean step stand for are as follows:


 * {| class="wikitable"

! Attribute !! Description
 * interface || Interface of clean step, here management
 * step || Name of clean step, here update_firmware
 * args || Keyword-argument entry being passed to clean step
 * args.firmware_update_mode || Mode (or mechanism) of out-of-band firmware update. Supported value is ilo. This is mandatory.
 * args.firmware_images || Ordered list of dictionaries of images to be flashed. This is mandatory.
 * }
 * args.firmware_update_mode || Mode (or mechanism) of out-of-band firmware update. Supported value is ilo. This is mandatory.
 * args.firmware_images || Ordered list of dictionaries of images to be flashed. This is mandatory.
 * }
 * args.firmware_images || Ordered list of dictionaries of images to be flashed. This is mandatory.
 * }

Each firmware image block is represented by a dictionary (JSON), in the form:

{     "url": <url of firmware image file>, "checksum": <md5 checksum of firmware image file to verify the image>, "component": <device on which firmware image will be flashed> }

All the fields in the firmware image block are mandatory.
 * The different types of firmware url schemes supported are: file, http, https and swift.
 * Note: This feature assumes that while using file url scheme the file path is on the conductor controlling the node.
 * Note: The swift url scheme assumes the swift account of the service project. The service project (tenant) is a special project created in the Keystone system designed for the use of the core OpenStack services. When Ironic makes use of Swift for storage purpose, the account is generally service and the container is generally ironic and ilo drivers use a container named ironic_ilo_container for their own purpose.
 * Note: While using firmware files with a .rpm extension, make sure the commands rpm2cpio and cpio are present on the conductor, as they are utilized to extract the firmware image from the package.


 * The firmware components that can be updated are: ilo, cpld, power_pic, bios and chassis.
 * The firmware images will be updated in the order given by the operator. If there is any error during processing of any of the given firmware images provided in the list, none of the firmware updates will occur. The processing error could happen during image download, image checksum verification or image extraction. The logic is to process each of the firmware files and update them on the devices only if all the files are processed successfully. If, during the update (uploading and flashing) process, an update fails, then the remaining updates, if any, in the list will be aborted. But it is recommended to triage and fix the failure and re-attempt the manual clean step update_firmware for the aborted firmware_images.
 * The devices for which the firmwares have been updated successfully would start functioning using their newly updated firmware.

$ md5sum image.rpm 66cdb090c80b71daa21a67f06ecd3f33 image.rpm
 * As a troubleshooting guidance on the complete process, check Ironic conductor logs carefully to see if there are any firmware processing or update related errors which may help in root causing or gain an understanding of where things were left off or where things failed. You can then fix or work around and then try again. A common cause of update failure is HPE Secure Digital Signature check failure for the firmware image file.
 * To compute md5 checksum for your image file, user can use the following command:

Instance Images
All iLO drivers support deployment of whole disk images. The whole disk images could be one of following types:

1. BIOS only image. An image having only MBR partition and will boot only in BIOS boot mode.

2. UEFI only image. An image having GPT partition and will boot only in UEFI boot mode.

3. Hybrid image. An image that has GPT and MBR partition and will boot in both BIOS and UEFI boot mode.

4. Signed UEFI image. An UEFI image wherein bootloader and kernel are signed which could be used in UEFI secure boot environment.

Few of the linux distros provide whole disk images. Examples are:

1. Ubuntu - https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-uefi1.img

2. CoreOS - http://stable.release.core-os.net/amd64-usr/current/coreos_production_openstack_image.img.bz2

3. OpenSuse - https://susestudio.com (It lets you build the image through the browser)

Following table summarizes the whole disk image capabilities:

Note : Config Drive feature of Ironic may not work on all the whole disk images, especially hybrid images wherein partition information may get lost when config drive partition is being created leading to failure during provisioning or instance may not boot.

Not all Linux distributions support hybrid images (single image that can boot in BIOS and UEFI boot mode). If the image can be booted only in a specific boot mode then user needs to add 'boot_mode' capability in nova flavor's extra_spec. From nova, specific boot mode may be requested by using the ComputeCapabilitesFilter. For example:- nova flavor-key ironic-test-3 set capabilities:boot_mode="uefi" nova boot --flavor ironic-test-3 --image test-image instance-1

For pxe-ilo driver, to deploy a whole disk image in UEFI boot mode, user needs to add boot_option="local" capability in nova flavor's extra_spec. For example:- nova flavor-key ironic-test-3 set capabilities:boot_mode="uefi" capabilities:boot_option="local" nova boot --flavor ironic-test-3 --image test-image instance-1