12c83984b6
The first few sections of the 'Introduction to Ironic' document were updated to: - mention that it is included with OpenStack releases starting with Kilo - mention that Swift is missing from the Conceptual Architecture diagram - removes Figure 1.3.1 "Deployment Architecture" and the text surrounding that for several reasons: it places ir-cond on the same host as n-cpu, which is not advisable in some situations; it suggests placing ir-api on a monolithic "Cloud Controller Node", but does not explain why this unusual choice was made; and it does not include any depiction of the physical servers which Ironic is going to manage, nor the IPMI network connectivity to them which is required. - mentions that for security reasons, ir-cond should be placed on an isolated host, as it is the *only* service which requires access to both data plane and IPMI control plane. - modified (what was Figure 1.3.2) deployment_architecture_2.png so that it doesn't include a figure number Change-Id: Ifeeba636c9e7de65385e9f9c631709b2dd09e25b Partial-Bug: #1353688
238 lines
9.5 KiB
ReStructuredText
238 lines
9.5 KiB
ReStructuredText
.. _user-guide:
|
|
|
|
=======================
|
|
Introduction to Ironic
|
|
=======================
|
|
|
|
Ironic is an OpenStack project which provisions physical hardware as opposed to
|
|
virtual machines. Ironic provides several reference drivers which leverage
|
|
common technologies like PXE and IPMI, to cover a wide range of hardware.
|
|
Ironic's pluggable driver architecture also allows vendor-specific drivers to
|
|
be added for improved performance or functionality not provided by reference
|
|
drivers.
|
|
|
|
If one thinks of traditional hypervisor functionality (e.g., creating a
|
|
VM, enumerating virtual devices, managing the power state, loading an OS onto
|
|
the VM, and so on), then Ironic may be thought of as a hypervisor API gluing
|
|
together multiple drivers, each of which implement some portion of that
|
|
functionality with respect to physical hardware.
|
|
|
|
OpenStack's Ironic project makes physical servers as easy to provision as
|
|
virtual machines in cloud, which in turn will open up new avenues for
|
|
enterprises and service providers.
|
|
|
|
Ironic's driver replaces the Nova "bare metal" driver (in Grizzly - Juno
|
|
releases). Ironic is available for use and is supported by the Ironic
|
|
developers starting with the Juno release. It is officially integrated with
|
|
OpenStack in the Kilo release.
|
|
|
|
See https://wiki.openstack.org/wiki/Ironic for links to the project's current
|
|
development status.
|
|
|
|
Why Provision Bare Metal
|
|
========================
|
|
|
|
Here are a few use-cases for bare metal (physical server) provisioning in
|
|
cloud; there are doubtless many more interesting ones:
|
|
|
|
- High-performance computing clusters
|
|
- Computing tasks that require access to hardware devices which can't be
|
|
virtualized
|
|
- Database hosting (some databases run poorly in a hypervisor)
|
|
- Single tenant, dedicated hardware for performance, security, dependability
|
|
and other regulatory requirements
|
|
- Or, rapidly deploying a cloud infrastructure
|
|
|
|
Conceptual Architecture
|
|
=======================
|
|
|
|
The following diagram shows the relationships and how all services come into
|
|
play during the provisioning of a physical server. (Note that Swift can be
|
|
used with Ironic, but is missing from this diagram.)
|
|
|
|
|
|
.. figure:: ../images/conceptual_architecture.png
|
|
:alt: ConceptualArchitecture
|
|
|
|
Logical Architecture
|
|
====================
|
|
|
|
The diagram below shows the logical architecture. It shows the basic
|
|
components that form the Ironic service, the relation of Ironic service with
|
|
other OpenStack services and the logical flow of a boot instance request
|
|
resulting in the provisioning of a physical server.
|
|
|
|
.. figure:: ../images/logical_architecture.png
|
|
:alt: Logical Architecture
|
|
|
|
The Ironic service is composed of the following components:
|
|
|
|
#. a RESTful API service, by which operators and other services may interact
|
|
with the managed bare metal servers.
|
|
|
|
#. a Conductor service, which does the bulk of the work. Functionality is
|
|
exposed via the API service. The Conductor and API services communicate
|
|
via RPC.
|
|
|
|
#. various Drivers that support heterogenous hardware
|
|
|
|
#. a Message Queue
|
|
|
|
#. a Database for storing information about the resources. Among other things,
|
|
this includes the state of the conductors, nodes (physical servers), and
|
|
drivers.
|
|
|
|
As in Figure 1.2. Logical Architecture, a user request to boot an instance is
|
|
passed to the Nova Compute service via Nova API and Nova Scheduler. The Compute
|
|
service hands over this request to the Ironic service, where the request passes
|
|
from the Ironic API, to the Conductor, to a Driver to successfully provision a
|
|
physical server for the user.
|
|
|
|
Just as the Nova Compute service talks to various OpenStack services like
|
|
Glance, Neutron, Swift etc to provision a virtual machine instance, here the
|
|
Ironic service talks to the same OpenStack services for image, network and
|
|
other resource needs to provision a bare metal instance.
|
|
|
|
|
|
Key Technologies for Bare Metal Hosting
|
|
=======================================
|
|
|
|
PXE
|
|
-----
|
|
Preboot Execution Environment (PXE) is part of the Wired for Management (WfM)
|
|
specification developed by Intel and Microsoft. The PXE enables system's BIOS
|
|
and network interface card (NIC) to bootstrap a computer from the network in
|
|
place of a disk. Bootstrapping is the process by which a system loads the OS
|
|
into local memory so that it can be executed by the processor. This capability
|
|
of allowing a system to boot over a network simplifies server deployment and
|
|
server management for administrators.
|
|
|
|
DHCP
|
|
------
|
|
Dynamic Host Configuration Protocol (DHCP) is a standardized networking
|
|
protocol used on Internet Protocol (IP) networks for dynamically distributing
|
|
network configuration parameters, such as IP addresses for interfaces and
|
|
services. Using PXE, the BIOS uses DHCP to obtain an IP address for the
|
|
network interface and to locate the server that stores the network bootstrap
|
|
program (NBP).
|
|
|
|
NBP
|
|
------
|
|
Network Bootstrap Program (NBP) is equivalent to GRUB (GRand Unified
|
|
Bootloader) or LILO (LInux LOader) - loaders which are traditionally used in
|
|
local booting. Like the boot program in a hard drive environment, the NBP is
|
|
responsible for loading the OS kernel into memory so that the OS can be
|
|
bootstrapped over a network.
|
|
|
|
TFTP
|
|
------
|
|
Trivial File Transfer Protocol (TFTP) is a simple file transfer protocol that
|
|
is generally used for automated transfer of configuration or boot files between
|
|
machines in a local environment. In a PXE environment, TFTP is used to
|
|
download NBP over the network using information from the DHCP server.
|
|
|
|
IPMI
|
|
------
|
|
Intelligent Platform Management Interface (IPMI) is a standardized computer
|
|
system interface used by system administrators for out-of-band management of
|
|
computer systems and monitoring of their operation. It is a method to manage
|
|
systems that may be unresponsive or powered off by using only a network
|
|
connection to the hardware rather than to an operating system.
|
|
|
|
|
|
Ironic Deployment Architecture
|
|
==============================
|
|
|
|
The Ironic RESTful API service is used to enroll hardware that Ironic will
|
|
manage. A cloud administrator usually registers the hardware, specifying their
|
|
attributes such as MAC addresses and IPMI credentials. There can be multiple
|
|
instances of the API service.
|
|
|
|
The Ironic conductor service does the bulk of the work.
|
|
For security reasons, it is advisable to place the conductor service on
|
|
an isolated host, since it is the only service that requires access to both
|
|
the data plane and IPMI control plane.
|
|
|
|
There can be multiple instances of the conductor service to support
|
|
various class of drivers and also to manage fail over. Instances of the
|
|
conductor service should be on separate nodes. Each conductor can itself run
|
|
many drivers to operate heterogeneous hardware. This is depicted in the
|
|
following figure.
|
|
|
|
The API exposes a list of supported drivers and the names of conductor hosts
|
|
servicing them.
|
|
|
|
.. figure:: ../images/deployment_architecture_2.png
|
|
:alt: Deployment Architecture 2
|
|
|
|
Understanding Bare Metal Deployment
|
|
===================================
|
|
|
|
What happens when a boot instance request comes in? The below diagram walks
|
|
through the steps involved during the provisioning of a bare metal instance.
|
|
|
|
These pre-requisites must be met before the deployment process:
|
|
|
|
- Dependent packages to be configured on the compute node like tftp-server,
|
|
ipmi, syslinux etc for bare metal provisioning.
|
|
- Flavors to be created for the available hardware. Nova must know the flavor
|
|
to boot from.
|
|
- Images to be made available in Glance. Listed below are some image types
|
|
required for successful bare metal deployment:
|
|
|
|
+ bm-deploy-kernel
|
|
+ bm-deploy-ramdisk
|
|
+ user-image
|
|
+ user-image-vmlinuz
|
|
+ user-image-initrd
|
|
- Hardware to be enrolled via Ironic RESTful API service.
|
|
|
|
.. figure:: ../images/deployment_steps.png
|
|
:alt: Deployment Steps
|
|
|
|
Deploy Process
|
|
-----------------
|
|
|
|
#. A boot instance request comes in via the Nova API, through the message
|
|
queue to the Nova scheduler.
|
|
|
|
#. Nova scheduler applies filter and finds the eligible compute node. Nova
|
|
scheduler uses flavor extra_specs detail such as 'cpu_arch',
|
|
'baremetal:deploy_kernel_id', 'baremetal:deploy_ramdisk_id' etc to match
|
|
the target physical node.
|
|
|
|
#. A spawn task is placed by the driver which contains all information such
|
|
as which image to boot from etc. It invokes the driver.spawn from the
|
|
virt layer of Nova compute.
|
|
|
|
#. Information about the bare metal node is retrieved from the bare metal
|
|
database and the node is reserved.
|
|
|
|
#. Images from Glance are pulled down to the local disk of the Ironic
|
|
conductor servicing the bare metal node.
|
|
|
|
#. Virtual interfaces are plugged in and Neutron API updates DHCP port to
|
|
support PXE/TFTP options.
|
|
|
|
#. Nova's ironic driver issues a deploy request via the Ironic API to the
|
|
Ironic conductor servicing the bare metal node.
|
|
|
|
#. PXE driver prepares tftp bootloader.
|
|
|
|
#. The IPMI driver issues command to enable network boot of a node and power
|
|
it on.
|
|
|
|
#. The DHCP boots the deploy ramdisk. The PXE driver actually copies the image
|
|
over iSCSI to the physical node. It connects to the iSCSI end point,
|
|
partitions volume, "dd" the image and closes the iSCSI connection. The
|
|
deployment is done. The Ironic conductor will switch pxe config to service
|
|
mode and notify ramdisk agent on the successful deployment.
|
|
|
|
#. The IPMI driver reboots the bare metal node. Note that there are 2 power
|
|
cycles during bare metal deployment; the first time when powered-on, the
|
|
images get deployed as mentioned in step 9. The second time as in this case,
|
|
after the images are deployed, the node is powered up.
|
|
|
|
#. The bare metal node status is updated and the node instance is made
|
|
available.
|