Isn't it ironic - managing a bare metal cloud (OSL TES 2015)
Isn't it Ironic?
Managing a bare metal cloud
Devananda van der Veen
Who am I
Master Engineer at HP
OpenStack Ironic PTL
What we're going to talk about
Virtualization & OpenStack
Configuration choices you need to
Operators <> Developers
Walk through a deploy
Some other cool stuff
"OpenStack is not a virtualization
layer. It is an abstraction layer."
Daniel Sabbah, CTO @ IBM
Compute Virtualization Drivers
(KVM, Xen, HyperV ...)
flexibility: dev controls their whole
isolation: guests don't share resources
... but noisy neighbors
Compute Containerization Drivers
(lxc, docker ...)
specificity: just your app, nothing more
density: far more instances per server
... but shared kernel, memory, and other
Compute Physicalization Drivers
nonvirtualizable workloads (eg,
... but no hypervisor
An OpenStack service
A Nova driver
also capable of being used stand
Be resilient to hardware and service failures
Predictable and horizontal scaleout
Common API across hardware vendors
Common API for both virtual and physical
ironicapi: RESTful API service
ironicconductor: interacts directly with hardware;
asynchronous handling of both requested and periodic
deploy ramdisk: temporary agent, booted on machines, to
provide remote access to hardware for provisioning and
Nova driver: interface for Nova; enables OpenStack to
provide common abstraction for virtual and physical
discoverd ramdisk: optional tool for hardware inventory
PXE: preboot execution environment, allows host to boot
DHCP: dynamic host configuration protocol, used to locate
the NBP on the network, and provide the host OS with IP
address during init
IPMI: intelligent platform management interface, for remote
control of machine power state, boot device, serial console,
TFTP: trivial file transfer protocol, copies the NBP over the
iSCSI: used to remotely attach to HDD and copy the
But you have options...
! PXE: use virtual media channel instead of PXE. Requires
Swift; available in Kilo; limited to "ilo" drivers.
! DHCP: static IP injection is possible, but not really suitable
for larger or dynamic environments
! IPMI: many other outofband power management tools
! TFTP: iPXE / HTTP(S) supported, too
! iSCSI: image can be fetched directly by "agent" drivers
... and options ...
Use novascheduler to match flavors to node.properties
Single tenant / small deployment?
Flat network. Maybe use Ironic standalone
Service provider for multiple tenants?
Use keystone for auth, nova for quota management, ...
Basically, use OpenStack
Network isolation is possible (but not trivial) via Neutron
Secureerase disks, flash firmware between each use
(there's a hash ring)
Each node is mapped across the set of conductors which have
enabled that node's driver, using a consistent hash ring.
Starting or stopping a conductor will initiate a rebalance.
Periodic task ensures consistent local state for mapped nodes.
No impact to running instances, but may disrupt reboots (if