Difference between revisions of "Ironic/Drivers/iLODrivers"
m (→iLO drivers) |
(→iLO drivers) |
||
| Line 4: | Line 4: | ||
=== Overview === | === Overview === | ||
| − | iLO drivers enable to take advantage of features of iLO management engine in | + | iLO drivers enable to take advantage of features of iLO management engine in HP Proliant servers. iLO drivers are targetted for HP Proliant Gen 8 systems and above which have iLO 4 management engine. [1] |
| − | HP Proliant servers. iLO drivers are targetted for HP Proliant Gen 8 systems | ||
| − | and above which have iLO 4 management engine. [1] | ||
| − | |||
| − | |||
| − | |||
Currently there are 3 iLO drivers: | Currently there are 3 iLO drivers: | ||
| Line 17: | Line 12: | ||
* '''pxe_ilo'''. | * '''pxe_ilo'''. | ||
| − | The '''iscsi_ilo''' and '''agent_ilo''' drivers provide security enhanced | + | The '''iscsi_ilo''' and '''agent_ilo''' drivers provide security enhanced PXE-less deployment by using iLO virtual media to boot up the baremetal node. These drivers send management info through management channel and separates it from data channel which is used for deployment. '''iscsi_ilo''' driver uses deployment ramdisk built from '''diskimage-builder''', deploys from Ironic conductor node and always does net-boot. '''agent_ilo''' driver uses deployment ramdisk built from IPA, deploys from baremetal node and always does local boot. |
| − | PXE-less deployment by using iLO virtual media to boot up the baremetal node. | ||
| − | These drivers send management info through management channel and separates | ||
| − | it from data channel which is used for deployment. '''iscsi_ilo''' driver uses | ||
| − | deployment ramdisk built from '''diskimage-builder''', deploys from Ironic | ||
| − | conductor node and always does net-boot. '''agent_ilo''' driver uses deployment | ||
| − | ramdisk built from IPA, deploys from baremetal node and always does local boot. | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| + | '''pxe_ilo''' driver uses PXE/iSCSI for deployment (just like normal PXE driver), but support automatic setting of requested boot mode from nova. This driver doesn't require iLO Advanced license. | ||
=== Prerequisites === | === Prerequisites === | ||
| − | * '''proliantutils''' is a python package which contains a set of modules for | + | * '''proliantutils''' is a python package which contains a set of modules for managing HP Proliant hardware. Install '''proliantutils''' [2] module on the Ironic conductor node. Minimum |
| − | + | version required is 0.1.0. | |
| − | |||
| − | |||
| − | |||
$ pip install "proliantutils>=0.1.0" | $ pip install "proliantutils>=0.1.0" | ||
| − | * '''ipmitool''' command must be present on the service node(s) where | + | * '''ipmitool''' command must be present on the service node(s) where '''ironic-conductor''' is running. On most distros, this is provided as part of the '''ipmitool''' package. Source code is available at http://ipmitool.sourceforge.net/. |
| − | |||
| − | |||
| − | |||
| Line 53: | Line 32: | ||
===== Overview ===== | ===== Overview ===== | ||
| − | '''iscsi_ilo''' driver was introduced as an alternative to '''pxe_ipmitool''' | + | '''iscsi_ilo''' driver was introduced as an alternative to '''pxe_ipmitool''' and '''pxe_ipminative''' drivers for HP Proliant servers. '''iscsi_ilo''' uses virtual media feature in iLO to boot up the baremetal node instead of using PXE or iPXE. |
| − | and '''pxe_ipminative''' drivers for HP Proliant servers. '''iscsi_ilo''' uses | ||
| − | virtual media feature in iLO to boot up the baremetal node instead of using | ||
| − | PXE or iPXE. | ||
===== Target Users ===== | ===== Target Users ===== | ||
* Users who do not want to use PXE/TFTP protocol on their data centres. | * Users who do not want to use PXE/TFTP protocol on their data centres. | ||
| − | * Current PXE driver passes authentication token in clear-text over | + | * Current PXE driver passes authentication token in clear-text over tftp to the baremetal node. '''iscsi_ilo''' driver enhances the security by passing keystone authtoken and management info over encrypted management network. This driver may be used by users who have concerns on PXE drivers security issues and want to have a security enhanced PXE-less deployment mechanism. |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
===== Tested Platforms ===== | ===== Tested Platforms ===== | ||
| − | This driver should work on HP Proliant Gen8 Servers and above with iLO 4. | + | This driver should work on HP Proliant Gen8 Servers and above with iLO 4. |
| + | |||
It has been tested with the following servers: | It has been tested with the following servers: | ||
| − | |||
* ProLiant DL380e Gen8 | * ProLiant DL380e Gen8 | ||
* ProLiant DL380e Gen8 | * ProLiant DL380e Gen8 | ||
* ProLiant DL580 Gen8 | * ProLiant DL580 Gen8 | ||
* ProLiant DL180 Gen9 | * ProLiant DL180 Gen9 | ||
| − | |||
| − | |||
===== Features ===== | ===== Features ===== | ||
* PXE-less deploy with Virtual Media. | * PXE-less deploy with Virtual Media. | ||
* Automatic detection of current boot mode. | * Automatic detection of current boot mode. | ||
| − | * Automatic setting of the required boot mode if UEFI boot mode is requested | + | * Automatic setting of the required boot mode if UEFI boot mode is requested by the nova flavor's extra spec. |
| − | |||
* Always boot from network using Virtual Media. | * Always boot from network using Virtual Media. | ||
* UEFI Boot Support | * UEFI Boot Support | ||
| − | * Passing authentication token via secure, encrypted management network | + | * Passing authentication token via secure, encrypted management network (Virtual Media). Provisioning is done using iSCSI over data network (like PXE driver), so this driver has the benefit of security enhancement with the same performance. Hence it segregates management info from data channel. |
| − | |||
| − | |||
| − | |||
| − | |||
* Remote Console | * Remote Console | ||
* HW Sensors | * HW Sensors | ||
| Line 97: | Line 61: | ||
===== Requirements ===== | ===== Requirements ===== | ||
| − | * | + | * '''iLO 4 Advanced License''' needs to be installed on iLO to enable Virtual Media feature. |
| − | + | * **Swift Object Storage Service** - iLO driver uses Swift to store temporary FAT images as well as boot ISO images. | |
| − | * **Swift Object Storage Service** - iLO driver uses Swift to store temporary | + | * **Glance Image Service with Swift configured as its backend** - When using '''iscsi_ilo''' driver, the image containing the deploy ramdisk is retrieved from Swift directly by the iLO. |
| − | |||
| − | * **Glance Image Service with Swift configured as its backend** - When using | ||
| − | |||
| − | |||
| − | |||
===== Deploy Process ===== | ===== Deploy Process ===== | ||
| − | * Admin configures the Proliant baremetal node for iscsi_ilo driver. The | + | * Admin configures the Proliant baremetal node for iscsi_ilo driver. The Ironic node configured will have the '''ilo_deploy_iso''' property in its '''driver_info'''. This will contain the Glance UUID of the ISO deploy ramdisk image. |
| − | |||
| − | |||
| − | |||
* Ironic gets a request to deploy a Glance image on the baremetal node. | * Ironic gets a request to deploy a Glance image on the baremetal node. | ||
* '''iscsi_ilo''' driver powers off the baremetal node. | * '''iscsi_ilo''' driver powers off the baremetal node. | ||
| − | * The driver generates a swift-temp-url for the deploy ramdisk image | + | * The driver generates a swift-temp-url for the deploy ramdisk image and attaches it as Virtual Media CDROM on the iLO. |
| − | + | * The driver creates a small FAT32 image containing parameters to the deploy ramdisk. This image is uploaded to Swift and its swift-temp-url is attached as Virtual Media Floppy on the iLO. | |
| − | * The driver creates a small FAT32 image containing parameters to | ||
| − | |||
| − | |||
* The driver sets the node to boot one-time from CDROM. | * The driver sets the node to boot one-time from CDROM. | ||
* The driver powers on the baremetal node. | * The driver powers on the baremetal node. | ||
| − | * The deploy kernel/ramdisk is booted on the baremetal node. The ramdisk | + | * The deploy kernel/ramdisk is booted on the baremetal node. The ramdisk exposes the local disk over iSCSI and requests Ironic conductor to complete the deployment. |
| − | + | * The driver on the Ironic conductor writes the glance image to the baremetal node's disk. | |
| − | + | * The driver bundles the boot kernel/ramdisk for the Glance deploy image into an ISO and then uploads it to Swift. This ISO image will be used for booting the deployed instance. | |
| − | * The driver on the Ironic conductor writes the glance image to the | ||
| − | |||
| − | * The driver bundles the boot kernel/ramdisk for the Glance deploy | ||
| − | |||
| − | |||
* The driver reboots the node. | * The driver reboots the node. | ||
| − | * On the first and subsequent reboots '''iscsi_ilo''' driver attaches this boot | + | * On the first and subsequent reboots '''iscsi_ilo''' driver attaches this boot ISO image in Swift as Virtual Media CDROM and then sets iLO to boot from it. |
| − | |||
===== Configuring and Enabling the driver ===== | ===== Configuring and Enabling the driver ===== | ||
| − | 1. Prepare an ISO deploy ramdisk image from '''diskimage-builder''' [3]_. This | + | 1. Prepare an ISO deploy ramdisk image from '''diskimage-builder''' [3]_. This can be done by adding the '''iso''' element to the '''ramdisk-image-create''' command. This command creates the deploy kernel/ramdisk as well as a bootable ISO image containing the deploy kernel and ramdisk. The below command creates files named '''deploy-ramdisk.kernel''', |
| − | + | '''deploy-ramdisk.initramfs''' and '''deploy-ramdisk.iso''' in the current working directory | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
cd <path-to-diskimage-builder> | cd <path-to-diskimage-builder> | ||
| Line 150: | Line 91: | ||
glance image-create --name deploy-ramdisk.iso --disk-format iso --container-format bare < deploy-ramdisk.iso | glance image-create --name deploy-ramdisk.iso --disk-format iso --container-format bare < deploy-ramdisk.iso | ||
| − | 3. Configure Glance image service with its storage backend as Swift. See | + | 3. Configure Glance image service with its storage backend as Swift. See [4] for configuration instructions. |
| − | |||
| − | 4. Set a temp-url key for Glance user in Swift. For example, if you have | + | 4. Set a temp-url key for Glance user in Swift. For example, if you have configured Glance with user '''glance-swift''' and tenant as '''service''', then run the below command:: |
| − | |||
| − | |||
swift --os-username=service:glance-swift post -m temp-url-key:mysecretkeyforglance | swift --os-username=service:glance-swift post -m temp-url-key:mysecretkeyforglance | ||
| − | 5. Fill the required parameters in the '''[glance]''' section in | + | 5. Fill the required parameters in the '''[glance]''' section in '''/etc/ironic/ironic.conf'''. Normally you would be required to fill in the following details.:: |
| − | |||
| − | |||
[glance] | [glance] | ||
| Line 170: | Line 106: | ||
swift_container=glance | swift_container=glance | ||
| − | + | The details can be retrieved by running the below command: | |
$ swift --os-username=service:glance-swift stat -v | grep -i url | $ swift --os-username=service:glance-swift stat -v | grep -i url | ||
| Line 177: | Line 113: | ||
| − | 6. Swift must be accessible with the same admin credentials configured in | + | 6. Swift must be accessible with the same admin credentials configured in Ironic. For example, if Ironic is configured with the below credentials in '''/etc/ironic/ironic.conf'''.:: |
| − | |||
| − | |||
[keystone_authtoken] | [keystone_authtoken] | ||
| Line 186: | Line 120: | ||
admin_tenant_name = service | admin_tenant_name = service | ||
| − | + | Ensure '''auth_version''' in '''keystone_authtoken''' to 2. | |
| − | + | Then, the below command should work.:: | |
$ swift --os-username ironic --os-password password --os-tenant-name service --auth-version 2 stat | $ swift --os-username ironic --os-password password --os-tenant-name service --auth-version 2 stat | ||
| Line 204: | Line 138: | ||
| − | 7. Add '''iscsi_ilo''' to the list of '''enabled_drivers''' in | + | 7. Add '''iscsi_ilo''' to the list of '''enabled_drivers''' in '''/etc/ironic/ironic.conf'''. For example::: |
| − | |||
enabled_drivers = fake,pxe_ssh,pxe_ipmitool,iscsi_ilo | enabled_drivers = fake,pxe_ssh,pxe_ipmitool,iscsi_ilo | ||
| − | 8. Restart the Ironic conductor service. | + | 8. Restart the Ironic conductor service. |
$ service ironic-conductor restart | $ service ironic-conductor restart | ||
| Line 215: | Line 148: | ||
===== Registering Proliant node in Ironic ===== | ===== Registering Proliant node in Ironic ===== | ||
| − | Nodes configured for iLO driver should have the '''driver''' property set to | + | Nodes configured for iLO driver should have the '''driver''' property set to '''iscsi_ilo'''. The following configuration values are also required in '''driver_info''': |
| − | '''iscsi_ilo'''. The following configuration values are also required in | ||
| − | '''driver_info''': | ||
- '''ilo_address''': IP address or hostname of the iLO. | - '''ilo_address''': IP address or hostname of the iLO. | ||
| Line 223: | Line 154: | ||
- '''ilo_password''': Password for the above iLO user. | - '''ilo_password''': Password for the above iLO user. | ||
- '''ilo_deploy_iso''': The Glance UUID of the deploy ramdisk ISO image. | - '''ilo_deploy_iso''': The Glance UUID of the deploy ramdisk ISO image. | ||
| − | - '''client_port''': (optional) Port to be used for iLO operations if you are | + | - '''client_port''': (optional) Port to be used for iLO operations if you are using a custom port on the iLO. Default port used is 443. |
| − | + | - '''client_timeout''': (optional) Timeout for iLO operations. Default timeout is 60 seconds. | |
| − | - '''client_timeout''': (optional) Timeout for iLO operations. Default timeout | + | - '''console_port''': (optional) Node's UDP port for console access. Any unused port on the Ironic conductor node may be used. |
| − | |||
| − | - '''console_port''': (optional) Node's UDP port for console access. Any unused | ||
| − | |||
| − | |||
===== Boot modes ===== | ===== Boot modes ===== | ||
| − | '''iscsi_ilo''' driver supports automatic detection and setting of boot mode | + | '''iscsi_ilo''' driver supports automatic detection and setting of boot mode (Legacy BIOS or UEFI). |
| − | (Legacy BIOS or UEFI). | ||
| − | * When no boot mode setting is provided, '''iscsi_ilo''' driver preserves the | + | * When no boot mode setting is provided, '''iscsi_ilo''' driver preserves the current boot mode on the deployed instance. |
| − | + | * A requirement of a specific boot mode may be provided by adding '''boot_mode:bios''' or '''boot_mode:uefi''' to '''capabilities''' property within the '''properties''' field of an Ironic node. Then '''iscsi_ilo''' driver will deploy and configure the instance in the appropriate boot mode. | |
| − | * A requirement of a specific boot mode may be provided by adding | ||
| − | |||
| − | |||
| − | |||
| − | For example, to make a Proliant baremetal node boot in UEFI mode, run the | + | For example, to make a Proliant baremetal node boot in UEFI mode, run the following command:: |
| − | following command:: | ||
ironic node-update <node-id> add properties/capabilities='boot_mode:uefi' | ironic node-update <node-id> add properties/capabilities='boot_mode:uefi' | ||
| − | |||
| − | * We recommend setting the '''boot_mode''' property on systems that support both | + | '''NOTES''': |
| − | + | ||
| − | node with appropriate boot mode. This is for ProLiant DL580 Gen8 and Gen9 | + | * We recommend setting the '''boot_mode''' property on systems that support both UEFI and legacy modes if user wants facility in Nova to choose a baremetal |
| − | + | node with appropriate boot mode. This is for ProLiant DL580 Gen8 and Gen9 systems. | |
| − | * '''iscsi_ilo''' driver automatically set boot mode from BIOS to UEFI, if the | + | * '''iscsi_ilo''' driver automatically set boot mode from BIOS to UEFI, if the requested boot mode in nova boot is UEFI. However, users will need to pre-configure boot mode to Legacy on DL580 Gen8 and Gen9 servers if they want to deploy the node in legacy mode. |
| − | + | * Currently for UEFI boot mode, automatic creation of boot ISO doesn't work. The boot ISO for the deploy image needs to be built separately and the deploy image's '''boot_iso''' property in Glance should contain the Glance UUID of the boot ISO. | |
| − | + | * From nova, specific boot mode may be requested by using the '''ComputeCapabilitesFilter'''. For example, it can be set in a flavor like below:: | |
| − | |||
| − | * Currently for UEFI boot mode, automatic creation of boot ISO doesn't | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | * From nova, specific boot mode may be requested by using the | ||
| − | |||
| − | |||
nova flavor-key ironic-test-3 set capabilities:boot_mode="uefi" | nova flavor-key ironic-test-3 set capabilities:boot_mode="uefi" | ||
| Line 272: | Line 183: | ||
===== Overview ===== | ===== Overview ===== | ||
| − | '''agent_ilo''' driver was introduced as an alternative to '''agent_ipmitool''' | + | '''agent_ilo''' driver was introduced as an alternative to '''agent_ipmitool''' and '''agent_ipminative''' drivers for HP Proliant servers. '''agent_ilo''' driver uses virtual media feature in HP Proliant baremetal servers to boot up the Ironic Python Agent (IPA) on the baremetal node instead of using PXE. For more information on IPA, refer https://wiki.openstack.org/wiki/Ironic-python-agent. |
| − | and '''agent_ipminative''' drivers for HP Proliant servers. '''agent_ilo''' driver | ||
| − | uses virtual media feature in HP Proliant baremetal servers to boot up the | ||
| − | Ironic Python Agent (IPA) on the baremetal node instead of using PXE. For | ||
| − | more information on IPA, refer | ||
| − | https://wiki.openstack.org/wiki/Ironic-python-agent. | ||
===== Target Users ===== | ===== Target Users ===== | ||
| − | |||
* Users who do not want to use PXE/TFTP protocol on their data centres. | * Users who do not want to use PXE/TFTP protocol on their data centres. | ||
===== Tested Platforms ===== | ===== Tested Platforms ===== | ||
| + | This driver should work on HP Proliant Gen8 Servers and above with iLO 4. | ||
| − | |||
It has been tested with the following servers: | It has been tested with the following servers: | ||
| − | |||
* ProLiant DL380e Gen8 | * ProLiant DL380e Gen8 | ||
* ProLiant DL380e Gen8 | * ProLiant DL380e Gen8 | ||
| Line 296: | Line 200: | ||
===== Features ===== | ===== Features ===== | ||
| − | |||
* PXE-less deploy with Virtual Media using Ironic Python Agent. | * PXE-less deploy with Virtual Media using Ironic Python Agent. | ||
* Remote Console | * Remote Console | ||
| Line 305: | Line 208: | ||
===== Requirements ===== | ===== Requirements ===== | ||
| − | + | * **iLO 4 Advanced License** needs to be installed on iLO to enable Virtual Media feature. | |
| − | * **iLO 4 Advanced License** needs to be installed on iLO to enable Virtual | + | * **Swift Object Storage Service** - iLO driver uses Swift to store temporary FAT images as well as boot ISO images. |
| − | + | * **Glance Image Service with Swift configured as its backend** - When using '''agent_ilo''' driver, the image containing the agent is retrieved from Swift directly by the iLO. | |
| − | * **Swift Object Storage Service** - iLO driver uses Swift to store temporary | ||
| − | |||
| − | * **Glance Image Service with Swift configured as its backend** - When using | ||
| − | |||
| − | |||
===== Deploy Process ===== | ===== Deploy Process ===== | ||
| − | + | * Admin configures the Proliant baremetal node for '''agent_ilo''' driver. The Ironic node configured will have the '''ilo_deploy_iso''' property in its '''driver_info'''. This will contain the Glance UUID of the ISO deploy agent image containing the agent. | |
| − | * Admin configures the Proliant baremetal node for '''agent_ilo''' driver. The | ||
| − | |||
| − | |||
| − | |||
* Ironic gets a request to deploy a Glance image on the baremetal node. | * Ironic gets a request to deploy a Glance image on the baremetal node. | ||
* Driver powers off the baremetal node. | * Driver powers off the baremetal node. | ||
| − | * Driver generates a swift-temp-url for the deploy agent image | + | * Driver generates a swift-temp-url for the deploy agent image and attaches it as Virtual Media CDROM on the iLO. |
| − | + | * Driver creates a small FAT32 image containing parameters to the agent ramdisk. This image is uploaded to Swift and its swift-temp-url is attached as Virtual Media Floppy on the iLO. | |
| − | * Driver creates a small FAT32 image containing parameters to | ||
| − | |||
| − | |||
* Driver sets the node to boot one-time from CDROM. | * Driver sets the node to boot one-time from CDROM. | ||
* Driver powers on the baremetal node. | * Driver powers on the baremetal node. | ||
| − | * The deploy kernel/ramdisk containing the agent is booted on the baremetal | + | * The deploy kernel/ramdisk containing the agent is booted on the baremetal node. The agent ramdisk talks to the Ironic conductor, downloads the image directly from Swift and writes the node's disk. |
| − | + | * Driver sets the node to permanently boot from disk and then reboots the node. | |
| − | |||
| − | * Driver sets the node to permanently boot from disk and then reboots | ||
| − | |||
===== Configuring and Enabling the driver ===== | ===== Configuring and Enabling the driver ===== | ||
| − | + | 1. Prepare an ISO deploy Ironic Python Agent image containing the agent [5]_. This can be done by using the iso-image-create script found within the agent. The below set of commands will create a file '''ipa-ramdisk.iso''' in the below directory '''UPLOAD''':: | |
| − | 1. Prepare an ISO deploy Ironic Python Agent image containing the agent [5]_. | ||
| − | |||
| − | |||
| − | |||
$ cd <directory-containing-ironic-python-agent> | $ cd <directory-containing-ironic-python-agent> | ||
| Line 354: | Line 238: | ||
glance image-create --name ipa-ramdisk.iso --disk-format iso --container-format bare < ipa-coreos.iso | glance image-create --name ipa-ramdisk.iso --disk-format iso --container-format bare < ipa-coreos.iso | ||
| − | 3. Configure Glance image service with its storage backend as Swift. See | + | 3. Configure Glance image service with its storage backend as Swift. See [4]_ for configuration instructions. |
| − | + | 4. Set a temp-url key for Glance user in Swift. For example, if you have configured Glance with user '''glance-swift''' and tenant as '''service''', then run the below command:: | |
| − | 4. Set a temp-url key for Glance user in Swift. For example, if you have | ||
| − | |||
| − | |||
swift --os-username=service:glance-swift post -m temp-url-key:mysecretkeyforglance | swift --os-username=service:glance-swift post -m temp-url-key:mysecretkeyforglance | ||
| − | 5. Fill the required parameters in the '''[glance]''' section | + | 5. Fill the required parameters in the '''[glance]''' section in '''/etc/ironic/ironic.conf'''. Normally you would be required to fill in the following details.:: |
| − | |||
| − | |||
[glance] | [glance] | ||
| Line 379: | Line 258: | ||
Meta Temp-Url-Key: mysecretkeyforglance | Meta Temp-Url-Key: mysecretkeyforglance | ||
| − | + | 6. Swift must be accessible with the same admin credentials configured in Ironic. For example, if Ironic is configured with the below credentials in '''/etc/ironic/ironic.conf'''.:: | |
| − | 6. Swift must be accessible with the same admin credentials configured in | ||
| − | |||
| − | |||
[keystone_authtoken] | [keystone_authtoken] | ||
| Line 389: | Line 265: | ||
admin_tenant_name = service | admin_tenant_name = service | ||
| − | + | Ensure '''auth_version''' in '''keystone_authtoken''' to 2. | |
| − | + | Then, the below command should work.:: | |
$ swift --os-username ironic --os-password password --os-tenant-name service --auth-version 2 stat | $ swift --os-username ironic --os-password password --os-tenant-name service --auth-version 2 stat | ||
| Line 407: | Line 283: | ||
| − | 7. Add '''agent_ilo''' to the list of '''enabled_drivers''' in | + | 7. Add '''agent_ilo''' to the list of '''enabled_drivers''' in '''/etc/ironic/ironic.conf'''. For example::: |
| − | |||
enabled_drivers = fake,pxe_ssh,pxe_ipmitool,agent_ilo | enabled_drivers = fake,pxe_ssh,pxe_ipmitool,agent_ilo | ||
| Line 419: | Line 294: | ||
===== Registering Proliant node in Ironic ===== | ===== Registering Proliant node in Ironic ===== | ||
| − | Nodes configured for iLO driver should have the '''driver''' property set to | + | Nodes configured for iLO driver should have the '''driver''' property set to '''agent_ilo'''. The following configuration values are also required in '''driver_info''': |
| − | '''agent_ilo'''. The following configuration values are also required in | ||
| − | '''driver_info''': | ||
- '''ilo_address''': IP address or hostname of the iLO. | - '''ilo_address''': IP address or hostname of the iLO. | ||
- '''ilo_username''': Username for the iLO with administrator privileges. | - '''ilo_username''': Username for the iLO with administrator privileges. | ||
- '''ilo_password''': Password for the above iLO user. | - '''ilo_password''': Password for the above iLO user. | ||
| − | - '''ilo_deploy_iso''': The Glance UUID of the deploy agent ISO image containing | + | - '''ilo_deploy_iso''': The Glance UUID of the deploy agent ISO image containing the agent. |
| − | + | - '''client_port''': (optional) Port to be used for iLO operations if you are using a custom port on the iLO. Default port used is 443. | |
| − | - '''client_port''': (optional) Port to be used for iLO operations if you are | + | - '''client_timeout''': (optional) Timeout for iLO operations. Default timeout is 60 seconds. |
| − | + | - '''console_port''': (optional) Node's UDP port for console access. Any unused port on the Ironic conductor node may be used. | |
| − | - '''client_timeout''': (optional) Timeout for iLO operations. Default timeout | ||
| − | |||
| − | - '''console_port''': (optional) Node's UDP port for console access. Any unused | ||
| − | |||
| Line 441: | Line 310: | ||
===== Overview ===== | ===== Overview ===== | ||
| − | '''pxe_ilo''' driver uses PXE/iSCSI (just like '''pxe_ipmitool''' driver) to | + | '''pxe_ilo''' driver uses PXE/iSCSI (just like '''pxe_ipmitool''' driver) to deploy the image and uses iLO to do all management operations on the baremetal node(instead of using IPMI). |
| − | deploy the image and uses iLO to do all management operations on the baremetal | ||
| − | node(instead of using IPMI). | ||
===== Target Users ===== | ===== Target Users ===== | ||
| − | * Users who want to use PXE/iSCSI for deployment in their environment or who | + | * Users who want to use PXE/iSCSI for deployment in their environment or who don't have Advanced License in their iLO. |
| − | |||
* Users who don't want to configure boot mode manually on the baremetal node. | * Users who don't want to configure boot mode manually on the baremetal node. | ||
| Line 461: | Line 327: | ||
* ProLiant DL180 Gen9 | * ProLiant DL180 Gen9 | ||
| − | For more up-to-date information, check the iLO driver wiki [6] | + | For more up-to-date information, check the iLO driver wiki [6]. |
===== Features ===== | ===== Features ===== | ||
* Automatic detection of current boot mode. | * Automatic detection of current boot mode. | ||
| − | * Automatic setting of the required boot mode if UEFI boot mode is requested | + | * Automatic setting of the required boot mode if UEFI boot mode is requested by the nova flavor's extra spec. |
| − | |||
===== Requirements ===== | ===== Requirements ===== | ||
| Line 474: | Line 339: | ||
===== Configuring and Enabling the driver ===== | ===== Configuring and Enabling the driver ===== | ||
| − | 1. Prepare an ISO deploy ramdisk image from '''diskimage-builder''' [3] | + | 1. Prepare an ISO deploy ramdisk image from '''diskimage-builder''' [3]. The below command creates a file named '''deploy-ramdisk.kernel''' and '''deploy-ramdisk.initramfs''' in the current working directory:: |
| − | |||
| − | |||
| − | |||
cd <path-to-diskimage-builder> | cd <path-to-diskimage-builder> | ||
| Line 487: | Line 349: | ||
glance image-create --name deploy-ramdisk.initramfs --disk-format ari --container-format ari < deploy-ramdisk.initramfs | glance image-create --name deploy-ramdisk.initramfs --disk-format ari --container-format ari < deploy-ramdisk.initramfs | ||
| − | 7. Add '''pxe_ilo''' to the list of '''enabled_drivers''' in | + | 7. Add '''pxe_ilo''' to the list of '''enabled_drivers''' in '''/etc/ironic/ironic.conf'''. For example::: |
| − | |||
enabled_drivers = fake,pxe_ssh,pxe_ipmitool,pxe_ilo | enabled_drivers = fake,pxe_ssh,pxe_ipmitool,pxe_ilo | ||
| Line 498: | Line 359: | ||
===== Registering Proliant node in Ironic ===== | ===== Registering Proliant node in Ironic ===== | ||
| − | Nodes configured for iLO driver should have the '''driver''' property set to | + | Nodes configured for iLO driver should have the '''driver''' property set to '''pxe_ilo'''. The following configuration values are also required in '''driver_info''': |
| − | '''pxe_ilo'''. The following configuration values are also required in | ||
| − | '''driver_info''': | ||
- '''ilo_address''': IP address or hostname of the iLO. | - '''ilo_address''': IP address or hostname of the iLO. | ||
| Line 507: | Line 366: | ||
- '''pxe_deploy_kernel''': The Glance UUID of the deployment kernel. | - '''pxe_deploy_kernel''': The Glance UUID of the deployment kernel. | ||
- '''pxe_deploy_ramdisk''': The Glance UUID of the deployment ramdisk. | - '''pxe_deploy_ramdisk''': The Glance UUID of the deployment ramdisk. | ||
| − | - '''client_port''': (optional) Port to be used for iLO operations if you are | + | - '''client_port''': (optional) Port to be used for iLO operations if you are using a custom port on the iLO. Default port used is 443. |
| − | + | - '''client_timeout''': (optional) Timeout for iLO operations. Default timeout is 60 seconds. | |
| − | - '''client_timeout''': (optional) Timeout for iLO operations. Default timeout | + | - '''console_port''': (optional) Node's UDP port for console access. Any unused port on the Ironic conductor node may be used. |
| − | |||
| − | - '''console_port''': (optional) Node's UDP port for console access. Any unused | ||
| − | |||
===== Boot modes ===== | ===== Boot modes ===== | ||
| − | '''pxe_ilo''' driver supports automatic detection and setting of boot mode | + | '''pxe_ilo''' driver supports automatic detection and setting of boot mode (Legacy BIOS or UEFI). |
| − | (Legacy BIOS or UEFI). | ||
| − | * When no boot mode setting is provided, '''pxe_ilo''' driver preserves the | + | * When no boot mode setting is provided, '''pxe_ilo''' driver preserves the current boot mode on the deployed instance. |
| − | + | * A requirement of a specific boot mode may be provided by adding '''boot_mode:bios''' or '''boot_mode:uefi''' to '''capabilities''' property within the '''properties''' field of an Ironic node. Then '''pxe_ilo''' driver will deploy and configure the instance in the appropriate boot mode.:: | |
| − | * A requirement of a specific boot mode may be provided by adding | ||
| − | |||
| − | |||
| − | |||
ironic node-update <NODE-ID> add properties/capabilities='boot_mode:uefi' | ironic node-update <NODE-ID> add properties/capabilities='boot_mode:uefi' | ||
| Line 530: | Line 381: | ||
**NOTES**: | **NOTES**: | ||
| − | * We recommend setting the '''boot_mode''' property on systems that support both | + | * We recommend setting the '''boot_mode''' property on systems that support both UEFI and legacy modes if user wants facility in Nova to choose a baremetal |
| − | + | node with appropriate boot mode. This is for ProLiant DL580 Gen8 and Gen9 systems. | |
| − | node with appropriate boot mode. This is for ProLiant DL580 Gen8 and Gen9 | + | * '''pxe_ilo''' driver automatically set boot mode from BIOS to UEFI, if the requested boot mode in nova boot is UEFI. However, users will need to pre-configure boot mode to Legacy on DL580 Gen8 and Gen9 servers if they want to deploy the node in legacy mode. |
| − | + | * From nova, specific boot mode may be requested by using the '''ComputeCapabilitesFilter'''. For example, it can be set in a flavor like below:: | |
| − | * '''pxe_ilo''' driver automatically set boot mode from BIOS to UEFI, if the | ||
| − | |||
| − | |||
| − | |||
| − | * From nova, specific boot mode may be requested by using the | ||
| − | |||
| − | |||
nova flavor-key ironic-test-3 set capabilities:boot_mode="uefi" | nova flavor-key ironic-test-3 set capabilities:boot_mode="uefi" | ||
| Line 548: | Line 392: | ||
=== References === | === References === | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
* [1] HP iLO 4 User Guide - http://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-c03334051-11.pdf | * [1] HP iLO 4 User Guide - http://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-c03334051-11.pdf | ||
* [2] Proliantutils module - https://pypi.python.org/pypi/proliantutils | * [2] Proliantutils module - https://pypi.python.org/pypi/proliantutils | ||
Revision as of 16:52, 20 October 2014
Contents
iLO drivers
Overview
iLO drivers enable to take advantage of features of iLO management engine in HP Proliant servers. iLO drivers are targetted for HP Proliant Gen 8 systems and above which have iLO 4 management engine. [1]
Currently there are 3 iLO drivers:
- iscsi_ilo
- agent_ilo
- pxe_ilo.
The iscsi_ilo and agent_ilo drivers provide security enhanced PXE-less deployment by using iLO virtual media to boot up the baremetal node. These drivers send management info through management channel and separates it from data channel which is used for deployment. iscsi_ilo driver uses deployment ramdisk built from diskimage-builder, deploys from Ironic conductor node and always does net-boot. agent_ilo driver uses deployment ramdisk built from IPA, deploys from baremetal node and always does local boot.
pxe_ilo driver uses PXE/iSCSI for deployment (just like normal PXE driver), but support automatic setting of requested boot mode from nova. This driver doesn't require iLO Advanced license.
Prerequisites
- proliantutils is a python package which contains a set of modules for managing HP Proliant hardware. Install proliantutils [2] module on the Ironic conductor node. Minimum
version required is 0.1.0.
$ pip install "proliantutils>=0.1.0"
- ipmitool command must be present on the service node(s) where ironic-conductor is running. On most distros, this is provided as part of the ipmitool package. Source code is available at http://ipmitool.sourceforge.net/.
Drivers
iscsi_ilo driver
Overview
iscsi_ilo driver was introduced as an alternative to pxe_ipmitool and pxe_ipminative drivers for HP Proliant servers. iscsi_ilo uses virtual media feature in iLO to boot up the baremetal node instead of using PXE or iPXE.
Target Users
- Users who do not want to use PXE/TFTP protocol on their data centres.
- Current PXE driver passes authentication token in clear-text over tftp to the baremetal node. iscsi_ilo driver enhances the security by passing keystone authtoken and management info over encrypted management network. This driver may be used by users who have concerns on PXE drivers security issues and want to have a security enhanced PXE-less deployment mechanism.
Tested Platforms
This driver should work on HP Proliant Gen8 Servers and above with iLO 4.
It has been tested with the following servers:
- ProLiant DL380e Gen8
- ProLiant DL380e Gen8
- ProLiant DL580 Gen8
- ProLiant DL180 Gen9
Features
- PXE-less deploy with Virtual Media.
- Automatic detection of current boot mode.
- Automatic setting of the required boot mode if UEFI boot mode is requested by the nova flavor's extra spec.
- Always boot from network using Virtual Media.
- UEFI Boot Support
- Passing authentication token via secure, encrypted management network (Virtual Media). Provisioning is done using iSCSI over data network (like PXE driver), so this driver has the benefit of security enhancement with the same performance. Hence it segregates management info from data channel.
- Remote Console
- HW Sensors
- Works well for machines with resource constraints (lesser amount of memory).
Requirements
- iLO 4 Advanced License needs to be installed on iLO to enable Virtual Media feature.
- **Swift Object Storage Service** - iLO driver uses Swift to store temporary FAT images as well as boot ISO images.
- **Glance Image Service with Swift configured as its backend** - When using iscsi_ilo driver, the image containing the deploy ramdisk is retrieved from Swift directly by the iLO.
Deploy Process
- Admin configures the Proliant baremetal node for iscsi_ilo driver. The Ironic node configured will have the ilo_deploy_iso property in its driver_info. This will contain the Glance UUID of the ISO deploy ramdisk image.
- Ironic gets a request to deploy a Glance image on the baremetal node.
- iscsi_ilo driver powers off the baremetal node.
- The driver generates a swift-temp-url for the deploy ramdisk image and attaches it as Virtual Media CDROM on the iLO.
- The driver creates a small FAT32 image containing parameters to the deploy ramdisk. This image is uploaded to Swift and its swift-temp-url is attached as Virtual Media Floppy on the iLO.
- The driver sets the node to boot one-time from CDROM.
- The driver powers on the baremetal node.
- The deploy kernel/ramdisk is booted on the baremetal node. The ramdisk exposes the local disk over iSCSI and requests Ironic conductor to complete the deployment.
- The driver on the Ironic conductor writes the glance image to the baremetal node's disk.
- The driver bundles the boot kernel/ramdisk for the Glance deploy image into an ISO and then uploads it to Swift. This ISO image will be used for booting the deployed instance.
- The driver reboots the node.
- On the first and subsequent reboots iscsi_ilo driver attaches this boot ISO image in Swift as Virtual Media CDROM and then sets iLO to boot from it.
Configuring and Enabling the driver
1. Prepare an ISO deploy ramdisk image from diskimage-builder [3]_. This can be done by adding the iso element to the ramdisk-image-create command. This command creates the deploy kernel/ramdisk as well as a bootable ISO image containing the deploy kernel and ramdisk. The below command creates files named deploy-ramdisk.kernel, deploy-ramdisk.initramfs and deploy-ramdisk.iso in the current working directory
cd <path-to-diskimage-builder> ./bin/ramdisk-image-create -o deploy-ramdisk ubuntu deploy-ironic iso
2. Upload this image to Glance.::
glance image-create --name deploy-ramdisk.iso --disk-format iso --container-format bare < deploy-ramdisk.iso
3. Configure Glance image service with its storage backend as Swift. See [4] for configuration instructions.
4. Set a temp-url key for Glance user in Swift. For example, if you have configured Glance with user glance-swift and tenant as service, then run the below command::
swift --os-username=service:glance-swift post -m temp-url-key:mysecretkeyforglance
5. Fill the required parameters in the [glance] section in /etc/ironic/ironic.conf. Normally you would be required to fill in the following details.::
[glance] swift_temp_url_key=mysecretkeyforglance swift_endpoint_url=http://10.10.1.10:8080 swift_api_version=v1 swift_account=AUTH_51ea2fb400c34c9eb005ca945c0dc9e1 swift_container=glance
The details can be retrieved by running the below command:
$ swift --os-username=service:glance-swift stat -v | grep -i url StorageURL: http://10.10.1.10:8080/v1/AUTH_51ea2fb400c34c9eb005ca945c0dc9e1 Meta Temp-Url-Key: mysecretkeyforglance
6. Swift must be accessible with the same admin credentials configured in Ironic. For example, if Ironic is configured with the below credentials in /etc/ironic/ironic.conf.::
[keystone_authtoken] admin_password = password admin_user = ironic admin_tenant_name = service
Ensure auth_version in keystone_authtoken to 2.
Then, the below command should work.::
$ swift --os-username ironic --os-password password --os-tenant-name service --auth-version 2 stat
Account: AUTH_22af34365a104e4689c46400297f00cb
Containers: 2
Objects: 18
Bytes: 1728346241
Objects in policy "policy-0": 18
Bytes in policy "policy-0": 1728346241
Meta Temp-Url-Key: mysecretkeyforglance
X-Timestamp: 1409763763.84427
X-Trans-Id: tx51de96a28f27401eb2833-005433924b
Content-Type: text/plain; charset=utf-8
Accept-Ranges: bytes
7. Add iscsi_ilo to the list of enabled_drivers in /etc/ironic/ironic.conf. For example:::
enabled_drivers = fake,pxe_ssh,pxe_ipmitool,iscsi_ilo
8. Restart the Ironic conductor service.
$ service ironic-conductor restart
Registering Proliant node in Ironic
Nodes configured for iLO driver should have the driver property set to iscsi_ilo. The following configuration values are also required in driver_info:
- ilo_address: IP address or hostname of the iLO. - ilo_username: Username for the iLO with administrator privileges. - ilo_password: Password for the above iLO user. - ilo_deploy_iso: The Glance UUID of the deploy ramdisk ISO image. - client_port: (optional) Port to be used for iLO operations if you are using a custom port on the iLO. Default port used is 443. - client_timeout: (optional) Timeout for iLO operations. Default timeout is 60 seconds. - console_port: (optional) Node's UDP port for console access. Any unused port on the Ironic conductor node may be used.
Boot modes
iscsi_ilo driver supports automatic detection and setting of boot mode (Legacy BIOS or UEFI).
- When no boot mode setting is provided, iscsi_ilo driver preserves the current boot mode on the deployed instance.
- A requirement of a specific boot mode may be provided by adding boot_mode:bios or boot_mode:uefi to capabilities property within the properties field of an Ironic node. Then iscsi_ilo driver will deploy and configure the instance in the appropriate boot mode.
For example, to make a Proliant baremetal node boot in UEFI mode, run the following command::
ironic node-update <node-id> add properties/capabilities='boot_mode:uefi'
NOTES:
- We recommend setting the boot_mode property on systems that support both UEFI and legacy modes if user wants facility in Nova to choose a baremetal
node with appropriate boot mode. This is for ProLiant DL580 Gen8 and Gen9 systems.
- iscsi_ilo driver automatically set boot mode from BIOS to UEFI, if the requested boot mode in nova boot is UEFI. However, users will need to pre-configure boot mode to Legacy on DL580 Gen8 and Gen9 servers if they want to deploy the node in legacy mode.
- Currently for UEFI boot mode, automatic creation of boot ISO doesn't work. The boot ISO for the deploy image needs to be built separately and the deploy image's boot_iso property in Glance should contain the Glance UUID of the boot ISO.
- From nova, specific boot mode may be requested by using the ComputeCapabilitesFilter. For example, it can be set in a flavor like below::
nova flavor-key ironic-test-3 set capabilities:boot_mode="uefi" nova boot --flavor ironic-test-3 --image test-image instance-1
agent_ilo driver
Overview
agent_ilo driver was introduced as an alternative to agent_ipmitool and agent_ipminative drivers for HP Proliant servers. agent_ilo driver uses virtual media feature in HP Proliant baremetal servers to boot up the Ironic Python Agent (IPA) on the baremetal node instead of using PXE. For more information on IPA, refer https://wiki.openstack.org/wiki/Ironic-python-agent.
Target Users
- Users who do not want to use PXE/TFTP protocol on their data centres.
Tested Platforms
This driver should work on HP Proliant Gen8 Servers and above with iLO 4.
It has been tested with the following servers:
- ProLiant DL380e Gen8
- ProLiant DL380e Gen8
- ProLiant DL580 Gen8 legacy mode
- ProLiant DL180 Gen9
For more up-to-date information, check the iLO driver wiki [6]_.
Features
- PXE-less deploy with Virtual Media using Ironic Python Agent.
- Remote Console
- HW Sensors
- IPA runs on the baremetal node and pulls the image directly from Swift.
- IPA deployed instances always boots from local disk.
- Segregates management info from data channel.
Requirements
- **iLO 4 Advanced License** needs to be installed on iLO to enable Virtual Media feature.
- **Swift Object Storage Service** - iLO driver uses Swift to store temporary FAT images as well as boot ISO images.
- **Glance Image Service with Swift configured as its backend** - When using agent_ilo driver, the image containing the agent is retrieved from Swift directly by the iLO.
Deploy Process
- Admin configures the Proliant baremetal node for agent_ilo driver. The Ironic node configured will have the ilo_deploy_iso property in its driver_info. This will contain the Glance UUID of the ISO deploy agent image containing the agent.
- Ironic gets a request to deploy a Glance image on the baremetal node.
- Driver powers off the baremetal node.
- Driver generates a swift-temp-url for the deploy agent image and attaches it as Virtual Media CDROM on the iLO.
- Driver creates a small FAT32 image containing parameters to the agent ramdisk. This image is uploaded to Swift and its swift-temp-url is attached as Virtual Media Floppy on the iLO.
- Driver sets the node to boot one-time from CDROM.
- Driver powers on the baremetal node.
- The deploy kernel/ramdisk containing the agent is booted on the baremetal node. The agent ramdisk talks to the Ironic conductor, downloads the image directly from Swift and writes the node's disk.
- Driver sets the node to permanently boot from disk and then reboots the node.
Configuring and Enabling the driver
1. Prepare an ISO deploy Ironic Python Agent image containing the agent [5]_. This can be done by using the iso-image-create script found within the agent. The below set of commands will create a file ipa-ramdisk.iso in the below directory UPLOAD::
$ cd <directory-containing-ironic-python-agent> $ cd ./imagebuild/coreos $ make iso $ cd UPLOAD $ ls $ coreos_production_pxe_image-oem.cpio.gz coreos_production_pxe.vmlinuz ipa-coreos.iso
2. Upload the IPA ramdisk image to Glance.::
glance image-create --name ipa-ramdisk.iso --disk-format iso --container-format bare < ipa-coreos.iso
3. Configure Glance image service with its storage backend as Swift. See [4]_ for configuration instructions. 4. Set a temp-url key for Glance user in Swift. For example, if you have configured Glance with user glance-swift and tenant as service, then run the below command::
swift --os-username=service:glance-swift post -m temp-url-key:mysecretkeyforglance
5. Fill the required parameters in the [glance] section in /etc/ironic/ironic.conf. Normally you would be required to fill in the following details.::
[glance] swift_temp_url_key=mysecretkeyforglance swift_endpoint_url=http://10.10.1.10:8080 swift_api_version=v1 swift_account=AUTH_51ea2fb400c34c9eb005ca945c0dc9e1 swift_container=glance
The details can be retrieved by running the below command:::
$ swift --os-username=service:glance-swift stat -v | grep -i url StorageURL: http://10.10.1.10:8080/v1/AUTH_51ea2fb400c34c9eb005ca945c0dc9e1 Meta Temp-Url-Key: mysecretkeyforglance
6. Swift must be accessible with the same admin credentials configured in Ironic. For example, if Ironic is configured with the below credentials in /etc/ironic/ironic.conf.::
[keystone_authtoken] admin_password = password admin_user = ironic admin_tenant_name = service
Ensure auth_version in keystone_authtoken to 2.
Then, the below command should work.::
$ swift --os-username ironic --os-password password --os-tenant-name service --auth-version 2 stat
Account: AUTH_22af34365a104e4689c46400297f00cb
Containers: 2
Objects: 18
Bytes: 1728346241
Objects in policy "policy-0": 18
Bytes in policy "policy-0": 1728346241
Meta Temp-Url-Key: mysecretkeyforglance
X-Timestamp: 1409763763.84427
X-Trans-Id: tx51de96a28f27401eb2833-005433924b
Content-Type: text/plain; charset=utf-8
Accept-Ranges: bytes
7. Add agent_ilo to the list of enabled_drivers in /etc/ironic/ironic.conf. For example:::
enabled_drivers = fake,pxe_ssh,pxe_ipmitool,agent_ilo
8. Restart the Ironic conductor service.::
$ service ironic-conductor restart
Registering Proliant node in Ironic
Nodes configured for iLO driver should have the driver property set to agent_ilo. The following configuration values are also required in driver_info:
- ilo_address: IP address or hostname of the iLO. - ilo_username: Username for the iLO with administrator privileges. - ilo_password: Password for the above iLO user. - ilo_deploy_iso: The Glance UUID of the deploy agent ISO image containing the agent. - client_port: (optional) Port to be used for iLO operations if you are using a custom port on the iLO. Default port used is 443. - client_timeout: (optional) Timeout for iLO operations. Default timeout is 60 seconds. - console_port: (optional) Node's UDP port for console access. Any unused port on the Ironic conductor node may be used.
pxe_ilo driver
Overview
pxe_ilo driver uses PXE/iSCSI (just like pxe_ipmitool driver) to deploy the image and uses iLO to do all management operations on the baremetal node(instead of using IPMI).
Target Users
- Users who want to use PXE/iSCSI for deployment in their environment or who don't have Advanced License in their iLO.
- Users who don't want to configure boot mode manually on the baremetal node.
Tested Platforms
This driver should work on HP Proliant Gen8 Servers and above with iLO 4. It has been tested with the following servers:
- ProLiant DL380e Gen8
- ProLiant DL380e Gen8
- ProLiant DL580 Gen8
- ProLiant DL180 Gen9
For more up-to-date information, check the iLO driver wiki [6].
Features
- Automatic detection of current boot mode.
- Automatic setting of the required boot mode if UEFI boot mode is requested by the nova flavor's extra spec.
Requirements
None.
Configuring and Enabling the driver
1. Prepare an ISO deploy ramdisk image from diskimage-builder [3]. The below command creates a file named deploy-ramdisk.kernel and deploy-ramdisk.initramfs in the current working directory::
cd <path-to-diskimage-builder> ./bin/ramdisk-image-create -o deploy-ramdisk ubuntu deploy-ironic
2. Upload this image to Glance.::
glance image-create --name deploy-ramdisk.kernel --disk-format aki --container-format aki < deploy-ramdisk.kernel glance image-create --name deploy-ramdisk.initramfs --disk-format ari --container-format ari < deploy-ramdisk.initramfs
7. Add pxe_ilo to the list of enabled_drivers in /etc/ironic/ironic.conf. For example:::
enabled_drivers = fake,pxe_ssh,pxe_ipmitool,pxe_ilo
8. Restart the Ironic conductor service.::
service ironic-conductor restart
Registering Proliant node in Ironic
Nodes configured for iLO driver should have the driver property set to pxe_ilo. The following configuration values are also required in driver_info:
- ilo_address: IP address or hostname of the iLO. - ilo_username: Username for the iLO with administrator privileges. - ilo_password: Password for the above iLO user. - pxe_deploy_kernel: The Glance UUID of the deployment kernel. - pxe_deploy_ramdisk: The Glance UUID of the deployment ramdisk. - client_port: (optional) Port to be used for iLO operations if you are using a custom port on the iLO. Default port used is 443. - client_timeout: (optional) Timeout for iLO operations. Default timeout is 60 seconds. - console_port: (optional) Node's UDP port for console access. Any unused port on the Ironic conductor node may be used.
Boot modes
pxe_ilo driver supports automatic detection and setting of boot mode (Legacy BIOS or UEFI).
- When no boot mode setting is provided, pxe_ilo driver preserves the current boot mode on the deployed instance.
- A requirement of a specific boot mode may be provided by adding boot_mode:bios or boot_mode:uefi to capabilities property within the properties field of an Ironic node. Then pxe_ilo driver will deploy and configure the instance in the appropriate boot mode.::
ironic node-update <NODE-ID> add properties/capabilities='boot_mode:uefi'
- NOTES**:
- We recommend setting the boot_mode property on systems that support both UEFI and legacy modes if user wants facility in Nova to choose a baremetal
node with appropriate boot mode. This is for ProLiant DL580 Gen8 and Gen9 systems.
- pxe_ilo driver automatically set boot mode from BIOS to UEFI, if the requested boot mode in nova boot is UEFI. However, users will need to pre-configure boot mode to Legacy on DL580 Gen8 and Gen9 servers if they want to deploy the node in legacy mode.
- From nova, specific boot mode may be requested by using the ComputeCapabilitesFilter. For example, it can be set in a flavor like below::
nova flavor-key ironic-test-3 set capabilities:boot_mode="uefi" nova boot --flavor ironic-test-3 --image test-image instance-1
References
- [1] HP iLO 4 User Guide - http://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-c03334051-11.pdf
- [2] Proliantutils module - https://pypi.python.org/pypi/proliantutils
- [3] DiskImage-Builder - https://github.com/openstack/diskimage-builder
- [4] http://docs.openstack.org/developer/glance/configuring.html#configuring-the-swift-storage-backend
- [5] Ironic Python Agent - https://github.com/openstack/ironic-python-agent
- [6] https://wiki.openstack.org/wiki/Ironic/Drivers/iLODrivers
