Install Ironic
Metal3 runs Ironic as a set of containers. Those containers can be deployed either in-cluster and out-of-cluster. In both scenarios, there are a couple of containers that must run in order to provision baremetal nodes.
- ironic
- ironic-inspector
- ironic-endpoint-keepalived
- ironic-log-watch
- ipa-downloader
- dnsmasq
- httpd
To know more about each container’s functionality check the documentation here.
Prerequisites
Container runtime (e.g., docker, podman). Here we use docker.
Environmental variables
The following environmental variables can be passed to configure the Ironic services:
HTTP_PORT
- port used by httpd server (default 6180)PROVISIONING_IP
- provisioning interface IP address to use for ironic, dnsmasq(dhcpd) and httpd (default 172.22.0.1)CLUSTER_PROVISIONING_IP
- cluster provisioning interface IP address (default 172.22.0.2)PROVISIONING_INTERFACE
- interface to use for ironic, dnsmasq(dhcpd) and httpd (default ironicendpoint)CLUSTER_DHCP_RANGE
- dhcp range to use for provisioning (default 172.22.0.10-172.22.0.100)DEPLOY_KERNEL_URL
- the URL of the kernel to deploy ironic-python-agentDEPLOY_RAMDISK_URL
- the URL of the ramdisk to deploy ironic-python-agentIRONIC_ENDPOINT
- the endpoint of the ironicIRONIC_INSPECTOR_ENDPOINT
- the endpoint of the ironic inspectorCACHEURL
- the URL of the cached imagesIRONIC_FAST_TRACK
- whether to enable fast_track provisioning or not (default true)IRONIC_KERNEL_PARAMS
- kernel parameters to pass to IPA (default console=ttyS0)IRONIC_INSPECTOR_VLAN_INTERFACES
- VLAN interfaces included in introspection, all - all VLANs on all interfaces, using LLDP information (default), interface all VLANs on an interface, using LLDP information, interface.vlan - a particular VLAN interface, not using LLDPIRONIC_BOOT_ISO_SOURCE
- where the boot iso image will be served from, possible values are: local (default), to download the image, prepare it and serve it from the conductor; http, to serve it directly from its HTTP URLIPA_DOWNLOAD_ENABLED
- enables the use of the Ironic Python Agent Downloader container to download IPA archive (default true)USE_LOCAL_IPA
- enables the use of locally supplied IPA archive. This condition is handled by BMO and this has effect only whenIPA_DOWNLOAD_ENABLED
is “false”, otherwiseIPA_DOWNLOAD_ENABLED
takes precedence. (default false)LOCAL_IPA_PATH
- this has effect only whenUSE_LOCAL_IPA
is set to “true”, points to the directory where the IPA archive is located. This variable is handled by BMO. The variable should contain an arbitrary path pointing to the directory that contains the ironic-python-agent.tarGATEWAY_IP
- gateway IP address to use for ironic dnsmasq (dhcpd)DNS_IP
- DNS IP address to use for ironic dnsmasq (dhcpd)
To know how to pass these variables, please see the sections below.
Ironic in-cluster installation
For in-cluster Ironic installation, we will run a set of containers within
a single pod in a Kubernetes cluster. You can enable TLS or basic auth or even
disable both for Ironic and inspector communication. Below we will see kustomize
folders that will help us to install Ironic for each mentioned case. In each
of these deployments, a ConfigMap will be created and mounted to the Ironic pod.
The ConfigMap will be populated based on environment variables from
ironic-deployment/default/ironic_bmo_configmap.env. As such, update
ironic_bmo_configmap.env
with your custom values before deploying the Ironic.
We assume you are inside the local baremetal-operator path, if not you need to
clone it first and cd
to the root path.
git clone https://github.com/metal3-io/baremetal-operator.git
cd baremetal-operator
Basic authentication enabled:
kustomize build ironic-deployment/basic-auth | kubectl apply -f -
TLS enabled:
kustomize build ironic-deployment/basic-auth/tls | kubectl apply -f -
Ironic out-of-cluster installation
For out-of-cluster Ironic installation, we will run a set of docker containers outside of a Kubernetes cluster. To pass Ironic settings, you can export corresponding environmental variables on the current shell before calling run_local_ironic.sh installation script. This will start below containers:
- ironic
- ironic-inspector
- ironic-endpoint-keepalived
- ironic-log-watch
- ipa-downloader
- dnsmasq
- httpd
- mariadb; if
IRONIC_USE_MARIADB
= “true”
If in-cluster ironic installation, we used different manifests for TLS and basic auth, here we are exporting environment variables for enabling/disabling TLS & basic auth but use the same script.
TLS and Basic authentication disabled
export IRONIC_FAST_TRACK="false" # Example of manipulating Ironic settings
export IRONIC_TLS_SETUP="false" # Disable TLS
export IRONIC_BASIC_AUTH="false" # Disable basic auth
./tools/run_local_ironic.sh
Basic authentication enabled
export IRONIC_TLS_SETUP="false"
export IRONIC_BASIC_AUTH="true"
./tools/run_local_ironic.sh
TLS enabled
export IRONIC_TLS_SETUP="true"
export IRONIC_BASIC_AUTH="false"
./tools/run_local_ironic.sh