Unlike most other python software, you must build an IPA ramdisk image before use. This is because it’s not installed in an operating system, but instead is run from within a ramdisk.
One way to build a ramdisk image for IPA is with the CoreOS image [0]. Prebuilt copies of the CoreOS image, suitable for pxe, are available on tarballs.openstack.org.
On a high level, the build steps are as follows:
Dockerfile
in the root of the
ironic-python-agent project.There are several methods you can use to customize the IPA ramdisk:
Another way to build a ramdisk image for IPA is by using diskimage-builder [2]. The ironic-agent diskimage-builder element builds the IPA ramdisk, which installs all the required packages and configures services as needed.
Ironic Python Agent repo also provides a set of scripts to build a
Tiny Core Linux-based deployment kernel and ramdisk (code name tinyipa
)
under imagebuild/tinyipa
folder.
Tiny Core Linux is a very minimalistic Linux distribution. Due to its small size and decreased RAM requirements it is mostly suitable for usage in CI with virtualized hardware, and is already used on a number of gate jobs in projects under OpenStack Baremetal program. On the other hand, due to its generally newer Linux kernel it also known to work on real hardware if the kernel supports all necessary components installed.
Please refer to imagebuild/tinyipa/README.rst
for more information and
build instructions.
Additionally, the IPA ramdisk can be packaged inside of an ISO for use with
supported virtual media drivers. Simply use the iso-image-create
utility
packaged with IPA, pass it an initrd and kernel. e.g.:
./iso-image-create -o /path/to/output.iso -i /path/to/ipa.initrd -k /path/to/ipa.kernel
This is a generic tool that can be used to combine any initrd and kernel into a suitable ISO for booting, and so should work against any IPA ramdisk created – both DIB and CoreOS.
You can pass a variety of flags to IPA on start up to change its behavior. If you’re using the CoreOS image, you can modify the ironic-python-agent.service unit in cloud-config.yaml [3].
--standalone
: This disables the initial lookup and heartbeats to Ironic.
Lookup sends some information to Ironic in order to determine Ironic’s node
UUID for the node. Heartbeat sends periodic pings to Ironic to tell Ironic
the node is still running. These heartbeats also trigger parts of the deploy
and cleaning cycles. This flag is useful for debugging IPA without an Ironic
installation.--debug
: Enables debug logging.During its operation IPA makes HTTP requests to a number of other services, currently including
When these services are configured to require SSL-encrypted connections, IPA can be configured to either properly use such secure connections or ignore verifying such SSL connections.
Configuration mostly happens in the IPA config file
(default is /etc/ironic_python_agent/ironic_python_agent.conf
)
or command line arguments passed to ironic-python-agent
,
and it is possible to provide some options via kernel command line arguments
instead.
Available options in the [DEFAULT]
config file section are:
ipa-insecure
kernel command line argument (converted to boolean).
The default for this kernel command line argument is taken to be False
.
Overriding it to True
by adding ipa-insecure=1
to the value of
[pxe]pxe_append_params
in ironic configuration file will allow running
the same IPA-based deploy ramdisk in a CI-like environment when services
are using secure HTTPS endpoints with self-signed certificates without
adding a custom CA file to the deploy ramdisk (see below).insecure
option being False
, see above),
operators should either ensure that certificates of those services
are verifiable by root CAs present in the deploy ramdisk,
or add a custom CA file to the ramdisk and set this IPA option to point
to this file at ramdisk build time.keyfile
option is also set.certfile
option is also set.Currently a single set of cafile/certfile/keyfile options is used for all HTTP requests to the other services.
Securing IPA’s HTTP server itself with SSL is not yet supported in default ramdisk builds.
Hardware managers are how IPA supports multiple different hardware platforms in the same agent. Any action performed on hardware can be overridden by deploying your own hardware manager.
Custom hardware managers allow you to include hardware-specific tools, files and cleaning steps in the Ironic Python Agent. For example, you could include a BIOS flashing utility and BIOS file in a custom ramdisk. Your custom hardware manager could expose a cleaning step that calls the flashing utility and flashes the packaged BIOS version (or even download it from a tested web server).
Operators wishing to build their own hardware managers should reference the documentation available at Hardware Managers.
[0] | CoreOS PXE Images - https://coreos.com/docs/running-coreos/bare-metal/booting-with-pxe/ |
[1] | (1, 2) CoreOS Cloud Init - https://coreos.com/docs/cluster-management/setup/cloudinit-cloud-config/ |
[2] | DIB Element for IPA - https://docs.openstack.org/diskimage-builder/latest/elements/ironic-agent/README.html |
[3] | cloud-config.yaml - https://git.openstack.org/cgit/openstack/ironic-python-agent/tree/imagebuild/coreos/oem/cloud-config.yml |
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.