Difference between revisions of "Ironic/Drivers/iLODrivers/Juno"
Stendulker (talk | contribs) (→Known Issues) |
Stendulker (talk | contribs) (→Known Issues) |
||
(17 intermediate revisions by 2 users not shown) | |||
Line 3: | Line 3: | ||
=== Overview === | === Overview === | ||
− | iLO drivers enable to take advantage of features of iLO management engine in HP Proliant servers. iLO drivers are targetted for HP Proliant Gen 8 systems and above which have iLO 4 management engine. | + | iLO drivers enable to take advantage of features of iLO management engine in HP Proliant servers. iLO drivers are targetted for HP Proliant Gen 8 systems and above which have [http://www8.hp.com/us/en/products/servers/ilo/ iLO 4 management engine]. |
Currently there are 3 iLO drivers: | Currently there are 3 iLO drivers: | ||
− | * | + | * [[Ironic/Drivers/iLODrivers/Juno#iscsi_ilo_driver|iscsi_ilo]] |
− | * | + | * [[Ironic/Drivers/iLODrivers/Juno#agent_ilo_driver|agent_ilo]] |
− | * | + | * [[Ironic/Drivers/iLODrivers/Juno#pxe_ilo_driver|pxe_ilo]] |
− | The '''iscsi_ilo''' and '''agent_ilo''' drivers provide security enhanced PXE-less deployment by using iLO virtual media to boot up the | + | The '''iscsi_ilo''' and '''agent_ilo''' drivers provide security enhanced PXE-less deployment by using iLO virtual media to boot up the bare metal node. These drivers send management info through management channel and separates it from data channel which is used for deployment. '''iscsi_ilo''' driver uses deployment ramdisk built from '''diskimage-builder''', deploys from Ironic conductor node and always does net-boot. '''agent_ilo''' driver uses deployment ramdisk built from IPA, deploys from bare metal node and always does local boot. |
'''pxe_ilo''' driver uses PXE/iSCSI for deployment (just like normal PXE driver), but support automatic setting of requested boot mode from nova. This driver doesn't require iLO Advanced license. | '''pxe_ilo''' driver uses PXE/iSCSI for deployment (just like normal PXE driver), but support automatic setting of requested boot mode from nova. This driver doesn't require iLO Advanced license. | ||
Line 17: | Line 17: | ||
=== Prerequisites === | === Prerequisites === | ||
− | * | + | * [https://pypi.python.org/pypi/proliantutils proliantutils] is a python package which contains a set of modules for managing HP Proliant hardware. Install [https://pypi.python.org/pypi/proliantutils proliantutils] module on the Ironic conductor node. Minimum version required is 0.1.0. Recommended version is 2.1.5. |
− | version required is 0.1.0. | + | |
+ | |||
+ | $ pip install "proliantutils>=2.1.5" | ||
− | |||
* '''ipmitool''' command must be present on the service node(s) where '''ironic-conductor''' is running. On most distros, this is provided as part of the '''ipmitool''' package. Source code is available at http://ipmitool.sourceforge.net/. | * '''ipmitool''' command must be present on the service node(s) where '''ironic-conductor''' is running. On most distros, this is provided as part of the '''ipmitool''' package. Source code is available at http://ipmitool.sourceforge.net/. | ||
− | |||
=== Drivers === | === Drivers === | ||
Line 31: | Line 31: | ||
===== Overview ===== | ===== Overview ===== | ||
− | '''iscsi_ilo''' driver was introduced as an alternative to '''pxe_ipmitool''' and '''pxe_ipminative''' drivers for HP Proliant servers. '''iscsi_ilo''' uses virtual media feature in iLO to boot up the | + | '''iscsi_ilo''' driver was introduced as an alternative to '''pxe_ipmitool''' and '''pxe_ipminative''' drivers for HP Proliant servers. '''iscsi_ilo''' uses virtual media feature in iLO to boot up the bare metal node instead of using PXE or iPXE. |
===== Target Users ===== | ===== Target Users ===== | ||
* Users who do not want to use PXE/TFTP protocol on their data centres. | * Users who do not want to use PXE/TFTP protocol on their data centres. | ||
− | * | + | * Users who have concerns on PXE driver's security issues and want to have a security enhanced PXE-less deployment mechanism - The PXE driver passes management information in clear-text to the bare metal node. However, if Swift proxy server has an HTTPS endpoint (See [[Ironic/Drivers/iLODrivers/Kilo#Enabling HTTPS in Swift|Enabling HTTPS in Swift]] for more information), the '''iscsi_ilo''' driver provides enhanced security by passing management information to and from Swift endpoint over HTTPS. The management information and boot image will be retrieved over encrypted management network via iLO virtual media. |
===== Tested Platforms ===== | ===== Tested Platforms ===== | ||
Line 49: | Line 49: | ||
===== Features ===== | ===== Features ===== | ||
− | * PXE-less deploy with | + | * PXE-less deploy with virtual media. |
* Automatic detection of current boot mode. | * Automatic detection of current boot mode. | ||
* Automatic setting of the required boot mode if UEFI boot mode is requested by the nova flavor's extra spec. | * Automatic setting of the required boot mode if UEFI boot mode is requested by the nova flavor's extra spec. | ||
− | * Always boot from network using | + | * Always boot from network using virtual media. |
* UEFI Boot Support | * UEFI Boot Support | ||
− | * Passing | + | * Passing management information via secure, encrypted management network (virtual media) if Swift proxy server has an HTTPS endpoint. See [[Ironic/Drivers/iLODrivers/Kilo#Enabling HTTPS in Swift|Enabling HTTPS in Swift]] for more info. Provisioning is done using iSCSI over data network, so this driver has the benefit of security enhancement with the same performance. It segregates management info from data channel. |
* Remote Console | * Remote Console | ||
* HW Sensors | * HW Sensors | ||
Line 61: | Line 61: | ||
===== Requirements ===== | ===== Requirements ===== | ||
− | * '''iLO 4 Advanced License''' needs to be installed on iLO to enable | + | * '''iLO 4 Advanced License''' needs to be installed on iLO to enable virtual media feature. |
− | * | + | * '''Swift Object Storage Service''' - iLO driver uses Swift to store temporary FAT images as well as boot ISO images. |
− | * | + | * '''Glance Image Service with Swift configured as its backend''' - When using '''iscsi_ilo''' driver, the image containing the deploy ramdisk is retrieved from Swift directly by the iLO. |
===== Deploy Process ===== | ===== Deploy Process ===== | ||
− | * Admin configures the Proliant | + | * Admin configures the Proliant bare metal node for iscsi_ilo driver. The Ironic node configured will have the '''ilo_deploy_iso''' property in its '''driver_info'''. This will contain the Glance UUID of the ISO deploy ramdisk image. |
− | * Ironic gets a request to deploy a Glance image on the | + | * Ironic gets a request to deploy a Glance image on the bare metal node. |
− | * '''iscsi_ilo''' driver powers off the | + | * '''iscsi_ilo''' driver powers off the bare metal node. |
− | * The driver generates a swift-temp-url for the deploy ramdisk image and attaches it as | + | * The driver generates a swift-temp-url for the deploy ramdisk image and attaches it as virtual media CDROM on the iLO. |
− | * The driver creates a small FAT32 image containing parameters to the deploy ramdisk. This image is uploaded to Swift and its swift-temp-url is attached as | + | * The driver creates a small FAT32 image containing parameters to the deploy ramdisk. This image is uploaded to Swift and its swift-temp-url is attached as virtual media Floppy on the iLO. |
* The driver sets the node to boot one-time from CDROM. | * The driver sets the node to boot one-time from CDROM. | ||
− | * The driver powers on the | + | * The driver powers on the bare metal node. |
− | * The deploy kernel/ramdisk is booted on the | + | * The deploy kernel/ramdisk is booted on the bare metal node. The ramdisk exposes the local disk over iSCSI and requests Ironic conductor to complete the deployment. |
− | * The driver on the Ironic conductor writes the glance image to the | + | * The driver on the Ironic conductor writes the glance image to the bare metal node's disk. |
* The driver bundles the boot kernel/ramdisk for the Glance deploy image into an ISO and then uploads it to Swift. This ISO image will be used for booting the deployed instance. | * The driver bundles the boot kernel/ramdisk for the Glance deploy image into an ISO and then uploads it to Swift. This ISO image will be used for booting the deployed instance. | ||
* The driver reboots the node. | * The driver reboots the node. | ||
− | * On the first and subsequent reboots '''iscsi_ilo''' driver attaches this boot ISO image in Swift as | + | * On the first and subsequent reboots '''iscsi_ilo''' driver attaches this boot ISO image in Swift as virtual media CDROM and then sets iLO to boot from it. |
===== Configuring and Enabling the driver ===== | ===== Configuring and Enabling the driver ===== | ||
− | 1. Prepare an ISO deploy ramdisk image | + | 1. Prepare an ISO deploy ramdisk image using [https://pypi.python.org/pypi/diskimage-builder diskimage-builder]. This can be done by adding the '''iso''' element to the '''ramdisk-image-create''' command. This command creates the deploy kernel/ramdisk as well as a bootable ISO image containing the deploy kernel and ramdisk. The below command creates files named '''deploy-ramdisk.kernel''', |
'''deploy-ramdisk.initramfs''' and '''deploy-ramdisk.iso''' in the current working directory | '''deploy-ramdisk.initramfs''' and '''deploy-ramdisk.iso''' in the current working directory | ||
− | + | pip install diskimage-builder | |
− | + | ramdisk-image-create -o deploy-ramdisk ubuntu deploy-ironic iso | |
2. Upload this image to Glance.:: | 2. Upload this image to Glance.:: | ||
Line 119: | Line 119: | ||
admin_user = ironic | admin_user = ironic | ||
admin_tenant_name = service | admin_tenant_name = service | ||
− | + | auth_version = 2 | |
− | |||
Then, the below command should work.:: | Then, the below command should work.:: | ||
Line 164: | Line 163: | ||
* A requirement of a specific boot mode may be provided by adding '''boot_mode:bios''' or '''boot_mode:uefi''' to '''capabilities''' property within the '''properties''' field of an Ironic node. Then '''iscsi_ilo''' driver will deploy and configure the instance in the appropriate boot mode. | * A requirement of a specific boot mode may be provided by adding '''boot_mode:bios''' or '''boot_mode:uefi''' to '''capabilities''' property within the '''properties''' field of an Ironic node. Then '''iscsi_ilo''' driver will deploy and configure the instance in the appropriate boot mode. | ||
− | For example, to make a Proliant | + | For example, to make a Proliant bare metal node boot in UEFI mode, run the following command:: |
ironic node-update <node-id> add properties/capabilities='boot_mode:uefi' | ironic node-update <node-id> add properties/capabilities='boot_mode:uefi' | ||
Line 170: | Line 169: | ||
'''''NOTE''''': | '''''NOTE''''': | ||
− | * We recommend setting the '''boot_mode''' property on systems that support both UEFI and legacy modes if user wants facility in Nova to choose a | + | * We recommend setting the '''boot_mode''' property on systems that support both UEFI and legacy modes if user wants facility in Nova to choose a bare metal node with appropriate boot mode. This is for ProLiant DL580 Gen8 and Gen9 systems. |
* '''iscsi_ilo''' driver automatically set boot mode from BIOS to UEFI, if the requested boot mode in nova boot is UEFI. However, users will need to pre-configure boot mode to Legacy on DL580 Gen8 and Gen9 servers if they want to deploy the node in legacy mode. | * '''iscsi_ilo''' driver automatically set boot mode from BIOS to UEFI, if the requested boot mode in nova boot is UEFI. However, users will need to pre-configure boot mode to Legacy on DL580 Gen8 and Gen9 servers if they want to deploy the node in legacy mode. | ||
− | * Currently for UEFI boot mode, automatic creation of boot ISO is not supported. The boot ISO for the deploy image needs to be built separately and the deploy image's '''boot_iso''' property in Glance should contain the Glance UUID of the boot ISO. For building boot ISO, add the '''iso''' element after the adding the | + | * Currently for UEFI boot mode, automatic creation of boot ISO is not supported. The boot ISO for the deploy image needs to be built separately and the deploy image's '''boot_iso''' property in Glance should contain the Glance UUID of the boot ISO. For building boot ISO, add the '''iso''' element after the adding the bare metal element while building disk images with diskimage-builder |
disk-image-create ubuntu baremetal iso | disk-image-create ubuntu baremetal iso | ||
Line 184: | Line 183: | ||
===== Overview ===== | ===== Overview ===== | ||
− | '''agent_ilo''' driver was introduced as an alternative to '''agent_ipmitool''' and '''agent_ipminative''' drivers for HP Proliant servers. '''agent_ilo''' driver uses virtual media feature in HP Proliant | + | '''agent_ilo''' driver was introduced as an alternative to '''agent_ipmitool''' and '''agent_ipminative''' drivers for HP Proliant servers. '''agent_ilo''' driver uses virtual media feature in HP Proliant bare metal servers to boot up the Ironic Python Agent (IPA) on the bare metal node instead of using PXE. For more information on IPA, refer https://wiki.openstack.org/wiki/Ironic-python-agent. |
===== Target Users ===== | ===== Target Users ===== | ||
* Users who do not want to use PXE/TFTP protocol on their data centres. | * Users who do not want to use PXE/TFTP protocol on their data centres. | ||
+ | * Passing management information via secure, encrypted management network (virtual media) if Swift proxy server has an HTTPS endpoint. See [[Ironic/Drivers/iLODrivers/Kilo#Enabling HTTPS in Swift|Enabling HTTPS in Swift]] for more info. Provisioning is done using iSCSI over data network, so this driver has the benefit of security enhancement with the same performance. It segregates management info from data channel. | ||
+ | |||
===== Tested Platforms ===== | ===== Tested Platforms ===== | ||
Line 198: | Line 199: | ||
===== Features ===== | ===== Features ===== | ||
− | * PXE-less deploy with | + | * PXE-less deploy with virtual media using Ironic Python Agent. |
* Remote Console | * Remote Console | ||
* HW Sensors | * HW Sensors | ||
− | * IPA runs on the | + | * IPA runs on the bare metal node and pulls the image directly from Swift. |
* IPA deployed instances always boots from local disk. | * IPA deployed instances always boots from local disk. | ||
* Segregates management info from data channel. | * Segregates management info from data channel. | ||
===== Requirements ===== | ===== Requirements ===== | ||
− | * | + | |
− | * | + | * '''iLO 4 Advanced License''' needs to be installed on iLO to enable virtual media feature. |
− | * | + | * '''Swift Object Storage Service''' - iLO driver uses Swift to store temporary FAT images as well as boot ISO images. |
+ | * '''Glance Image Service with Swift configured as its backend''' - When using '''iscsi_ilo''' driver, the image containing the deploy ramdisk is retrieved from Swift directly by the iLO. | ||
===== Deploy Process ===== | ===== Deploy Process ===== | ||
− | * Admin configures the Proliant | + | * Admin configures the Proliant bare metal node for '''agent_ilo''' driver. The Ironic node configured will have the '''ilo_deploy_iso''' property in its '''driver_info'''. This will contain the Glance UUID of the ISO deploy agent image containing the agent. |
− | * Ironic gets a request to deploy a Glance image on the | + | * Ironic gets a request to deploy a Glance image on the bare metal node. |
− | * Driver powers off the | + | * Driver powers off the bare metal node. |
− | * Driver generates a swift-temp-url for the deploy agent image and attaches it as | + | * Driver generates a swift-temp-url for the deploy agent image and attaches it as virtual media CDROM on the iLO. |
− | * Driver creates a small FAT32 image containing parameters to the agent ramdisk. This image is uploaded to Swift and its swift-temp-url is attached as | + | * Driver creates a small FAT32 image containing parameters to the agent ramdisk. This image is uploaded to Swift and its swift-temp-url is attached as virtual media Floppy on the iLO. |
* Driver sets the node to boot one-time from CDROM. | * Driver sets the node to boot one-time from CDROM. | ||
− | * Driver powers on the | + | * Driver powers on the bare metal node. |
− | * The deploy kernel/ramdisk containing the agent is booted on the | + | * The deploy kernel/ramdisk containing the agent is booted on the bare metal node. The agent ramdisk talks to the Ironic conductor, downloads the image directly from Swift and writes the node's disk. |
* Driver sets the node to permanently boot from disk and then reboots the node. | * Driver sets the node to permanently boot from disk and then reboots the node. | ||
Line 305: | Line 307: | ||
'''''NOTE''''': | '''''NOTE''''': | ||
− | * We recommend setting the '''boot_mode''' property on systems that support both UEFI and legacy modes if user wants facility in Nova to choose a | + | * We recommend setting the '''boot_mode''' property on systems that support both UEFI and legacy modes if user wants facility in Nova to choose a bare metal node with appropriate boot mode. This is for ProLiant DL580 Gen8 and Gen9 systems. |
* '''agent_ilo''' driver automatically set boot mode from BIOS to UEFI, if the requested boot mode in nova boot is UEFI. However, users will need to pre-configure boot mode to Legacy on DL580 Gen8 and Gen9 servers if they want to deploy the node in legacy mode. | * '''agent_ilo''' driver automatically set boot mode from BIOS to UEFI, if the requested boot mode in nova boot is UEFI. However, users will need to pre-configure boot mode to Legacy on DL580 Gen8 and Gen9 servers if they want to deploy the node in legacy mode. | ||
* From nova, specific boot mode may be requested by using the '''ComputeCapabilitesFilter'''. For example, it can be set in a flavor like below:: | * From nova, specific boot mode may be requested by using the '''ComputeCapabilitesFilter'''. For example, it can be set in a flavor like below:: | ||
Line 317: | Line 319: | ||
===== Overview ===== | ===== Overview ===== | ||
− | '''pxe_ilo''' driver uses PXE/iSCSI (just like '''pxe_ipmitool''' driver) to deploy the image and uses iLO to do all management operations on the | + | '''pxe_ilo''' driver uses PXE/iSCSI (just like '''pxe_ipmitool''' driver) to deploy the image and uses iLO to do all management operations on the bare metal node(instead of using IPMI). |
===== Target Users ===== | ===== Target Users ===== | ||
* Users who want to use PXE/iSCSI for deployment in their environment or who don't have Advanced License in their iLO. | * Users who want to use PXE/iSCSI for deployment in their environment or who don't have Advanced License in their iLO. | ||
− | * Users who don't want to configure boot mode manually on the | + | * Users who don't want to configure boot mode manually on the bare metal node. |
===== Tested Platforms ===== | ===== Tested Platforms ===== | ||
Line 345: | Line 347: | ||
===== Configuring and Enabling the driver ===== | ===== Configuring and Enabling the driver ===== | ||
− | 1. Prepare an ISO deploy ramdisk image | + | 1. Prepare an ISO deploy ramdisk image using [https://pypi.python.org/pypi/diskimage-builder diskimage-builder]. The below command creates a file named '''deploy-ramdisk.kernel''' and '''deploy-ramdisk.initramfs''' in the current working directory:: |
− | + | pip install diskimage-builder | |
− | + | ramdisk-image-create -o deploy-ramdisk ubuntu deploy-ironic | |
2. Upload this image to Glance.:: | 2. Upload this image to Glance.:: | ||
Line 387: | Line 389: | ||
'''''NOTE''''': | '''''NOTE''''': | ||
− | * We recommend setting the '''boot_mode''' property on systems that support both UEFI and legacy modes if user wants facility in Nova to choose a | + | * We recommend setting the '''boot_mode''' property on systems that support both UEFI and legacy modes if user wants facility in Nova to choose a bare metal node with appropriate boot mode. This is for ProLiant DL580 Gen8 and Gen9 systems. |
* '''pxe_ilo''' driver automatically set boot mode from BIOS to UEFI, if the requested boot mode in nova boot is UEFI. However, users will need to pre-configure boot mode to Legacy on DL580 Gen8 and Gen9 servers if they want to deploy the node in legacy mode. | * '''pxe_ilo''' driver automatically set boot mode from BIOS to UEFI, if the requested boot mode in nova boot is UEFI. However, users will need to pre-configure boot mode to Legacy on DL580 Gen8 and Gen9 servers if they want to deploy the node in legacy mode. | ||
* From nova, specific boot mode may be requested by using the '''ComputeCapabilitesFilter'''. For example, it can be set in a flavor like below:: | * From nova, specific boot mode may be requested by using the '''ComputeCapabilitesFilter'''. For example, it can be set in a flavor like below:: | ||
Line 395: | Line 397: | ||
=== Known Issues=== | === Known Issues=== | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | {| class="wikitable" | |
+ | |- | ||
+ | ! scope="col"; | Sr No | ||
+ | ! scope="col"| Firmware Version | ||
+ | ! scope="col"| Known Issues | ||
+ | ! scope="col"| Resolutions | ||
+ | |- | ||
+ | |1 | ||
+ | | BIOS System ROM version 1.20 | ||
+ | | Deploy on Gen9 servers fails as iLO do not honour one time boot device settings and tries to boot from the persistent boot device. | ||
+ | | It is caused due to a defect in BIOS System ROM. The fix for the same is available since firmware version 1.32_03-05-2015 13 May 2015 onward. | ||
+ | |- | ||
+ | | 2 | ||
+ | | Smart Array SAS Driver v8.03 | ||
+ | | Fedora based IPA deploy ramdisk ISO fails to boot with error "error: can't allocate initrd" if the P220 based smart array controller is attached to the ProLiant server | ||
+ | | It is a Fishman driver issue in firmware for P220 based smart arrays. The defect has been filed on Fishman firmware. The driver patch would be made available shortly. | ||
+ | |- | ||
+ | | 3 | ||
+ | | iLO version 2.20 | ||
+ | | Deploy using any of the iLO drivers can fail on Gen9 servers with error in conductor logs as "Invalid Device Choice" while setting persistent boot device. This issue happens only when Gen9 servers are running with iLO firmware version 2.20 | ||
+ | | This issue is in iLO firmware wherein if RIBCL is used to update persistent boot devices in UEFI boot mode on Gen9 servers, it fails with error message mentioned above. This issue can be resolved by using one of the methods given below:- | ||
− | + | A. Downgrading the iLO firmware version to 2.10 or upgrading it to version higher than 2.20 | |
− | + | B. Upgrading python package 'proliantutils' to version greater or equal to 2.1.3, This issue has been fixed in 'proliantutils' by enhancing it to use HP REST interface to update persistent boot devices for Gen9 servers. | |
− | + | $ sudo pip install "proliantutils>=2.1.3" | |
+ | |} | ||
=== References === | === References === |
Latest revision as of 06:50, 6 October 2015
Contents
iLO drivers(Juno)
Overview
iLO drivers enable to take advantage of features of iLO management engine in HP Proliant servers. iLO drivers are targetted for HP Proliant Gen 8 systems and above which have iLO 4 management engine.
Currently there are 3 iLO drivers:
The iscsi_ilo and agent_ilo drivers provide security enhanced PXE-less deployment by using iLO virtual media to boot up the bare metal node. These drivers send management info through management channel and separates it from data channel which is used for deployment. iscsi_ilo driver uses deployment ramdisk built from diskimage-builder, deploys from Ironic conductor node and always does net-boot. agent_ilo driver uses deployment ramdisk built from IPA, deploys from bare metal node and always does local boot.
pxe_ilo driver uses PXE/iSCSI for deployment (just like normal PXE driver), but support automatic setting of requested boot mode from nova. This driver doesn't require iLO Advanced license.
Prerequisites
- proliantutils is a python package which contains a set of modules for managing HP Proliant hardware. Install proliantutils module on the Ironic conductor node. Minimum version required is 0.1.0. Recommended version is 2.1.5.
$ pip install "proliantutils>=2.1.5"
- ipmitool command must be present on the service node(s) where ironic-conductor is running. On most distros, this is provided as part of the ipmitool package. Source code is available at http://ipmitool.sourceforge.net/.
Drivers
iscsi_ilo driver
Overview
iscsi_ilo driver was introduced as an alternative to pxe_ipmitool and pxe_ipminative drivers for HP Proliant servers. iscsi_ilo uses virtual media feature in iLO to boot up the bare metal node instead of using PXE or iPXE.
Target Users
- Users who do not want to use PXE/TFTP protocol on their data centres.
- Users who have concerns on PXE driver's security issues and want to have a security enhanced PXE-less deployment mechanism - The PXE driver passes management information in clear-text to the bare metal node. However, if Swift proxy server has an HTTPS endpoint (See Enabling HTTPS in Swift for more information), the iscsi_ilo driver provides enhanced security by passing management information to and from Swift endpoint over HTTPS. The management information and boot image will be retrieved over encrypted management network via iLO virtual media.
Tested Platforms
This driver should work on HP Proliant Gen8 Servers and above with iLO 4.
It has been tested with the following servers:
- ProLiant DL380e Gen8
- ProLiant DL580e Gen8
- ProLiant DL180 Gen9 UEFI
- ProLiant DL380 Gen9 UEFI
- ProLiant DL580 Gen9 UEFI
Features
- PXE-less deploy with virtual media.
- Automatic detection of current boot mode.
- Automatic setting of the required boot mode if UEFI boot mode is requested by the nova flavor's extra spec.
- Always boot from network using virtual media.
- UEFI Boot Support
- Passing management information via secure, encrypted management network (virtual media) if Swift proxy server has an HTTPS endpoint. See Enabling HTTPS in Swift for more info. Provisioning is done using iSCSI over data network, so this driver has the benefit of security enhancement with the same performance. It segregates management info from data channel.
- Remote Console
- HW Sensors
- Works well for machines with resource constraints (lesser amount of memory).
Requirements
- iLO 4 Advanced License needs to be installed on iLO to enable virtual media feature.
- Swift Object Storage Service - iLO driver uses Swift to store temporary FAT images as well as boot ISO images.
- Glance Image Service with Swift configured as its backend - When using iscsi_ilo driver, the image containing the deploy ramdisk is retrieved from Swift directly by the iLO.
Deploy Process
- Admin configures the Proliant bare metal node for iscsi_ilo driver. The Ironic node configured will have the ilo_deploy_iso property in its driver_info. This will contain the Glance UUID of the ISO deploy ramdisk image.
- Ironic gets a request to deploy a Glance image on the bare metal node.
- iscsi_ilo driver powers off the bare metal node.
- The driver generates a swift-temp-url for the deploy ramdisk image and attaches it as virtual media CDROM on the iLO.
- The driver creates a small FAT32 image containing parameters to the deploy ramdisk. This image is uploaded to Swift and its swift-temp-url is attached as virtual media Floppy on the iLO.
- The driver sets the node to boot one-time from CDROM.
- The driver powers on the bare metal node.
- The deploy kernel/ramdisk is booted on the bare metal node. The ramdisk exposes the local disk over iSCSI and requests Ironic conductor to complete the deployment.
- The driver on the Ironic conductor writes the glance image to the bare metal node's disk.
- The driver bundles the boot kernel/ramdisk for the Glance deploy image into an ISO and then uploads it to Swift. This ISO image will be used for booting the deployed instance.
- The driver reboots the node.
- On the first and subsequent reboots iscsi_ilo driver attaches this boot ISO image in Swift as virtual media CDROM and then sets iLO to boot from it.
Configuring and Enabling the driver
1. Prepare an ISO deploy ramdisk image using diskimage-builder. This can be done by adding the iso element to the ramdisk-image-create command. This command creates the deploy kernel/ramdisk as well as a bootable ISO image containing the deploy kernel and ramdisk. The below command creates files named deploy-ramdisk.kernel, deploy-ramdisk.initramfs and deploy-ramdisk.iso in the current working directory
pip install diskimage-builder ramdisk-image-create -o deploy-ramdisk ubuntu deploy-ironic iso
2. Upload this image to Glance.::
glance image-create --name deploy-ramdisk.iso --disk-format iso --container-format bare < deploy-ramdisk.iso
3. Configure Glance image service with its storage backend as Swift. See [4] for configuration instructions.
4. Set a temp-url key for Glance user in Swift. For example, if you have configured Glance with user glance-swift and tenant as service, then run the below command::
swift --os-username=service:glance-swift post -m temp-url-key:mysecretkeyforglance
5. Fill the required parameters in the [glance] section in /etc/ironic/ironic.conf. Normally you would be required to fill in the following details.::
[glance] swift_temp_url_key=mysecretkeyforglance swift_endpoint_url=http://10.10.1.10:8080 swift_api_version=v1 swift_account=AUTH_51ea2fb400c34c9eb005ca945c0dc9e1 swift_container=glance
The details can be retrieved by running the below command:
$ swift --os-username=service:glance-swift stat -v | grep -i url StorageURL: http://10.10.1.10:8080/v1/AUTH_51ea2fb400c34c9eb005ca945c0dc9e1 Meta Temp-Url-Key: mysecretkeyforglance
6. Swift must be accessible with the same admin credentials configured in Ironic. For example, if Ironic is configured with the below credentials in /etc/ironic/ironic.conf.::
[keystone_authtoken] admin_password = password admin_user = ironic admin_tenant_name = service auth_version = 2
Then, the below command should work.::
$ swift --os-username ironic --os-password password --os-tenant-name service --auth-version 2 stat Account: AUTH_22af34365a104e4689c46400297f00cb Containers: 2 Objects: 18 Bytes: 1728346241 Objects in policy "policy-0": 18 Bytes in policy "policy-0": 1728346241 Meta Temp-Url-Key: mysecretkeyforglance X-Timestamp: 1409763763.84427 X-Trans-Id: tx51de96a28f27401eb2833-005433924b Content-Type: text/plain; charset=utf-8 Accept-Ranges: bytes
7. Add iscsi_ilo to the list of enabled_drivers in /etc/ironic/ironic.conf. For example:::
enabled_drivers = fake,pxe_ssh,pxe_ipmitool,iscsi_ilo
8. Restart the Ironic conductor service.
$ service ironic-conductor restart
Registering Proliant node in Ironic
Nodes configured for iLO driver should have the driver property set to iscsi_ilo. The following configuration values are also required in driver_info:
- ilo_address: IP address or hostname of the iLO.
- ilo_username: Username for the iLO with administrator privileges.
- ilo_password: Password for the above iLO user.
- ilo_deploy_iso: The Glance UUID of the deploy ramdisk ISO image.
- client_port: (optional) Port to be used for iLO operations if you are using a custom port on the iLO. Default port used is 443.
- client_timeout: (optional) Timeout for iLO operations. Default timeout is 60 seconds.
- console_port: (optional) Node's UDP port for console access. Any unused port on the Ironic conductor node may be used.
Boot modes
iscsi_ilo driver supports automatic detection and setting of boot mode (Legacy BIOS or UEFI).
- When no boot mode setting is provided, iscsi_ilo driver preserves the current boot mode on the deployed instance.
- A requirement of a specific boot mode may be provided by adding boot_mode:bios or boot_mode:uefi to capabilities property within the properties field of an Ironic node. Then iscsi_ilo driver will deploy and configure the instance in the appropriate boot mode.
For example, to make a Proliant bare metal node boot in UEFI mode, run the following command::
ironic node-update <node-id> add properties/capabilities='boot_mode:uefi'
NOTE:
- We recommend setting the boot_mode property on systems that support both UEFI and legacy modes if user wants facility in Nova to choose a bare metal node with appropriate boot mode. This is for ProLiant DL580 Gen8 and Gen9 systems.
- iscsi_ilo driver automatically set boot mode from BIOS to UEFI, if the requested boot mode in nova boot is UEFI. However, users will need to pre-configure boot mode to Legacy on DL580 Gen8 and Gen9 servers if they want to deploy the node in legacy mode.
- Currently for UEFI boot mode, automatic creation of boot ISO is not supported. The boot ISO for the deploy image needs to be built separately and the deploy image's boot_iso property in Glance should contain the Glance UUID of the boot ISO. For building boot ISO, add the iso element after the adding the bare metal element while building disk images with diskimage-builder
disk-image-create ubuntu baremetal iso
- From nova, specific boot mode may be requested by using the ComputeCapabilitesFilter. For example, it can be set in a flavor like below::
nova flavor-key ironic-test-3 set capabilities:boot_mode="uefi" nova boot --flavor ironic-test-3 --image test-image instance-1
agent_ilo driver
Overview
agent_ilo driver was introduced as an alternative to agent_ipmitool and agent_ipminative drivers for HP Proliant servers. agent_ilo driver uses virtual media feature in HP Proliant bare metal servers to boot up the Ironic Python Agent (IPA) on the bare metal node instead of using PXE. For more information on IPA, refer https://wiki.openstack.org/wiki/Ironic-python-agent.
Target Users
- Users who do not want to use PXE/TFTP protocol on their data centres.
- Passing management information via secure, encrypted management network (virtual media) if Swift proxy server has an HTTPS endpoint. See Enabling HTTPS in Swift for more info. Provisioning is done using iSCSI over data network, so this driver has the benefit of security enhancement with the same performance. It segregates management info from data channel.
Tested Platforms
This driver should work on HP Proliant Gen8 Servers and above with iLO 4.
It has been tested with the following servers:
- ProLiant DL380e Gen8
- ProLiant DL180 Gen9
Features
- PXE-less deploy with virtual media using Ironic Python Agent.
- Remote Console
- HW Sensors
- IPA runs on the bare metal node and pulls the image directly from Swift.
- IPA deployed instances always boots from local disk.
- Segregates management info from data channel.
Requirements
- iLO 4 Advanced License needs to be installed on iLO to enable virtual media feature.
- Swift Object Storage Service - iLO driver uses Swift to store temporary FAT images as well as boot ISO images.
- Glance Image Service with Swift configured as its backend - When using iscsi_ilo driver, the image containing the deploy ramdisk is retrieved from Swift directly by the iLO.
Deploy Process
- Admin configures the Proliant bare metal node for agent_ilo driver. The Ironic node configured will have the ilo_deploy_iso property in its driver_info. This will contain the Glance UUID of the ISO deploy agent image containing the agent.
- Ironic gets a request to deploy a Glance image on the bare metal node.
- Driver powers off the bare metal node.
- Driver generates a swift-temp-url for the deploy agent image and attaches it as virtual media CDROM on the iLO.
- Driver creates a small FAT32 image containing parameters to the agent ramdisk. This image is uploaded to Swift and its swift-temp-url is attached as virtual media Floppy on the iLO.
- Driver sets the node to boot one-time from CDROM.
- Driver powers on the bare metal node.
- The deploy kernel/ramdisk containing the agent is booted on the bare metal node. The agent ramdisk talks to the Ironic conductor, downloads the image directly from Swift and writes the node's disk.
- Driver sets the node to permanently boot from disk and then reboots the node.
Configuring and Enabling the driver
1. Prepare an ISO deploy Ironic Python Agent image containing the agent [5]_. This can be done by using the iso-image-create script found within the agent. The below set of commands will create a file ipa-ramdisk.iso in the below directory UPLOAD::
$ cd <directory-containing-ironic-python-agent> $ cd ./imagebuild/coreos $ make iso $ cd UPLOAD $ ls $ coreos_production_pxe_image-oem.cpio.gz coreos_production_pxe.vmlinuz ipa-coreos.iso
2. Upload the IPA ramdisk image to Glance.::
glance image-create --name ipa-ramdisk.iso --disk-format iso --container-format bare < ipa-coreos.iso
3. Configure Glance image service with its storage backend as Swift. See [4]_ for configuration instructions. 4. Set a temp-url key for Glance user in Swift. For example, if you have configured Glance with user glance-swift and tenant as service, then run the below command::
swift --os-username=service:glance-swift post -m temp-url-key:mysecretkeyforglance
5. Fill the required parameters in the [glance] section in /etc/ironic/ironic.conf. Normally you would be required to fill in the following details.::
[glance] swift_temp_url_key=mysecretkeyforglance swift_endpoint_url=http://10.10.1.10:8080 swift_api_version=v1 swift_account=AUTH_51ea2fb400c34c9eb005ca945c0dc9e1 swift_container=glance
The details can be retrieved by running the below command:::
$ swift --os-username=service:glance-swift stat -v | grep -i url StorageURL: http://10.10.1.10:8080/v1/AUTH_51ea2fb400c34c9eb005ca945c0dc9e1 Meta Temp-Url-Key: mysecretkeyforglance
6. Swift must be accessible with the same admin credentials configured in Ironic. For example, if Ironic is configured with the below credentials in /etc/ironic/ironic.conf.::
[keystone_authtoken] admin_password = password admin_user = ironic admin_tenant_name = service
Ensure auth_version in keystone_authtoken to 2.
Then, the below command should work.::
$ swift --os-username ironic --os-password password --os-tenant-name service --auth-version 2 stat Account: AUTH_22af34365a104e4689c46400297f00cb Containers: 2 Objects: 18 Bytes: 1728346241 Objects in policy "policy-0": 18 Bytes in policy "policy-0": 1728346241 Meta Temp-Url-Key: mysecretkeyforglance X-Timestamp: 1409763763.84427 X-Trans-Id: tx51de96a28f27401eb2833-005433924b Content-Type: text/plain; charset=utf-8 Accept-Ranges: bytes
7. Add agent_ilo to the list of enabled_drivers in /etc/ironic/ironic.conf. For example:::
enabled_drivers = fake,pxe_ssh,pxe_ipmitool,agent_ilo
8. Restart the Ironic conductor service.::
$ service ironic-conductor restart
Registering Proliant node in Ironic
Nodes configured for iLO driver should have the driver property set to agent_ilo. The following configuration values are also required in driver_info:
- ilo_address: IP address or hostname of the iLO.
- ilo_username: Username for the iLO with administrator privileges.
- ilo_password: Password for the above iLO user.
- ilo_deploy_iso: The Glance UUID of the deploy agent ISO image containing the agent.
- client_port: (optional) Port to be used for iLO operations if you are using a custom port on the iLO. Default port used is 443.
- client_timeout: (optional) Timeout for iLO operations. Default timeout is 60 seconds.
- console_port: (optional) Node's UDP port for console access. Any unused port on the Ironic conductor node may be used.
NOTE:
- We recommend setting the boot_mode property on systems that support both UEFI and legacy modes if user wants facility in Nova to choose a bare metal node with appropriate boot mode. This is for ProLiant DL580 Gen8 and Gen9 systems.
- agent_ilo driver automatically set boot mode from BIOS to UEFI, if the requested boot mode in nova boot is UEFI. However, users will need to pre-configure boot mode to Legacy on DL580 Gen8 and Gen9 servers if they want to deploy the node in legacy mode.
- From nova, specific boot mode may be requested by using the ComputeCapabilitesFilter. For example, it can be set in a flavor like below::
nova flavor-key ironic-test-3 set capabilities:boot_mode="uefi" nova boot --flavor ironic-test-3 --image test-image instance-1
pxe_ilo driver
Overview
pxe_ilo driver uses PXE/iSCSI (just like pxe_ipmitool driver) to deploy the image and uses iLO to do all management operations on the bare metal node(instead of using IPMI).
Target Users
- Users who want to use PXE/iSCSI for deployment in their environment or who don't have Advanced License in their iLO.
- Users who don't want to configure boot mode manually on the bare metal node.
Tested Platforms
This driver should work on HP Proliant Gen8 Servers and above with iLO 4. It has been tested with the following servers:
- ProLiant DL380e Gen8
- ProLiant DL380e Gen8
- ProLiant DL580 Gen8
- ProLiant DL180 Gen9
Features
- Automatic detection of current boot mode.
- Automatic setting of the required boot mode if UEFI boot mode is requested by the nova flavor's extra spec.
Requirements
None.
Configuring and Enabling the driver
1. Prepare an ISO deploy ramdisk image using diskimage-builder. The below command creates a file named deploy-ramdisk.kernel and deploy-ramdisk.initramfs in the current working directory::
pip install diskimage-builder ramdisk-image-create -o deploy-ramdisk ubuntu deploy-ironic
2. Upload this image to Glance.::
glance image-create --name deploy-ramdisk.kernel --disk-format aki --container-format aki < deploy-ramdisk.kernel glance image-create --name deploy-ramdisk.initramfs --disk-format ari --container-format ari < deploy-ramdisk.initramfs
7. Add pxe_ilo to the list of enabled_drivers in /etc/ironic/ironic.conf. For example:::
enabled_drivers = fake,pxe_ssh,pxe_ipmitool,pxe_ilo
8. Restart the Ironic conductor service.::
service ironic-conductor restart
Registering Proliant node in Ironic
Nodes configured for iLO driver should have the driver property set to pxe_ilo. The following configuration values are also required in driver_info:
- ilo_address: IP address or hostname of the iLO.
- ilo_username: Username for the iLO with administrator privileges.
- ilo_password: Password for the above iLO user.
- pxe_deploy_kernel: The Glance UUID of the deployment kernel.
- pxe_deploy_ramdisk: The Glance UUID of the deployment ramdisk.
- client_port: (optional) Port to be used for iLO operations if you are using a custom port on the iLO. Default port used is 443.
- client_timeout: (optional) Timeout for iLO operations. Default timeout is 60 seconds.
- console_port: (optional) Node's UDP port for console access. Any unused port on the Ironic conductor node may be used.
Boot modes
pxe_ilo driver supports automatic detection and setting of boot mode (Legacy BIOS or UEFI).
- When no boot mode setting is provided, pxe_ilo driver preserves the current boot mode on the deployed instance.
- A requirement of a specific boot mode may be provided by adding boot_mode:bios or boot_mode:uefi to capabilities property within the properties field of an Ironic node. Then pxe_ilo driver will deploy and configure the instance in the appropriate boot mode.::
ironic node-update <NODE-ID> add properties/capabilities='boot_mode:uefi'
NOTE:
- We recommend setting the boot_mode property on systems that support both UEFI and legacy modes if user wants facility in Nova to choose a bare metal node with appropriate boot mode. This is for ProLiant DL580 Gen8 and Gen9 systems.
- pxe_ilo driver automatically set boot mode from BIOS to UEFI, if the requested boot mode in nova boot is UEFI. However, users will need to pre-configure boot mode to Legacy on DL580 Gen8 and Gen9 servers if they want to deploy the node in legacy mode.
- From nova, specific boot mode may be requested by using the ComputeCapabilitesFilter. For example, it can be set in a flavor like below::
nova flavor-key ironic-test-3 set capabilities:boot_mode="uefi" nova boot --flavor ironic-test-3 --image test-image instance-1
Known Issues
Sr No | Firmware Version | Known Issues | Resolutions |
---|---|---|---|
1 | BIOS System ROM version 1.20 | Deploy on Gen9 servers fails as iLO do not honour one time boot device settings and tries to boot from the persistent boot device. | It is caused due to a defect in BIOS System ROM. The fix for the same is available since firmware version 1.32_03-05-2015 13 May 2015 onward. |
2 | Smart Array SAS Driver v8.03 | Fedora based IPA deploy ramdisk ISO fails to boot with error "error: can't allocate initrd" if the P220 based smart array controller is attached to the ProLiant server | It is a Fishman driver issue in firmware for P220 based smart arrays. The defect has been filed on Fishman firmware. The driver patch would be made available shortly. |
3 | iLO version 2.20 | Deploy using any of the iLO drivers can fail on Gen9 servers with error in conductor logs as "Invalid Device Choice" while setting persistent boot device. This issue happens only when Gen9 servers are running with iLO firmware version 2.20 | This issue is in iLO firmware wherein if RIBCL is used to update persistent boot devices in UEFI boot mode on Gen9 servers, it fails with error message mentioned above. This issue can be resolved by using one of the methods given below:-
A. Downgrading the iLO firmware version to 2.10 or upgrading it to version higher than 2.20 B. Upgrading python package 'proliantutils' to version greater or equal to 2.1.3, This issue has been fixed in 'proliantutils' by enhancing it to use HP REST interface to update persistent boot devices for Gen9 servers. $ sudo pip install "proliantutils>=2.1.3" |
References
- [1] HP iLO 4 User Guide - http://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-c03334051-12.pdf
- [2] Proliantutils module - https://pypi.python.org/pypi/proliantutils
- [3] DiskImage-Builder - https://github.com/openstack/diskimage-builder
- [4] http://docs.openstack.org/developer/glance/configuring.html#configuring-the-swift-storage-backend
- [5] Ironic Python Agent - https://github.com/openstack/ironic-python-agent