Chapter 4. Deploying an IPv6 overcloud with the Bare Metal Provisioning service

Note

If you use OVN, the Bare Metal Provisioning service (ironic) is supported only with the neutron DHCP agent from the ironic-overcloud.yaml file. The built-in DHCP server on OVN presently cannot provision baremetal nodes or serve DHCP for the provisioning networks. Chainbooting iPXE requires tagging (--dhcp-match in dnsmasq), which is not supported in the OVN DHCP server.

The following procedures include the deployment steps that are specific to the Bare Metal Provisioning service (ironic). For more information about overcloud deployment with director, see the Director Installation and Usage guide.

Prerequisites

4.1. Creating the bare metal template

Use an environment file to deploy the overcloud with the Bare Metal Provisioning service enabled. You can use the example template that is located on the director node at /usr/share/openstack-tripleo-heat-templates/environments/services/ironic-overcloud.yaml.

Prerequisites

Completing the template

You can specify additional configuration either in the provided template or in an additional yaml file, for example ~/templates/ironic.yaml.

  • For a hybrid deployment with both bare metal and virtual instances, you must add AggregateInstanceExtraSpecsFilter to the list of NovaSchedulerDefaultFilters. If you have not set NovaSchedulerDefaultFilters anywhere, you can do so in ironic.yaml. For an example, see Example template.

    Note

    If you are using SR-IOV, NovaSchedulerDefaultFilters is already set in tripleo-heat-templates/environments/neutron-sriov.yaml. Append AggregateInstanceExtraSpecsFilter to this list.

  • The type of cleaning that occurs before and between deployments is set by IronicCleaningDiskErase. By default, this is set to full by deployment/ironic/ironic-conductor-container-puppet.yaml. You can set this to metadata to substantially speed up the process, because it cleans only the partition table. However, because the deployment is less secure in a multi-tenant environment, complete this action only in a trusted tenant environment.
  • You can add drivers with the IronicEnabledDrivers parameter. By default, ipmi, idrac and ilo are enabled.

For a full list of configuration parameters, see Bare Metal in the Overcloud Parameters guide.

4.1.1. Example template

The following is an example template file. This file might not meet the requirements of your environment. Before you use this example, ensure that it does not interfere with any existing configuration in your environment. This example contains the following configuration:

  • The AggregateInstanceExtraSpecsFilter allows both virtual and bare metal instances, for a hybrid deployment.
  • Disk cleaning that is performed before and between deployments erases only the partition table (metadata).

~/templates/ironic.yaml

parameter_defaults:

    NovaSchedulerDefaultFilters:
        - AggregateInstanceExtraSpecsFilter
        - AvailabilityZoneFilter
        - ComputeFilter
        - ComputeCapabilitiesFilter
        - ImagePropertiesFilter

    IronicCleaningDiskErase: metadata

4.2. Configuring the undercloud for bare metal provisioning over IPv6

Important

This feature is available in this release as a Technology Preview, and therefore is not fully supported by Red Hat. It should only be used for testing, and should not be deployed in a production environment. For more information about Technology Preview features, see Scope of Coverage Details.

If you have IPv6 nodes and infrastructure, you can configure the undercloud and the provisioning network to use IPv6 instead of IPv4 so that director can provision and deploy Red Hat OpenStack Platform onto IPv6 nodes. However, there are some considerations:

  • Dual stack IPv4/6 is not available.
  • Tempest validations might not perform correctly.
  • IPv4 to IPv6 migration is not available during upgrades.

Modify the undercloud.conf file to enable IPv6 provisioning in Red Hat OpenStack Platform.

Prerequisites

Procedure

  1. Copy the sample undercloud.conf file, or modify your existing undercloud.conf file.
  2. Set the following parameter values in the undercloud.conf file:

    1. Set ipv6_address_mode to dhcpv6-stateless or dhcpv6-stateful if your NIC supports stateful DHCPv6 with Red Hat OpenStack Platform.
    2. Set enable_routed_networks to true if you do not want the undercloud to create a router on the provisioning network. In this case, the data center router must provide router advertisements. Otherwise, set this value to false.
    3. Set local_ip to the IPv6 address of the undercloud.
    4. Use IPv6 addressing for the undercloud interface parameters undercloud_public_host and undercloud_admin_host.
    5. Optional. If you want to use stateful DHCPv6, use the ironic_enabled_network_interfaces parameter to specify the neutron interface. You can also use the ironic_default_network_interface parameter to set the neutron interface as the default network interface for bare metal nodes:

      • ironic_enabled_network_interfaces = neutron,flat
      • ironic_default_network_interface = neutron
    6. In the [ctlplane-subnet] section, use IPv6 addressing in the following parameters:

      • cidr
      • dhcp_start
      • dhcp_end
      • gateway
      • inspection_iprange
    7. In the [ctlplane-subnet] section, set an IPv6 nameserver for the subnet in the dns_nameservers parameter.

      [DEFAULT]
      ipv6_address_mode = dhcpv6-stateless
      enable_routed_networks: false
      local_ip = <ipv6-address>
      ironic_enabled_network_interfaces = neutron,flat
      ironic_default_network_interface = neutron
      undercloud_admin_host = <ipv6-address>
      undercloud_public_host = <ipv6-address>
      
      [ctlplane-subnet]
      cidr = <ipv6-address>::<ipv6-mask>
      dhcp_start = <ipv6-address>
      dhcp_end = <ipv6-address>
      dns_nameservers = <ipv6-dns>
      gateway = <ipv6-address>
      inspection_iprange = <ipv6-address>,<ipv6-address>

4.3. Network configuration

If you use the default flat bare metal network, you must create a bridge br-baremetal for the Bare Metal Provisioning service (ironic) to use. You can specify this bridge in an additional template:

~/templates/network-environment.yaml

parameter_defaults:
  NeutronBridgeMappings: datacentre:br-ex,baremetal:br-baremetal
  NeutronFlatNetworks: datacentre,baremetal

You can configure this bridge either in the provisioning network (control plane) of the controllers, so that you can reuse this network as the bare metal network, or add a dedicated network. The configuration requirements are the same, however the bare metal network cannot be VLAN-tagged, as it is used for provisioning.

~/templates/nic-configs/controller.yaml

network_config:
    -
      type: ovs_bridge
          name: br-baremetal
          use_dhcp: false
          members:
            -
              type: interface
              name: eth1
Note

The Bare Metal Provisioning service in the overcloud is designed for a trusted tenant environment because the bare metal nodes have direct access to the control plane network of your Red Hat OpenStack Platform (RHOSP) installation.

4.3.1. Configuring a custom IPv6 provisioning network

Important

This feature is available in this release as a Technology Preview, and therefore is not fully supported by Red Hat. It should only be used for testing, and should not be deployed in a production environment. For more information about Technology Preview features, see Scope of Coverage Details.

Create a custom IPv6 provisioning network to provision and deploy the overcloud over IPv6.

Procedure

  1. Configure the shell to access Identity as the administrative user:

    $ source ~/stackrc
  2. Copy the network_data.yaml file:

    $ cp /usr/share/openstack-tripleo-heat-templates/network_data.yaml .
  3. Edit the new network_data.yaml file and add a new network for overcloud provisioning:

    # custom network for IPv6 overcloud provisioning
    - name: OcProvisioningIPv6
    vip: true
    name_lower: oc_provisioning_ipv6
    vlan: 10
    ipv6: true
    ipv6_subnet: '$IPV6_SUBNET_ADDRESS/$IPV6_MASK'
    ipv6_allocation_pools: [{'start': '$IPV6_START_ADDRESS', 'end': '$IPV6_END_ADDRESS'}]
    gateway_ipv6: '$IPV6_GW_ADDRESS'
    • Replace $IPV6_ADDRESS with the IPv6 address of your IPv6 subnet.
    • Replace $IPV6_MASK with the IPv6 network mask for your IPv6 subnet.
    • Replace $IPV6_START_ADDRESS and $IPV6_END_ADDRESS with the IPv6 range that you want to use for address allocation.
    • Replace $IPV6_GW_ADDRESS with the IPv6 address of your gateway.
  4. Create a new file network-environment.yaml and define IPv6 settings for the provisioning network:

    $ touch /home/stack/network-environment.yaml`
    1. Remap the ironic networks to use the new IPv6 provisioning network:

      ServiceNetMap:
         IronicApiNetwork: oc_provisioning_ipv6
         IronicNetwork: oc_provisioning_ipv6
    2. Set the IronicIpVersion parameter to 6:

      parameter_defaults:
        IronicIpVersion: 6
    3. Set the RabbitIPv6, MysqlIPv6, and RedisIPv6 parameters to True:

      parameter_defaults:
        RabbitIPv6: True
        MysqlIPv6: True
        RedisIPv6: True
  5. Add an interface and necessary parameters to the nic-configs/controller.yaml file:

    $network_config:
         - type: vlan
             vlan_id:
               get_param: OcProvisioningIPv6NetworkVlanID
             addresses:
             - ip_netmask:
                 get_param: OcProvisioningIPv6IpSubnet
  6. Copy the roles_data.yaml file:

    (undercloud) [stack@host01 ~]$ cp /usr/share/openstack-tripleo-heat-templates/roles_data.yaml .
  7. Edit the new roles_data.yaml and add the new network for the controller:

      networks:
       ...
        - OcProvisioningIPv6

When you deploy the overcloud, include the new network_data.yaml and roles_data.yaml files in the deployment command with the -n and -r options, and the network-environment.yaml file with the -e option:

$ sudo openstack overcloud deploy --templates \
...
-n /home/stack/network_data.yaml \
-r /home/stack/roles_data.yaml \
-e /home/stack/network-environment.yaml
...

For more information about IPv6 network configuration, see Configuring the network in the IPv6 Networking for the Overcloud guide.

4.4. Enabling bare metal introspection in the overcloud

To enable bare metal introspection, include both of the following files in the deployment command:

For deployments that use OVN
  • ironic-overcloud.yaml
  • ironic-inspector.yaml
Note

Spine-leaf routed deployments might require a DHCP relay on ToR router, or a DHCP agent for each subnet. The metadata service must have a static route to the metadata server. OVN does not provide this route on bare metal nodes by default.

For deployments that use OVS
  • ironic.yaml
  • ironic-inspector.yaml

You can find these files in the /usr/share/openstack-tripleo-heat-templates/environments/services directory. Use the following example to include configuration details for the ironic inspector that correspond to your environment:

parameter_defaults:
  IronicInspectorSubnets:
    - ip_range: <ip_range>
  IPAImageURLs: '["http://<ip_address>:<port>/agent.kernel", "http://<ip_address>:<port>/agent.ramdisk"]'
  IronicInspectorInterface: 'br-baremetal'

IronicInspectorSubnets

This parameter can contain multiple ranges and works with both spine and leaf.

IPAImageURLs

This parameter contains details about the IPA kernel and ramdisk. In most cases, you can use the same images that you use on the undercloud. If you omit this parameter, you must include alternatives on each Controller.

IronicInspectorInterface

Use this parameter to specify the bare metal network interface.

Note

If you use a composable Ironic or IronicConductor role, you must include the IronicInspector service in the Ironic role in your roles file.

ServicesDefault:
  OS::TripleO::Services::IronicInspector

4.5. Deploying the overcloud

To enable the Bare Metal Provisioning service, include your ironic environment files with the -e option when you deploy or redeploy the overcloud, along with the rest of your overcloud configuration. Use the following example as a guide:

$ openstack overcloud deploy \
  --templates \
  -e ~/templates/node-info.yaml \
  -e /usr/share/openstack-tripleo-heat-templates/environments/network-isolation.yaml \
  -e ~/templates/network-environment.yaml \
  -e /usr/share/openstack-tripleo-heat-templates/environments/services/ironic-overcloud.yaml \
  -e ~/templates/ironic.yaml \

Additional resources

4.6. Testing the Bare Metal Provisioning service

You can use the OpenStack Integration Test Suite to validate your Red Hat OpenStack deployment. For more information, see the OpenStack Integration Test Suite Guide.

Additional verification methods for the Bare Metal Provisioning service:

  1. Configure the shell to access Identity as the administrative user:

    $ source ~/overcloudrc
  2. Check that the nova-compute service is running on the Controller nodes:

    $ openstack compute service list -c Binary -c Host -c Status
  3. If you changed the default ironic drivers, ensure that the required drivers are enabled:

    $ openstack baremetal driver list
  4. Ensure that the ironic endpoints are listed:

    $ openstack catalog list