Quick Setup Guide For PMB

This article provides a quick setup guide for Platform9 Managed Bare-Metal (PMB). If you are new to PMB, we recommend starting with Platform9 Managed Bare Metal Overview and Platform9 Managed Bare Metal Architecture first.

PMB transforms your bare metal physical servers into a fully automated, zero-touch bare metal cloud that is ready to run virtualization, Kubernetes or any other application.

System Requirements

To deploy the baremetal Controller in a pilot or proof of concept environment Platform9 recommends the use of a physical server so simplify network and VLAN configuration. The baremetal Controller must be running CentOS 7.6 and have at least 4 CPUs, 16 BG of RAM and 120GB of hard drive space. The baremetal Controller not only discovers and orchestrates the baremetal cloud, it hosts an image library that will contain any application and operating system images that will be made available to users of the baremetal cloud. The Controllers connection onto the provisioning network is the critical component that enables the discovery of physical servers and the eventual orchestration of the baremetal cloud.

The provisioning network must be a FLAT network that is connected into the the physical servers that will be discovered and added as nodes into the baremetal cloud. The provisioning network must have access to the gateway IP of the subnet that the physical servers are attached to and no DHCP servers, the baremetal Controller will take on the DHCP responsibilities. Optional configurations include having Single Access Port Enabled or Trunk VLAN Native (PVID) if the flat network is coexisting on switch infrastructure that will also handle NIC teaming on servers and multiple VLANs for other networks. The provisioning network should operate as a dedicated network within the datacenter, this simplifies the management of the target physical servers and helps improve security.

For the provisioning network to function correctly each of the attached physical servers must support IPMI 2.0 and should have a single dedicated network interface card that is attached to the provisioning network and also be the dedicated PXE boot NIC. If LACP is enabled (NIC Teaming) the associated networks switching infrastructure must have LACP Fallback enabled. Beyond the configuration of the physical servers network card, PXE Boot and IMPI 2.0 support the specifications of the each server is dependent on the intended use. If the intended use is to run Platform9 Managed Kubernetes (PMK) or Platform9 Managed OpenStack (PMO) please ensure that each host meets the required minimum specifications below.

Requirements for Platform9 Managed Bare Metal

Below is a summary of requirements to deploy a baremetal pilot or proof of concept.

- Bare Metal Controller

    Role: Bare Metal Controller

      Physical or Virtual

      OS Linux RHEL/CentOS

      Connectivity: Outbound HTTPS connectivity on 443 to platform9.net

      Server Requirements:

        CPU - 4

        RAM - 16GB

        Storage - 120GB

        Networking: 1 NIC attached to the provisioning network

- Provisioning Network

    Role: A dedicated flat network for bare metal nodes orchestration utilizing IPMI

​

- Bare Metal Nodes

    Role: Target physical servers to be part of the baremetal cloud

      1 to 3 physical servers

      Server Requirements:

        CPU - 4

        RAM - 16GB

        Storage - 120GB

        Networking: 1 NIC attached to the provisioning network

- Application and Operating System images

Requirements for integrating your bare metal cloud with PMK or PMO

1-3 physical servers - We recommend starting with 3 servers but you can start with 1

Each server configured with:

  CPU: Minimum 8 Physical Cores RECOMMENDED 2 Physical Sockets, 8 Cores Each

  RAM: Minimum 16GB RECOMMENDED 32GB

  Storage: Minimum 100GB RECOMMENDED 1TB (If Virtual Machines of Kubernetes are to be run utilizing local storage)

Note that although you can deploy any image on your bare metal servers, PMO or PMK support the following operating systems:

• CentOS 7+ (64-bit)
• RHEL 7+ (64-bit)
• Ubuntu LTS 16.04 (64-bit)
• Ubuntu LTS 18.04 (64-bit)

The steps below assume that both the physical target servers are provisioned and that two networks are in-place.

• At least 2 physical servers exist, 1 to become the baremetal Controller and one to proof baremetal cloud discovery and orchestration.
• Each physical server has a single NIC with PXE Boot enable & is attached to the dedicated provisioning network.
• Each physical server has a second NIC that is attached to the management network.
• Provisioning Network is setup, no DHCP is setup, the Subnets Gateway IP is reachable.
• Management Network is setup, outbound connectivity on port 443 to platform9.net has been confirmed.

Bare Metal Deployment Steps Overview

1. Sign Up for Platform9 and log in to the SaaS Management platform
2. Configure the target physical servers and physical network
3. Ensure PXE Boot and IMPI 2.0 is supported and configured across all physical Servers and capture the required IMPI credentials
4. Provision a host to become the baremetal Controller with at least 2 NICS and install CentOS/RHEL 7.6
5. Validate connectivity to the Platform9 SaaS management plane on port 443 from the baremetal Controller host
6. Document the Provisioning Network Subnet, Gateway IP Address, DNS Domain, DNS Forwarding Addresses and baremetal IP Address
7. Complete the baremetal Controller Linux Preparation Steps and setup network bridge and Open vSwtich configurations for the provisioning and management networks
8. Log into Platform9 and start the baremetal on boarding wizard:

• Configure the physical network properties
• Download & Run the baremetal Agent Software
• Configure the baremetal Controller Properties, ensuring the correct networks are configured for management and bare metal cloud provisioning
• Configure the Provisioning Network subnet ensuring the subnet allocation pool doesn’t overlap the baremetal Controller IP
• Copy the OpenStack RC prompt and execute on the baremetal Controllers
• Copy and run setup-ironic on the baremetal Controller

1. Prepare the baremetal Controller

The baremetal Controller software components can be installed into RedHat Enterprise Linux 7.6 or CentOS 7.6. Once

• RHEL/CentOS 7.6 is installed.

Prepare Linux by running the following commands

The commands below will ensure that the bare metal Controller host is correctly configured prior to the installation of the Platform9 HostAgent.

sudo sed -i s/SELINUX=enforcing/SELINUX=permissive/g /etc/selinux/config 

sudo setenforce 0 

sudo getenforce 

sudo systemctl disable firewalld 

sudo systemctl stop firewalld 

sudo systemctl disable NetworkManager 

sudo systemctl stop NetworkManager 

sudo systemctl enable network 

sudo modprobe bridge 

sudo modprobe 8021q 

sudo modprobe bonding 

sudo modprobe tun 

sudo modprobe br_netfilter 

echo "bridge" |  sudo tee /etc/modules-load.d/pf9.conf 

echo "8021q" | sudo tee --append /etc/modules-load.d/pf9.conf 

echo "bonding" | sudo tee --append /etc/modules-load.d/pf9.conf 

echo "tun" | sudo tee --append /etc/modules-load.d/pf9.conf 

echo "br_netfilter" | sudo tee --append /etc/modules-load.d/pf9.conf 

echo "net.ipv4.conf.all.rp_filter=0" | sudo tee --append /etc/sysctl.conf 

echo "net.ipv4.conf.default.rp_filter=0" | sudo tee --append /etc/sysctl.conf 

echo "net.bridge.bridge-nf-call-iptables=1" | sudo tee --append /etc/sysctl.conf 

echo "net.ipv4.ip_forward=1" | sudo tee --append /etc/sysctl.conf 

echo "net.ipv4.tcp_mtu_probing=1" | sudo tee --append /etc/sysctl.conf 

sysctl -p 

sudo yum -y install https://s3-us-west-1.amazonaws.com/platform9-neutron/noarch/platform9-neutron-repo-1-0.noarch.rpm

sudo yum -y install --disablerepo="*" --enablerepo="platform9-neutron-el7-repo" openvswitch echo -e "\e[31;43m * Enable and start Open vSwitch *\e[0m" 

sudo systemctl enable openvswitch 

sudo systemctl start openvswitch 

yum -y install net-tools 

yum -y install epel-release

Configure OVS to handle networking operations

To correctly control the baremetal cloud bare metal requires the Provisioning Network NIC to be added into the bare metal Controller’s Open vSwitch configuration. Replace the in the commands below with the correct interface.

ovs-vsctl add-br br-pf9

ovs-vsctl add-port br-pf9 <Ethernet_Port>

ifconfig br-pf9 x.x.x.x/24 up

2. Bare Metal Onboarding Setup

To create a bare metal cloud the first step is to complete the onboarding wizard. On logging into the Platform9 SaaS Management Plane a step-by-step guide will walk through the required setup starting with the creation of the provisioning network.

Onboarding is made up of 8 steps, each explained below.

1. Configure Provisioning Network
2. Install Host Agent
3. Authorize Host Agent
4. Controller Networking Configuration
5. Configure Controller
6. Bare Metal Subnet
7. Configure Bare Metal
8. Summary

Onboarding 1 - Configure the Physical Provisioning Network

Configure the provisioning network that will be used to allocate IP addresses to deployed bare metal nodes.

Onboarding Wizard

Onboarding 2 - Download the Platform9 HostAgent

The second step is to download the Platform9 HostAgent and SCP or FTP the binary to the Controller. The HostAgent will connect the Controller to the Platform9 SaaS Management Plane.

Installing Platform9 Host Agent

Alternative Download: Direct to Controller

Alternatively, you can pull the Platform9 HostAgent, pf9-download.py from our secure GitHub repository directly, once downloaded it will need to be run. To download the Platform9 Installer from GitHub run the curl command below.

curl -LO https://raw.githubusercontent.com/platform9/support-locker/master/installer/pf9-download.py

Once the download is complete, run the Platform9 Installer. It will download the HostAgent using the following details that you will need to provide.

• your_du_name: - Example: https://ironic.platform9.net
• ironic: - Example: ironic
• user_id: - Example: login@pf9.com
• OS: - Example: Redhat

python pf9-download.py --account_endpoint <your_du_name>.platform9.net --region <ironic> --user <user_id> --platform <OS>

Onboarding 3 - Install the Platform9 HostAgent

To install the HostAgent run the following command.

The platform9-install script contains the required inputs that map to the bare metal region in your Platform9 setup.

Example: platform9-install-us-mpt1-ironic-redhat.sh

bash ./platform-install-<region>-<OS-Option>.sh

• No for proxy, Yes for NTP
• Yes to install

Once the installation is finished, return to the on-boarding workflow to authorize the Controller.

Onboarding 4 - Configure Controller Networking

The Controller needs to be configured to operate on the correct network. To complete the setup the following inputs are required:

• Provisioning Network
• dnsmasq and IP
• Physical Network Config Label
• Bridge Device

Onboarding 5 - Bare Metal Cloud Network

The next on-boarding step is to create the network that bare metal nodes will be provisioned too, by providing the following information:

• Subnet Name
• Network Address CIDR
• Gateway IP
• Allocation Pool
• DNS Name Servers

Onboarding 6 - Controller Configuration

Controller configuration is crucial in ensuring that all components are available for the discovery and deployment of bare metal nodes. Run the command below:

Setup-Ironic

This step will download the required kernel and ramdisk images that PMB will use to on board bare metal nodes.

Onboarding 7 - Summary and Review

The bare metal on boarding is now complete. Summary and Review will display the newly configured bare metal Controller and bare metal cloud network. If everything looks okay, proceed to start adding the bare metal server(s) to your PMB account.

3. Configure Bare Metal Inspection

Inspection rules are critical to the proper onboarding of physical servers, inspection rules allow the auto_discovery to apply specific metadata to the discovered instances. The metadata is useful for creating custom hardware inventory items that can separate out nodes by available capabilities.

Alternatively, the Inspection rule file may be edited and uploaded directly on the baremetal Controller by SSH.

Example Custom Inspection Rule

{ 

      "description": "Set default IPMI credentials", 

      "conditions": [ {"op": "eq", "field": "data://auto_discovered", "value": true} ], 

      "actions": [ 

          {"action": "set-attribute", "path": "driver", "value": "ipmi"},

          {"action": "set-attribute", "path": "driver_info/ipmi_username", "value": "root"}, 

          {"action": "set-attribute", "path": "driver_info/ipmi_password", "value": "root"},                      {"action": "set-attribute", "path": "properties/capabilities", "value": "boot_option:local"},           {"action": "set-attribute", "path": "driver_info/deploy_kernel", "value": "f6a532ca-c4b2-4dfc-9d50-17ba5ad7c8f8"}, 

          {"action": "set-attribute", "path": "driver_info/deploy_ramdisk", "value": "eb2dfa00-a9e4-49a5-a83e-8b2cb0a72c8e"}

      ] 

  }

To implement the new inspector rule run the commands below on the baremetal Controller

TOK=openstack token issue -f value -c id

curl -X POST -i http://localhost:5050/v1/rules -H "x-auth-token: $TOK" -H "content-type: application/json" -d @inspector-rules.json

Or alternatively the OpenStack CLI may be used to import the rules.json file. OpenStack CLI Commands

openstack baremetal introspection rule import inspector-rules.json

openstack baremetal introspection rule list

openstack baremetal introspection rule show <rule-uuid>

4. Discover and Onboard Physical Servers

The discovery of physical servers is the process that catalogs and identifies the physical server infrastructure that is to be added into the bare metal cloud. To drive discovery Platform9 recommends utilizing the IMPI tools that are present on the bare metal Controller.

ipmitool -I lanplus -H <Host_IPMI_IP> -L ADMINISTRATOR -U root -P root power status

Chassis Power is off

​

ipmitool -I lanplus -H <Host_IPMI_IP> -L ADMINISTRATOR -U root -P root chassis bootdev pxe

Set Boot Device to pxe

​

ipmitool -I lanplus -H <Host_IPMI_IP> -L ADMINISTRATOR -U root -P root chassis power on

Chassis Power Control: Up/On