iRMC driver¶
Overview¶
The iRMC driver enables control FUJITSU PRIMERGY via ServerView
Common Command Interface (SCCI). Support for FUJITSU PRIMERGY servers consists
of the irmc
hardware type and a few hardware interfaces specific for that
hardware type.
Prerequisites¶
Install python-scciclient and pysnmp packages:
$ pip install "python-scciclient>=0.7.2" pysnmp
Hardware Type¶
The irmc
hardware type is available for FUJITSU PRIMERGY servers. For
information on how to enable the irmc
hardware type, see
Enabling hardware types.
Hardware interfaces¶
The irmc
hardware type overrides the selection of the following
hardware interfaces:
- bios
Supports
irmc
andno-bios
. The default isirmc
.
- boot
Supports
irmc-virtual-media
,irmc-pxe
, andpxe
. The default isirmc-virtual-media
. Theirmc-virtual-media
boot interface enables the virtual media based deploy with IPA (Ironic Python Agent).Warning
We deprecated the
pxe
boot interface when used withirmc
hardware type. Support for this interface will be removed in the future. Instead, useirmc-pxe
.irmc-pxe
boot interface was introduced in Pike.
- console
Supports
ipmitool-socat
,ipmitool-shellinabox
, andno-console
. The default isipmitool-socat
.
- inspect
Supports
irmc
,inspector
, andno-inspect
. The default isirmc
.Note
Ironic Inspector needs to be present and configured to use
inspector
as the inspect interface.
- management
Supports only
irmc
.
- power
Supports
irmc
, which enables power control via ServerView Common Command Interface (SCCI), by default. Also supportsipmitool
.
- raid
Supports
irmc
,no-raid
andagent
. The default isno-raid
.
For other hardware interfaces, irmc
hardware type supports the
Bare Metal reference interfaces. For more details about the hardware
interfaces and how to enable the desired ones, see
Enabling hardware interfaces.
Here is a complete configuration example with most of the supported hardware
interfaces enabled for irmc
hardware type.
[DEFAULT]
enabled_hardware_types = irmc
enabled_bios_interfaces = irmc
enabled_boot_interfaces = irmc-virtual-media,irmc-pxe
enabled_console_interfaces = ipmitool-socat,ipmitool-shellinabox,no-console
enabled_deploy_interfaces = iscsi,direct
enabled_inspect_interfaces = irmc,inspector,no-inspect
enabled_management_interfaces = irmc
enabled_network_interfaces = flat,neutron
enabled_power_interfaces = irmc
enabled_raid_interfaces = no-raid,irmc
enabled_storage_interfaces = noop,cinder
enabled_vendor_interfaces = no-vendor,ipmitool
Here is a command example to enroll a node with irmc
hardware type.
openstack baremetal node create \
--bios-interface irmc \
--boot-interface irmc-pxe \
--deploy-interface direct \
--inspect-interface irmc \
--raid-interface irmc
Node configuration¶
Configuration via driver_info
¶
Each node is configured for
irmc
hardware type by setting the following ironic node object’s properties:driver_info/irmc_address
property to beIP address
orhostname
of the iRMC.driver_info/irmc_username
property to beusername
for the iRMC with administrator privileges.driver_info/irmc_password
property to bepassword
for irmc_username.properties/capabilities
property to beboot_mode:uefi
if UEFI boot is required.properties/capabilities
property to besecure_boot:true
if UEFI Secure Boot is required. Please refer to UEFI Secure Boot Support for more information.
If
port
in[irmc]
section of/etc/ironic/ironic.conf
ordriver_info/irmc_port
is set to 443,driver_info/irmc_verify_ca
will take effect:driver_info/irmc_verify_ca
property takes one of 4 value (default value isTrue
):True
: When set toTrue
, which certification file iRMC driver uses is determined byrequests
Python module.Value of
driver_info/irmc_verify_ca
is passed toverify
argument of functions defined inrequests
Python module. So which certification will be used is depend on behavior ofrequests
module. (maybe certification provided bycertifi
Python module)False
: When set toFalse
, iRMC driver won’t verify server certification with certification file during HTTPS connection with iRMC. Just stop to verify server certification, but does HTTPS.Warning
When set to
False
, user must notice that it can result in vulnerable situation. Stopping verification of server certification during HTTPS connection means it cannot prevent Man-in-the-middle attack. When set toFalse
, Ironic user must take enough care around infrastructure environment in terms of security. (e.g. make sure network between Ironic conductor and iRMC is secure)string representing filesystem path to directory which contains certification file: In this case, iRMC driver uses certification file stored at specified directory. Ironic conductor must be able to access that directory. For iRMC to recongnize certification file, Ironic user must run
openssl rehash <path_to_dir>
.string representing filesystem path to certification file: In this case, iRMC driver uses certification file specified. Ironic conductor must have access to that file.
The following properties are also required if
irmc-virtual-media
boot interface is used:driver_info/irmc_deploy_iso
property to be either deploy iso file name, Glance UUID, or Image Service URL.instance info/irmc_boot_iso
property to be either boot iso file name, Glance UUID, or Image Service URL. This is optional property whenboot_option
is set tonetboot
.
Configuration via ironic.conf
¶
All of the nodes are configured by setting the following configuration options in the
[irmc]
section of/etc/ironic/ironic.conf
:port
: Port to be used for iRMC operations; either 80 or 443. The default value is 443. Optional.auth_method
: Authentication method for iRMC operations; eitherbasic
ordigest
. The default value isbasic
. Optional.client_timeout
: Timeout (in seconds) for iRMC operations. The default value is 60. Optional.sensor_method
: Sensor data retrieval method; eitheripmitool
orscci
. The default value isipmitool
. Optional.
The following options are required if
irmc-virtual-media
boot interface is enabled:remote_image_share_root
: Ironic conductor node’sNFS
orCIFS
root path. The default value is/remote_image_share_root
.remote_image_server
: IP of remote image server.remote_image_share_type
: Share type of virtual media, eitherNFS
orCIFS
. The default isCIFS
.remote_image_share_name
: share name ofremote_image_server
. The default value isshare
.remote_image_user_name
: User name ofremote_image_server
.remote_image_user_password
: Password ofremote_image_user_name
.remote_image_user_domain
: Domain name ofremote_image_user_name
.
The following options are required if
irmc
inspect interface is enabled:snmp_version
: SNMP protocol version; eitherv1
,v2c
orv3
. The default value isv2c
. Optional.snmp_port
: SNMP port. The default value is161
. Optional.snmp_community
: SNMP community required for versionsv1
andv2c
. The default value ispublic
. Optional.snmp_security
: SNMP security name required for versionv3
. Optional.
Override ironic.conf
configuration via driver_info
¶
Each node can be further configured by setting the following ironic node object’s properties which override the parameter values in
[irmc]
section of/etc/ironic/ironic.conf
:driver_info/irmc_port
property overridesport
.driver_info/irmc_auth_method
property overridesauth_method
.driver_info/irmc_client_timeout
property overridesclient_timeout
.driver_info/irmc_sensor_method
property overridessensor_method
.driver_info/irmc_snmp_version
property overridessnmp_version
.driver_info/irmc_snmp_port
property overridessnmp_port
.driver_info/irmc_snmp_community
property overridessnmp_community
.driver_info/irmc_snmp_security
property overridessnmp_security
.
Optional functionalities for the irmc
hardware type¶
UEFI Secure Boot Support¶
The hardware type irmc
supports secure boot deploy.
Warning
Secure boot feature is not supported with pxe
boot interface.
The UEFI secure boot can be configured by adding secure_boot
parameter,
which is a boolean value. Enabling the secure boot is different when
Bare Metal service is used with Compute service or without Compute service. The
following sections describe both methods:
Enabling secure boot with Compute service: To enable secure boot we need to set a capability on the bare metal node and the bare metal flavor, for example:
openstack baremetal node set <node-uuid> --property capabilities='secure_boot:true' openstack flavor set FLAVOR-NAME --property capabilities:secure_boot="true"
Enabling secure boot without Compute service: Since adding capabilities to the node’s properties is only used by the nova scheduler to perform more advanced scheduling of instances, we need to enable secure boot without nova, for example:
openstack baremetal node set <node-uuid> --instance-info capabilities='{"secure_boot": "true"}'
Node Cleaning Support¶
The irmc
hardware type supports node cleaning.
For more information on node cleaning, see Node cleaning.
Supported Automated Cleaning Operations¶
The automated cleaning operations supported are:
restore_irmc_bios_config
: Restores BIOS settings on a baremetal node from backup data. If this clean step is enabled, the BIOS settings of a baremetal node will be backed up automatically before the deployment. By default, this clean step is disabled with priority0
. Set its priority to a positive integer to enable it. The recommended value is10
.Warning
pxe
boot interface, when used withirmc
hardware type, does not support this clean step. If usesirmc
hardware type, it is required to selectirmc-pxe
orirmc-virtual-media
as the boot interface in order to make this clean step work.
Configuration options for the automated cleaning steps are listed under
[irmc]
section in ironic.conf
clean_priority_restore_irmc_bios_config = 0
For more information on node automated cleaning, see Automated cleaning
Boot from Remote Volume¶
The irmc
hardware type supports the generic iPXE-based remote volume
booting when using the following boot interfaces:
irmc-pxe
pxe
In addition, the irmc
hardware type supports remote volume booting without
iPXE. This is available when using the irmc-virtual-media
boot interface.
This feature configures a node to boot from a remote volume by using the API
of iRMC. It supports iSCSI and FibreChannel.
Configuration¶
In addition to the configuration for generic drivers to remote volume boot, the iRMC driver requires the following configuration:
It is necessary to set physical port IDs to network ports and volume connectors. All cards including those not used for volume boot should be registered.
The format of a physical port ID is:
<Card Type><Slot No>-<Port No>
where:<Card Type>
: could beLAN
,FC
orCNA
<Slot No>
: 0 indicates onboard slot. Use 1 to 9 for add-on slots.<Port No>
: A port number starting from 1.
These IDs are specified in a node’s
driver_info[irmc_pci_physical_ids]
. This value is a dictionary. The key is the UUID of a resource (Port or Volume Connector) and its value is the physical port ID. For example:{ "1ecd14ee-c191-4007-8413-16bb5d5a73a2":"LAN0-1", "87f6c778-e60e-4df2-bdad-2605d53e6fc0":"CNA1-1" }
It can be set with the following command:
openstack baremetal node set $NODE_UUID \ --driver-info irmc_pci_physical_ids={} \ --driver-info irmc_pci_physical_ids/$PORT_UUID=LAN0-1 \ --driver-info irmc_pci_physical_ids/$VOLUME_CONNECTOR_UUID=CNA1-1
For iSCSI boot, volume connectors with both types
iqn
andip
are required. The configuration with DHCP is not supported yet.For iSCSI, the size of the storage network is needed. This value should be specified in a node’s
driver_info[irmc_storage_network_size]
. It must be a positive integer < 32. For example, if the storage network is 10.2.0.0/22, use the following command:openstack baremetal node set $NODE_UUID --driver-info irmc_storage_network_size=22
Supported hardware¶
The driver supports the PCI controllers, Fibrechannel Cards, Converged Network Adapters supported by Fujitsu ServerView Virtual-IO Manager.
Hardware Inspection Support¶
The irmc
hardware type provides the iRMC-specific hardware inspection
with irmc
inspect interface.
Note
SNMP requires being enabled in ServerView® iRMC S4 Web Server(Network SettingsSNMP section).
Configuration¶
The Hardware Inspection Support in the iRMC driver requires the following configuration:
It is necessary to set ironic configuration with
gpu_ids
andfpga_ids
options in[irmc]
section.gpu_ids
andfpga_ids
are lists of<vendorID>/<deviceID>
where:<vendorID>
: 4 hexadecimal digits starts with ‘0x’.<deviceID>
: 4 hexadecimal digits starts with ‘0x’.
Here are sample values for
gpu_ids
andfpga_ids
:gpu_ids = 0x1000/0x0079,0x2100/0x0080 fpga_ids = 0x1000/0x005b,0x1100/0x0180
The python-scciclient package requires pyghmi version >= 1.0.22 and pysnmp version >= 4.2.3. They are used by the conductor service on the conductor. The latest version of pyghmi can be downloaded from here and pysnmp can be downloaded from here.
Supported properties¶
The inspection process will discover the following essential properties (properties required for scheduling deployment):
memory_mb
: memory sizecpus
: number of cpuscpu_arch
: cpu architecturelocal_gb
: disk size
Inspection can also discover the following extra capabilities for iRMC driver:
irmc_firmware_version
: iRMC firmware versionrom_firmware_version
: ROM firmware versiontrusted_boot
: The flag whether TPM(Trusted Platform Module) is supported by the server. The possible values are ‘True’ or ‘False’.server_model
: server modelpci_gpu_devices
: number of gpu devices connected to the bare metal.
Inspection can also set/unset node’s traits with the following cpu type for iRMC driver:
CUSTOM_CPU_FPGA
: The bare metal contains fpga cpu type.
Note
The disk size is returned only when eLCM License for FUJITSU PRIMERGY servers is activated. If the license is not activated, then Hardware Inspection will fail to get this value.
Before inspecting, if the server is power-off, it will be turned on automatically. System will wait for a few second before start inspecting. After inspection, power status will be restored to the previous state.
The operator can specify these capabilities in compute service flavor, for example:
openstack flavor set baremetal-flavor-name --property capabilities:irmc_firmware_version="iRMC S4-8.64F"
openstack flavor set baremetal-flavor-name --property capabilities:server_model="TX2540M1F5"
openstack flavor set baremetal-flavor-name --property capabilities:pci_gpu_devices="1"
See Capabilities discovery for more details and examples.
The operator can add a trait in compute service flavor, for example:
openstack baremetal node add trait $NODE_UUID CUSTOM_CPU_FPGA
A valid trait must be no longer than 255 characters. Standard traits are
defined in the os_traits library. A custom trait must start with the prefix
CUSTOM_
and use the following characters: A-Z, 0-9 and _.
RAID configuration Support¶
The irmc
hardware type provides the iRMC RAID configuration with irmc
raid interface.
Note
RAID implementation for
irmc
hardware type is based on eLCM license and SDCard. Otherwise, SP(Service Platform) in lifecycle management must be available.RAID implementation only supported for RAIDAdapter 0 in Fujitsu Servers.
Configuration¶
The RAID configuration Support in the iRMC drivers requires the following configuration:
It is necessary to set ironic configuration into Node with JSON file option:
$ openstack baremetal node set <node-uuid-or-name> \ --target-raid-config <JSON file containing target RAID configuration>
Here is some sample values for JSON file:
{ "logical_disks": [ { "size_gb": 1000, "raid_level": "1" ] }
or:
{ "logical_disks": [ { "size_gb": 1000, "raid_level": "1", "controller": "FTS RAID Ctrl SAS 6G 1GB (D3116C) (0)", "physical_disks": [ "0", "1" ] } ] }
Note
RAID 1+0 and 5+0 in iRMC driver does not support property physical_disks
in target_raid_config
during create raid configuration yet. See
following example:
{
"logical_disks":
[
{
"size_gb": "MAX",
"raid_level": "1+0"
}
]
}
See RAID Configuration for more details and examples.
Supported properties¶
The RAID configuration using iRMC driver supports following parameters in JSON file:
size_gb
: is mandatory properties in Ironic.raid_level
: is mandatory properties in Ironic. Currently, iRMC Server supports following RAID levels: 0, 1, 5, 6, 1+0 and 5+0.controller
: is name of the controller as read by the RAID interface.physical_disks
: are specific values for each raid array in LogicalDrive which operator want to set them along withraid_level
.
The RAID configuration is supported as a manual cleaning step.
Note
iRMC server will power-on after create/delete raid configuration is applied, FGI (Foreground Initialize) will process raid configuration in iRMC server, thus the operation will completed upon power-on and power-off when created RAID on iRMC server.
See RAID Configuration for more details and examples.
BIOS configuration Support¶
The irmc
hardware type provides the iRMC BIOS configuration with irmc
bios interface.
Warning
irmc
bios interface does not support factory_reset
.
Configuration¶
The BIOS configuration in the iRMC driver supports the following settings:
boot_option_filter
: Specifies from which drives can be booted. This supports following options:UefiAndLegacy
,LegacyOnly
,UefiOnly
.check_controllers_health_status_enabled
: The UEFI FW checks the controller health status. This supports following options:true
,false
.cpu_active_processor_cores
: The number of active processor cores 1…n. Option 0 indicates that all available processor cores are active.cpu_adjacent_cache_line_prefetch_enabled
: The processor loads the requested cache line and the adjacent cache line. This supports following options:true
,false
.cpu_vt_enabled
: Supports the virtualization of platform hardware and several software environments, based on Virtual Machine Extensions to support the use of several software environments using virtual computers. This supports following options:true
,false
.flash_write_enabled
: The system BIOS can be written. Flash BIOS update is possible. This supports following options:true
,false
.hyper_threading_enabled
: Hyper-threading technology allows a single physical processor core to appear as several logical processors. This supports following options:true
,false
.keep_void_boot_options_enabled
: Boot Options will not be removed from “Boot Option Priority” list. This supports following options:true
,false
.launch_csm_enabled
: Specifies whether the Compatibility Support Module (CSM) is executed. This supports following options:true
,false
.os_energy_performance_override_enabled
: Prevents the OS from overruling any energy efficiency policy setting of the setup. This supports following options:true
,false
.pci_aspm_support
: Active State Power Management (ASPM) is used to power-manage the PCI Express links, thus consuming less power. This supports following options:Disabled
,Auto
,L0Limited
,L1only
,L0Force
.pci_above_4g_decoding_enabled
: Specifies if memory resources above the 4GB address boundary can be assigned to PCI devices. This supports following options:true
,false
.power_on_source
: Specifies whether the switch on sources for the system are managed by the BIOS or the ACPI operating system. This supports following options:BiosControlled
,AcpiControlled
.single_root_io_virtualization_support_enabled
: Single Root IO Virtualization Support is active. This supports following options:true
,false
.
The BIOS configuration is supported as a manual cleaning step. See BIOS Configuration for more details and examples.
Supported platforms¶
This driver supports FUJITSU PRIMERGY BX S4 or RX S8 servers and above.
PRIMERGY BX920 S4
PRIMERGY BX924 S4
PRIMERGY RX300 S8
When irmc
power interface is used, Soft Reboot (Graceful Reset) and Soft
Power Off (Graceful Power Off) are only available if
ServerView agents
are installed. See iRMC S4 Manual
for more details.
RAID configuration feature supports FUJITSU PRIMERGY servers with RAID-Ctrl-SAS-6G-1GB(D3116C) controller and above. For detail supported controller with OOB-RAID configuration, please see the whitepaper for iRMC RAID configuration.