
deploy baremetal ipi using a dedicated vm

This repository provides a plan which deploys a vm where:

  • openshift-baremetal-install is downloaded or compiled from source (with an additional list of PR numbers to apply)
  • stop the nodes to deploy through ipmi
  • launch the install against a set of baremetal nodes. Virtual masters can also be deployed.


To deploy baremetal using bare minimum on the provisioning node


for kcli

  • kcli installed (for rhel8/cento8/fedora, look here)
  • an openshift pull secret (stored by default in openshift_pull.json)

on the provisioning node

  • libvirt daemon (with fw_cfg support)
  • two physical bridges:
    • baremetal with a nic from the external network
    • provisioning with a nic from the provisioning network. Ideally assign it an ip of
  • If you're not running as root, configure extra permissions with sudo setfacl -m u:$(id -un):rwx /var/lib/libvirt/openshift-images/*

Here's a script you can run on the provisioning node for that (adjust the nics variable as per your environment)

export MAIN_CONN=eno2
sudo nmcli connection add ifname baremetal type bridge con-name baremetal
sudo nmcli con add type bridge-slave ifname "$MAIN_CONN" master baremetal
sudo nmcli con down "System $MAIN_CONN"; sudo pkill dhclient; sudo dhclient baremetal
export PROV_CONN=eno1
sudo nmcli connection add ifname provisioning type bridge con-name provisioning
sudo nmcli con add type bridge-slave ifname "$PROV_CONN" master provisioning
sudo nmcli connection modify provisioning ipv4.addresses ipv4.method manual
sudo nmcli con down provisioning
sudo nmcli con up provisioning

If using vlans on the provisioning interface, the following can be used:

nmcli connection add ifname $BRIDGE type bridge con-name $BRIDGE
nmcli connection add type vlan con-name vlan$VLAN ifname eno1.$VLAN dev eno1 id $VLAN master $BRIDGE slave-type bridge
nmcli connection modify $BRIDGE ipv4.addresses $IP ipv4.method manual
nmcli con down $BRIDGE
nmcli con up $BRIDGE


Prepare a valid parameter file with the information needed. At least, you need to specify the following elements:

  • api_ip
  • ingress_ip
  • dns_ip (optional)
  • bmc_user (for real baremetal)
  • bmc_password (for real baremetal)
  • an array of your masters (if thet are not virtual). Each entry in this array needs at least the provisioning_mac and ipmi_address. Optionally you can indicate for each entry a specific bmc_user, bmc_password and disk (to be used as rootdevice hint) either as /dev/XXX or simply XXX
  • an array of your workers (can be left empty if you only want to deploy masters). The format of those entries follow the one indicated for masters.

Here's a snippet what the workers variable might look like:

- ipmi_address:
  provisioning_mac: 98:03:9b:62:ab:19
- ipmi_address:
  provisioning_mac: 98:03:9b:62:ab:17
  disk: /dev/sde

You can have a look at:

Call the resulting file kcli_parameters.yml to avoid having to specify it in the creation command.

Then you can launch deployment with:

kcli create plan

Interacting in the vm

The deployed vm comes with a set of helpers for you:

  • scripts deploy.sh and clean.sh allow you to manually launch an install or clean a failed one
  • you can run baremetal node list during deployment to check the status of the provisioning of the nodes (Give some time after launching an install before ironic is accessible).
  • script ipmi.py can be used to check the power status of the baremetal node or to stop them (using ipmi.py off). When not using provisioning network, a script named redfish.py provides a similar functionality


Parameter Default Value
api_ip None
baremetal_bootstrap_mac None
baremetal_cidr None
baremetal_ips []
baremetal_macs []
baremetal_net baremetal
baremetal_noprovisioning_bootstrap_ip None
baremetal_noprovisioning_ip None
build False
cache True
cas []
cluster openshift
deploy_openshift True
disconnected False
disk_size 30
dns_ip None
domain karmalabs.com
dualstack False
dualstack_cidr None
extra_disks []
fips False
go_version 1.13.8
http_proxy None
image centos8
image_url None
imagecontentsources []
imageregistry False
ingress_ip None
installer_mac None
installer_wait False
bmc_password calvin
bmc_user root
keys []
lab False
launch_steps True
masters []
memory 32768
model dell
nbde False
network default
network_type OVNKubernetes
nfs True
no_proxy None
notify True
notifyscript notify.sh
ntp False
ntp_server 0.rhel.pool.ntp.org
numcpus 16
openshift_image registry.ci.openshift.org/ocp/release:4.8
playbook False
pool default
provisioning_bootstrap_mac None
provisioning_enable True
provisioning_interface eno1
provisioning_macs []
provisioning_net provisioning
prs []
pullsecret openshift_pull.json
registry_image quay.io/saledort/registry:2
registry_password dummy
registry_user dummy
rhnregister True
rhnwait 30
tag 4.8
uefi_legacy False
version ci
virtual_masters False
virtual_masters_baremetal_mac_prefix aa:aa:aa:cc:cc
virtual_masters_mac_prefix aa:aa:aa:aa:aa
virtual_masters_memory 32768
virtual_masters_number 3
virtual_masters_numcpus 8
virtual_protocol ipmi
virtual_workers False
virtual_workers_baremetal_mac_prefix aa:aa:aa:dd:dd
virtual_workers_deploy True
virtual_workers_mac_prefix aa:aa:aa:bb:bb
virtual_workers_memory 16384
virtual_workers_number 1
virtual_workers_numcpus 8
workers []

Node parameters

when specifying masters or workers as an array, the specification can be created with something like this

- ipmi_address:
  provisioning_mac: 98:03:9b:62:81:49

The following parameters can be used in this case:

  • ipmi_address. Redfish ip
  • redfish_address. Redfish url
  • provisioning_mac. It needs to be set to the mac to use along with provisioning network or any of the macs of the node when provisioning is disabled
  • boot_mode (optional). Should either be set to Legacy, UEFI or UEFISecureBoot

Lab runthrough

A lab available here is provided to get people familiarized with Baremetal Ipi workflow.