Ironic guide

This guide provides an instruction for adding Ironic support for CCP deployment.



That it’s not the CCP responsibility to manage networking for baremetal servers. Ironic assumes that networking is properly configured in underlay.


  • Ironic conductor has access to IPMI of baremetal servers or to hypervisor when baremetal server is simulated by VM.
  • Baremetal servers are attached to physical baremetal network.
  • Swift, Ironic API endpoints, neutron-dhcp-agent, PXE/iPXE services are accessible from baremetal network.
  • Swift and Ironic API endpoints has valid SSL certificate or Ironic deploy driver allows unverified connections.
  • Baremetal network is accessible from Ironic conductor.



Ironic requires single flat network in Neutron which has L2 connectivity to physical baremetal network and appropriate L3 settings.

Example case when required access to Ironic services provided via Neutron external network:

# Create external network
neutron net-create ext --router:external true --shared --provider:network_type flat --provider:physical_network physnet1

# Create subnet in external network, here - is provider gateway
neutron subnet-create --name ext --gateway --allocation-pool start=,end= ext

# Create internal network, here physnet2 is mapped to physical baremetal network
neutron net-create --shared --provider:network_type flat --provider:physical_network physnet2 baremetal

# Create subnet in internal network, here - is address of Neutron router, - is address of DNS server which can resolve external endpoints
neutron subnet-create --name baremetal --gateway --allocation-pool start=,end= --dns-nameserver baremetal

# Create router and connect networks
neutron router-create r1
neutron router-gateway-set r1 ext
neutron router-interface-add r1 baremetal

Example case when required access to Ironic services provided directly from baremetal network:

# Create internal network, here physnet2 is mapped to physical baremetal network
neutron net-create --shared --provider:network_type flat --provider:physical_network physnet2 baremetal

# Create subnet in internal network, here - is address Underlay router, which provides required connectivity
neutron subnet-create --name baremetal --gateway --allocation-pool start=,end= --dns-nameserver baremetal



Make sure that Radosgw is deployed, available and configured in Glance as default Swift storage backend. Refer to Ceph and Swift guide guide for deploy Radosgw and configure Glance.



  • Underlay networking
  • Neutron networking
  • Glance/Swift configuration

Deploy CCP with Ironic

In order to deploy CCP with Ironic you have to deploy following components: * ironic-api * ironic-conductor * nova-compute-ironic


nova-compute-ironic is same as regular nova-compute service, but with special compute_driver required for integration Nova with Ironic. It requires neutron-openvswitch-agent running on same host. Is not possible to deploy nova-compute-ironic and regular nova-compute on same host. nova-compute-ironic has no significant load and can be deployed on controller node.

Ironic requires single endpoints for Swift and API accessible from remote baremetal network, Ingress should be configured.

Example of ccp.yaml:

    [all default controller services]
    - ironic-api
    - ironic-conductor
    - nova-compute-ironic
      - name: "physnet1"
        bridge_name: "br-ex"
        interface: "ens8"
        flat: true
        vlan_range: "1001:1030"
      - name: "physnet2"
        bridge_name: "br-bm"
        interface: "ens9"
        flat: true
        vlan_range: "1001:1030"
    fsid: "a1adbec9-98cb-4d75-a236-2c595b73a8de"
    mon_host: ""
    key: "AQCDIStYGty1ERAALFeBif/6Y49s9S/hyVFXyw=="
      enable: true
    enabled: true

Now you’re ready to deploy Ironic to existing CCP cluster.

ccp deploy -c ironic-api ironic-conductor nova-compute-ironic

Provision baremetal instance

Depends on selected deploy driver, provision procedure may differ. Basically provision require following steps: * Upload service and user’s images to Glance * Create baremetal node in Ironic * Create node port in Ironic * Create appropriate flavor in Nova * Boot instance

Example with agent_ssh driver:


Agent drivers will download images from Swift endpoint, in case you using self-signed certificates, make sure that agent allows unverified SSL connections.

Upload service kernel/ramdisk images, required for driver:


glance image-create --name kernel \
--visibility public \
--disk-format aki --container-format aki \
--file tinyipa-stable-newton.vmlinuz

glance image-create --name ramdisk \
--visibility public \
--disk-format ari --container-format ari \
--file tinyipa-stable-newton.gz

Upload user’s image, which should be provisioned on baremetal node:


glance image-create --name cirros \
--visibility public \
--disk-format qcow2 \
--container-format bare \
--file cirros-0.3.4-x86_64-disk.img \
--property hypervisor_type='baremetal' \
--property cpu_arch='x86_64'

Create baremetal node with port in Ironic:

ironic node-create \
-n vm_node1 \
-d agent_ssh \
-i deploy_kernel=2fe932bf-a961-4d09-b0b0-72806edf05a4 \  # UUID of uploaded kernel image
-i deploy_ramdisk=5546dead-e8a4-4ebd-93cf-a118580c33d5 \ # UUID of uploaded ramdisk image
-i ssh_address= \ # address of hypervisor with VM (simulated baremetal server)
-i ssh_username=user \ # credentials for ssh access to hypervisor
-i ssh_password=password \
-i ssh_virt_type=virsh \
-p cpus=1 \
-p memory_mb=3072 \
-p local_gb=150 \
-p cpu_arch=x86_64

ironic port-create -n vm_node1 -a 52:54:00:a4:eb:d5 # MAC address of baremetal server

Verify that node is available as Nova hypervisor:

ironic node-validate vm_node1 # Should has no errors in management, power interfaces
nova hypervisor-show 1 # Should output correct information about resources (cpu, mem, disk)

Create nova flavor:

nova flavor-create bm_flavor auto 3072 150 1
nova flavor-key bm_flavor set cpu_arch=x86_64

Boot baremetal instance:

nova boot --flavor bm_flavor \
--image 11991c4e-95fd-4ad1-87a3-c67ec31c46f3 \ # Uploaded Cirros image
--nic net-id=0824d199-5c2a-4c25-be2c-14b5ab5a2838 \ # UUID of Neutron baremetal network


If something goes wrong, please ensure first: * You understand how Ironic works * Underlay networking is configured properly

For more information about issues, you may enable ironic.logging_debug and check logs of following pods: - nova-scheduler - nova-compute-ironic - ironic-api - ironic-conductor - neutron-server