This is the first in a series of commits to add support for codespell. This is continuning the process completed in ironic-python-agent. Future Commits will add a Tox Target, CI support and potentially a git-blame-ignore-revs file if their are lots of spelling mistakes that could clutter git blame. Change-Id: Id328ff64c352e85b58181e9d9e35973a8706ab7a
26 KiB
iRMC driver
Overview
The iRMC driver enables control FUJITSU PRIMERGY via ServerView
Common Command Interface (SCCI). Support for FUJITSU PRIMERGY servers
consists of the irmc
hardware type and a few hardware
interfaces specific for that hardware type.
Prerequisites
Install python-scciclient and pysnmp packages:
$ pip install "python-scciclient>=0.7.2" pysnmp
Hardware Type
The irmc
hardware type is available for FUJITSU PRIMERGY
servers. For information on how to enable the irmc
hardware
type, see enable-hardware-types
.
Hardware interfaces
The irmc
hardware type overrides the selection of the
following hardware interfaces:
- bios
-
Supports
irmc
andno-bios
. The default isirmc
.
- boot
-
Supports
irmc-virtual-media
,irmc-pxe
, andpxe
. The default isirmc-virtual-media
. Theirmc-virtual-media
boot interface enables the virtual media based deploy with IPA (Ironic Python Agent).Warning
We deprecated the
pxe
boot interface when used withirmc
hardware type. Support for this interface will be removed in the future. Instead, useirmc-pxe
.irmc-pxe
boot interface was introduced in Pike.
- console
-
Supports
ipmitool-socat
,ipmitool-shellinabox
, andno-console
. The default isipmitool-socat
.
- inspect
-
Supports
irmc
,inspector
, andno-inspect
. The default isirmc
.Note
Ironic Inspector <>
needs to be present and configured to useinspector
as the inspect interface.
- management
-
Supports only
irmc
.
- power
-
Supports
irmc
, which enables power control via ServerView Common Command Interface (SCCI), by default. Also supportsipmitool
.
- raid
-
Supports
irmc
,no-raid
andagent
. The default isno-raid
.
For other hardware interfaces, irmc
hardware type
supports the Bare Metal reference interfaces. For more details about the
hardware interfaces and how to enable the desired ones, see enable-hardware-interfaces
.
Here is a complete configuration example with most of the supported
hardware interfaces enabled for irmc
hardware type.
[DEFAULT]
enabled_hardware_types = irmc
enabled_bios_interfaces = irmc
enabled_boot_interfaces = irmc-virtual-media,irmc-pxe
enabled_console_interfaces = ipmitool-socat,ipmitool-shellinabox,no-console
enabled_deploy_interfaces = direct
enabled_inspect_interfaces = irmc,inspector,no-inspect
enabled_management_interfaces = irmc
enabled_network_interfaces = flat,neutron
enabled_power_interfaces = irmc
enabled_raid_interfaces = no-raid,irmc
enabled_storage_interfaces = noop,cinder
enabled_vendor_interfaces = no-vendor,ipmitool
Here is a command example to enroll a node with irmc
hardware type.
baremetal node create \
--bios-interface irmc \
--boot-interface irmc-pxe \
--deploy-interface direct \
--inspect-interface irmc \
--raid-interface irmc
Node configuration
Configuration via
driver_info
Each node is configured for
irmc
hardware type by setting the following ironic node object's properties:driver_info/irmc_address
property to beIP address
orhostname
of the iRMC.driver_info/irmc_username
property to beusername
for the iRMC with administrator privileges.driver_info/irmc_password
property to bepassword
for irmc_username.
Note
Fujitsu server equipped with iRMC S6 2.00 or later version of firmware disables IPMI over LAN by default. However user may be able to enable IPMI via BMC settings. To handle this change,
irmc
hardware type first tries IPMI and, if IPMI operation fails,irmc
hardware type uses Redfish API of Fujitsu server to provide Ironic functionalities. So if user deploys Fujitsu server with iRMC S6 2.00 or later, user needs to set Redfish related parameters indriver_info
.driver_info/redifsh_address
property to beIP address
orhostname
of the iRMC. You can prefix it with protocol (e.g.https://
). If you don't provide protocol, Ironic assumes HTTPS (i.e. addhttps://
prefix). iRMC with S6 2.00 or later only support HTTPS connection to Redfish API.driver_info/redfish_username
to be user name of iRMC with administrative privilegesdriver_info/redfish_password
to be password ofredfish_username
driver_info/redfish_verify_ca
accepts values those accepted indriver_info/irmc_verify_ca
driver_info/redfish_auth_type
to be one ofbasic
,session
orauto
If
port
in[irmc]
section of/etc/ironic/ironic.conf
ordriver_info/irmc_port
is set to 443,driver_info/irmc_verify_ca
will take effect:driver_info/irmc_verify_ca
property takes one of 4 value (default value isTrue
):True
: When set toTrue
, which certification file iRMC driver uses is determined byrequests
Python module.Value of
driver_info/irmc_verify_ca
is passed toverify
argument of functions defined inrequests
Python module. So which certification will be used is depend on behavior ofrequests
module. (maybe certification provided bycertifi
Python module)False
: When set toFalse
, iRMC driver won't verify server certification with certification file during HTTPS connection with iRMC. Just stop to verify server certification, but does HTTPS.Warning
When set to
False
, user must notice that it can result in vulnerable situation. Stopping verification of server certification during HTTPS connection means it cannot prevent Man-in-the-middle attack. When set toFalse
, Ironic user must take enough care around infrastructure environment in terms of security. (e.g. make sure network between Ironic conductor and iRMC is secure)string representing filesystem path to directory which contains certification file: In this case, iRMC driver uses certification file stored at specified directory. Ironic conductor must be able to access that directory. For iRMC to recognize certification file, Ironic user must run
openssl rehash <path_to_dir>
.string representing filesystem path to certification file: In this case, iRMC driver uses certification file specified. Ironic conductor must have access to that file.
The following properties are also required if
irmc-virtual-media
boot interface is used:driver_info/deploy_iso
property to be either deploy iso file name, Glance UUID, or Image Service URL.instance info/boot_iso
property to be either boot iso file name, Glance UUID, or Image Service URL. This is used with theramdisk
deploy interface.
Note
The
deploy_iso
andboot_iso
properties used to be calledirmc_deploy_iso
andirmc_boot_iso
accordingly before the Xena release.The following properties are also required if
irmc
inspect interface is enabled and SNMPv3 inspection is desired.driver_info/irmc_snmp_user
property to be the SNMPv3 username. SNMPv3 functionality should be enabled for this user on iRMC server side.driver_info/irmc_snmp_auth_password
property to be the auth protocol pass phrase. The length of pass phrase should be at least 8 characters.driver_info/irmc_snmp_priv_password
property to be the privacy protocol pass phrase. The length of pass phrase should be at least 8 characters.
Configuration via
properties
- Each node is configured for
irmc
hardware type by setting the following ironic node object's properties:properties/capabilities
property to beboot_mode:uefi
if UEFI boot is required, orboot_mode:bios
if Legacy BIOS is required. If this is not set,default_boot_mode
at[default]
section inironic.conf
will be used.properties/capabilities
property to besecure_boot:true
if UEFI Secure Boot is required. Please refer to UEFI Secure Boot Support for more information.
Configuration via
ironic.conf
- All of the nodes are configured by setting the following
configuration options in the
[irmc]
section of/etc/ironic/ironic.conf
:port
: Port to be used for iRMC operations; either 80 or 443. The default value is 443. Optional.Note
Since iRMC S6 2.00, iRMC firmware doesn't support HTTP connection to REST API. If you deploy server with iRMS S6 2.00 and later, please set
port
to 443.irmc
hardware type providesverify_step
namedverify_http_https_connection_and_fw_version
to check HTTP(S) connection to iRMC REST API. If HTTP(S) connection is successfully established, then it fetches and caches iRMC firmware version. If HTTP(S) connection to iRMC REST API failed, Ironic node's state moves toenroll
with suggestion put in log message. Default priority of this verify step is 10.If operator updates iRMC firmware version of node, operator should run
cache_irmc_firmware_version
node vendor passthru method to update iRMC firmware version stored indriver_internal_info/irmc_fw_version
.auth_method
: Authentication method for iRMC operations; eitherbasic
ordigest
. The default value isbasic
. Optional.client_timeout
: Timeout (in seconds) for iRMC operations. The default value is 60. Optional.sensor_method
: Sensor data retrieval method; eitheripmitool
orscci
. The default value isipmitool
. Optional.
- The following options are required if
irmc-virtual-media
boot interface is enabled:remote_image_share_root
: Ironic conductor node'sNFS
orCIFS
root path. The default value is/remote_image_share_root
.remote_image_server
: IP of remote image server.remote_image_share_type
: Share type of virtual media, eitherNFS
orCIFS
. The default isCIFS
.remote_image_share_name
: share name ofremote_image_server
. The default value isshare
.remote_image_user_name
: User name ofremote_image_server
.remote_image_user_password
: Password ofremote_image_user_name
.remote_image_user_domain
: Domain name ofremote_image_user_name
.
- The following options are required if
irmc
inspect interface is enabled:snmp_version
: SNMP protocol version; eitherv1
,v2c
orv3
. The default value isv2c
. Optional.snmp_port
: SNMP port. The default value is161
. Optional.snmp_community
: SNMP community required for versionsv1
andv2c
. The default value ispublic
. Optional.snmp_security
: SNMP security name required for versionv3
. Optional.snmp_auth_proto
: The SNMPv3 auth protocol. If using iRMC S4 or S5, the valid value of this option is onlysha
. If using iRMC S6, the valid values aresha256
,sha384
andsha512
. The default value issha
. Optional.snmp_priv_proto
: The SNMPv3 privacy protocol. The valid value and the default value are bothaes
. We will add more supported valid values in the future. Optional.Warning
We deprecated the
snmp_security
option when use SNMPv3 inspection. Support for this option will be removed in the future. Instead, setdriver_info/irmc_snmp_user
parameter for each node if SNMPv3 inspection is needed.
Override
ironic.conf
configuration via driver_info
- Each node can be further configured by setting the following ironic
node object's properties which override the parameter values in
[irmc]
section of/etc/ironic/ironic.conf
:driver_info/irmc_port
property overridesport
.driver_info/irmc_auth_method
property overridesauth_method
.driver_info/irmc_client_timeout
property overridesclient_timeout
.driver_info/irmc_sensor_method
property overridessensor_method
.driver_info/irmc_snmp_version
property overridessnmp_version
.driver_info/irmc_snmp_port
property overridessnmp_port
.driver_info/irmc_snmp_community
property overridessnmp_community
.driver_info/irmc_snmp_security
property overridessnmp_security
.driver_info/irmc_snmp_auth_proto
property overridessnmp_auth_proto
.driver_info/irmc_snmp_priv_proto
property overridessnmp_priv_proto
.
Optional
functionalities for the irmc
hardware type
UEFI Secure Boot Support
The hardware type irmc
supports secure boot deploy, see
secure-boot
for
details.
Warning
Secure boot feature is not supported with pxe
boot
interface.
Node Cleaning Support
The irmc
hardware type supports node cleaning. For more
information on node cleaning, see cleaning
.
Supported Automated Cleaning Operations
The automated cleaning operations supported are:
restore_irmc_bios_config
: Restores BIOS settings on a baremetal node from backup data. If this clean step is enabled, the BIOS settings of a baremetal node will be backed up automatically before the deployment. By default, this clean step is disabled with priority0
. Set its priority to a positive integer to enable it. The recommended value is10
.Warning
pxe
boot interface, when used withirmc
hardware type, does not support this clean step. If usesirmc
hardware type, it is required to selectirmc-pxe
orirmc-virtual-media
as the boot interface in order to make this clean step work.
Configuration options for the automated cleaning steps are listed
under [irmc]
section in ironic.conf :
clean_priority_restore_irmc_bios_config = 0
For more information on node automated cleaning, see automated_cleaning
Boot from Remote Volume
The irmc
hardware type supports the generic PXE-based
remote volume booting when using the following boot interfaces:
irmc-pxe
pxe
In addition, the irmc
hardware type supports remote
volume booting without PXE. This is available when using the
irmc-virtual-media
boot interface. This feature configures
a node to boot from a remote volume by using the API of iRMC. It
supports iSCSI and FibreChannel.
Configuration
In addition to the configuration for generic drivers to remote volume boot <boot-from-volume>
, the iRMC
driver requires the following configuration:
It is necessary to set physical port IDs to network ports and volume connectors. All cards including those not used for volume boot should be registered.
The format of a physical port ID is:
<Card Type><Slot No>-<Port No>
where:<Card Type>
: could beLAN
,FC
orCNA
<Slot No>
: 0 indicates onboard slot. Use 1 to 9 for add-on slots.<Port No>
: A port number starting from 1.
These IDs are specified in a node's
driver_info[irmc_pci_physical_ids]
. This value is a dictionary. The key is the UUID of a resource (Port or Volume Connector) and its value is the physical port ID. For example:{ "1ecd14ee-c191-4007-8413-16bb5d5a73a2":"LAN0-1", "87f6c778-e60e-4df2-bdad-2605d53e6fc0":"CNA1-1" }
It can be set with the following command:
baremetal node set $NODE_UUID \ --driver-info irmc_pci_physical_ids={} \ --driver-info irmc_pci_physical_ids/$PORT_UUID=LAN0-1 \ --driver-info irmc_pci_physical_ids/$VOLUME_CONNECTOR_UUID=CNA1-1
For iSCSI boot, volume connectors with both types
iqn
andip
are required. The configuration with DHCP is not supported yet.For iSCSI, the size of the storage network is needed. This value should be specified in a node's
driver_info[irmc_storage_network_size]
. It must be a positive integer < 32. For example, if the storage network is 10.2.0.0/22, use the following command:baremetal node set $NODE_UUID --driver-info irmc_storage_network_size=22
Supported hardware
The driver supports the PCI controllers, Fibrechannel Cards, Converged Network Adapters supported by Fujitsu ServerView Virtual-IO Manager.
Hardware Inspection Support
The irmc
hardware type provides the iRMC-specific
hardware inspection with irmc
inspect interface.
Note
SNMP requires being enabled in ServerView® iRMC S4 Web Server(Network SettingsSNMP section).
Configuration
The Hardware Inspection Support in the iRMC driver requires the following configuration:
It is necessary to set ironic configuration with
gpu_ids
andfpga_ids
options in[irmc]
section.gpu_ids
andfpga_ids
are lists of<vendorID>/<deviceID>
where:<vendorID>
: 4 hexadecimal digits starts with '0x'.<deviceID>
: 4 hexadecimal digits starts with '0x'.
Here are sample values for
gpu_ids
andfpga_ids
:gpu_ids = 0x1000/0x0079,0x2100/0x0080 fpga_ids = 0x1000/0x005b,0x1100/0x0180
The python-scciclient package requires pyghmi version >= 1.0.22 and pysnmp version >= 4.2.3. They are used by the conductor service on the conductor. The latest version of pyghmi can be downloaded from here and pysnmp can be downloaded from here.
Supported properties
The inspection process will discover the following properties:
memory_mb
: memory sizecpu_arch
: cpu architecturelocal_gb
: disk size
Inspection can also discover the following extra capabilities for iRMC driver:
irmc_firmware_version
: iRMC firmware versionrom_firmware_version
: ROM firmware versionserver_model
: server modelpci_gpu_devices
: number of gpu devices connected to the bare metal.
Inspection can also set/unset node's traits with the following cpu type for iRMC driver:
CUSTOM_CPU_FPGA
: The bare metal contains fpga cpu type.
Note
- The disk size is returned only when eLCM License for FUJITSU PRIMERGY servers is activated. If the license is not activated, then Hardware Inspection will fail to get this value.
- Before inspecting, if the server is power-off, it will be turned on automatically. System will wait for a few second before start inspecting. After inspection, power status will be restored to the previous state.
The operator can specify these capabilities in compute service flavor, for example:
openstack flavor set baremetal-flavor-name --property capabilities:irmc_firmware_version="iRMC S4-8.64F"
openstack flavor set baremetal-flavor-name --property capabilities:server_model="TX2540M1F5"
openstack flavor set baremetal-flavor-name --property capabilities:pci_gpu_devices="1"
See capabilities-discovery
for more details and
examples.
The operator can add a trait in compute service flavor, for example:
baremetal node add trait $NODE_UUID CUSTOM_CPU_FPGA
A valid trait must be no longer than 255 characters. Standard traits
are defined in the os_traits library. A custom trait must start with the
prefix CUSTOM_
and use the following characters: A-Z, 0-9
and _.
RAID configuration Support
The irmc
hardware type provides the iRMC RAID
configuration with irmc
raid interface.
Note
- RAID implementation for
irmc
hardware type is based on eLCM license and SDCard. Otherwise, SP(Service Platform) in lifecycle management must be available. - RAID implementation only supported for RAIDAdapter 0 in Fujitsu Servers.
Configuration
The RAID configuration Support in the iRMC drivers requires the following configuration:
It is necessary to set ironic configuration into Node with JSON file option:
$ baremetal node set <node-uuid-or-name> \ --target-raid-config <JSON file containing target RAID configuration>
Here is some sample values for JSON file:
{ "logical_disks": [ { "size_gb": 1000, "raid_level": "1" ] }
or:
{ "logical_disks": [ { "size_gb": 1000, "raid_level": "1", "controller": "FTS RAID Ctrl SAS 6G 1GB (D3116C) (0)", "physical_disks": [ "0", "1" ] } ] }
Note
RAID 1+0 and 5+0 in iRMC driver does not support property
physical_disks
in target_raid_config
during
create raid configuration yet. See following example:
{
"logical_disks":
[
{
"size_gb": "MAX",
"raid_level": "1+0"
}
]
}
See raid
for more
details and examples.
Supported properties
The RAID configuration using iRMC driver supports following parameters in JSON file:
size_gb
: is mandatory properties in Ironic.raid_level
: is mandatory properties in Ironic. Currently, iRMC Server supports following RAID levels: 0, 1, 5, 6, 1+0 and 5+0.controller
: is name of the controller as read by the RAID interface.physical_disks
: are specific values for each raid array in LogicalDrive which operator want to set them along withraid_level
.
The RAID configuration is supported as a manual cleaning step.
Note
- iRMC server will power-on after create/delete raid configuration is applied, FGI (Foreground Initialize) will process raid configuration in iRMC server, thus the operation will completed upon power-on and power-off when created RAID on iRMC server.
See raid
for more
details and examples.
BIOS configuration Support
The irmc
hardware type provides the iRMC BIOS
configuration with irmc
bios interface.
Warning
irmc
bios interface does not support
factory_reset
.
Starting from version 0.10.0
of
python-scciclient
, the BIOS setting obtained may not be the
latest. If you want to get the latest BIOS setting, you need to delete
the existing BIOS profile in iRMC. For example:
curl -u user:pass -H "Content-type: application/json" -X DELETE -i http://192.168.0.1/rest/v1/Oem/eLCM/ProfileManagement/BiosConfig
Configuration
The BIOS configuration in the iRMC driver supports the following settings:
boot_option_filter
: Specifies from which drives can be booted. This supports following options:UefiAndLegacy
,LegacyOnly
,UefiOnly
.check_controllers_health_status_enabled
: The UEFI FW checks the controller health status. This supports following options:true
,false
.cpu_active_processor_cores
: The number of active processor cores 1...n. Option 0 indicates that all available processor cores are active.cpu_adjacent_cache_line_prefetch_enabled
: The processor loads the requested cache line and the adjacent cache line. This supports following options:true
,false
.cpu_vt_enabled
: Supports the virtualization of platform hardware and several software environments, based on Virtual Machine Extensions to support the use of several software environments using virtual computers. This supports following options:true
,false
.flash_write_enabled
: The system BIOS can be written. Flash BIOS update is possible. This supports following options:true
,false
.hyper_threading_enabled
: Hyper-threading technology allows a single physical processor core to appear as several logical processors. This supports following options:true
,false
.keep_void_boot_options_enabled
: Boot Options will not be removed from "Boot Option Priority" list. This supports following options:true
,false
.launch_csm_enabled
: Specifies whether the Compatibility Support Module (CSM) is executed. This supports following options:true
,false
.os_energy_performance_override_enabled
: Prevents the OS from overruling any energy efficiency policy setting of the setup. This supports following options:true
,false
.pci_aspm_support
: Active State Power Management (ASPM) is used to power-manage the PCI Express links, thus consuming less power. This supports following options:Disabled
,Auto
,L0Limited
,L1only
,L0Force
.pci_above_4g_decoding_enabled
: Specifies if memory resources above the 4GB address boundary can be assigned to PCI devices. This supports following options:true
,false
.power_on_source
: Specifies whether the switch on sources for the system are managed by the BIOS or the ACPI operating system. This supports following options:BiosControlled
,AcpiControlled
.single_root_io_virtualization_support_enabled
: Single Root IO Virtualization Support is active. This supports following options:true
,false
.
The BIOS configuration is supported as a manual cleaning step. See
bios
for more details
and examples.
Supported platforms
This driver supports FUJITSU PRIMERGY RX M4 servers and above.
When irmc
power interface is used, Soft Reboot (Graceful
Reset) and Soft Power Off (Graceful Power Off) are only available if ServerView
agents are installed. See iRMC
S4 Manual for more details.
RAID configuration feature supports FUJITSU PRIMERGY servers with RAID-Ctrl-SAS-6G-1GB(D3116C) controller and above. For detail supported controller with OOB-RAID configuration, please see the whitepaper for iRMC RAID configuration.