Chapter 2. Prerequisites for bare metal provisioning

Before you begin provisioning bare metal, ensure that your environment includes the necessary installation, hardware, and networking configuration.

2.1. Installation requirements

  • You have installed director on the undercloud node. For more information about installing director, see Installing the Undercloud.
  • You are ready to install the Bare Metal Provisioning service with the rest of the overcloud.
Note

The Bare Metal Provisioning service in the overcloud is designed for a trusted tenant environment because the bare metal nodes have direct access to the control plane network of your Red Hat OpenStack Platform (RHOSP) installation. You can also implement a custom composable network for Ironic services in the overcloud so that users do not need to access the control plane.

2.2. Hardware requirements

Overcloud requirements

The hardware requirements for an overcloud with the Bare Metal Provisioning service are the same as for the standard overcloud. For more information, see Overcloud Requirements in the Director Installation and Usage guide.

Bare metal machine requirements

The hardware requirements for bare metal machines that you want to provision vary depending on the operating system that you want to install.

All bare metal machines that you want to provision require the following:

  • A NIC to connect to the bare metal network.
  • A power management interface (for example, IPMI) that is connected to a network that is reachable from the ironic-conductor service. By default, ironic-conductor runs on all of the Controller nodes, unless you use composable roles and run ironic-conductor elsewhere.
  • PXE boot on the bare metal network. Disable PXE boot on all other NICs in the deployment.

2.3. Networking requirements

The bare metal network:

This is a private network that the Bare Metal Provisioning service uses for the following operations:

  • The provisioning and management of bare metal machines on the overcloud.
  • Cleaning bare metal nodes before and between deployments.
  • Tenant access to the bare metal nodes.

The bare metal network provides DHCP and PXE boot functions to discover bare metal systems. This network must use a native VLAN on a trunked interface so that the Bare Metal Provisioning service can serve PXE boot and DHCP requests.

You can configure the bare metal network in two ways:

  • Use a flat bare metal network for Ironic Conductor services. This network must route to the Ironic services on the control plane. If you define an isolated bare metal network, the bare metal nodes cannot PXE boot.
  • Use a custom composable network to implement Bare Metal Provisioning services in the overcloud.
Note

The Bare Metal Provisioning service in the overcloud is designed for a trusted tenant environment because the bare metal nodes have direct access to the control plane network of your Red Hat OpenStack Platform (RHOSP) installation. You can also implement a custom composable network for Ironic services in the overcloud so that users do not need to access the control plane.

Network tagging:

  • The control plane network (the director provisioning network) is always untagged.
  • The bare metal network must be untagged for provisioning, and must also have access to the Ironic API.
  • Other networks can be tagged.

Overcloud controllers:

The Controller nodes that host the Bare Metal Provisioning service must have access to the bare metal network.

Bare metal nodes:

The NIC that the bare metal node is configured to PXE-boot from must have access to the bare metal network.

2.3.1. The default bare metal network

In this architecture, the bare metal network is separated from the control plane network. The bare metal network is a flat network that also acts as the tenant network.

  • The bare metal network is created by the OpenStack operator. This network requires a route to the director provisioning network.
  • Bare Metal Provisioning Service users have access to the public OpenStack APIs, and to the bare metal network. The bare metal network is routed to the director provisioning network, so users also have indirect access to the control plane.
  • The Bare Metal Provisioning Service uses the bare metal network for node cleaning.

Default bare metal network architecture diagram

Default bare metal network architecture diagram

2.3.2. The custom composable bare metal network

In this architecture, the bare metal network is a custom composable network that does not have access to the control plane. If you want to limit access to the control plane, you can create a custom composable network:

  • The custom composable bare metal network is created by the OpenStack operator.
  • Ironic users have access to the public OpenStack APIs, and to the custom composable bare metal network.
  • Ironic uses the custom composable bare metal network for node cleaning.