This post is a follow-up to the earlier deploy steps tutorial, where I showed how to create a deploy step for injecting arbitrary files. I promised to bring that that particular deploy step upstream, and I've delivered on that promise!
Note
This post is talking about a recently (Feb 22, 2021) merged feature. If you don't have a master deployment, you may need to wait until the Wallaby release.
In this tutorial I'm showing how to create a custom deploy step for Ironic, how to build a ramdisk with in and how to use it when deploying a node.
Deploy steps are an answer to question "how do I run non-standard actions during deployment". Out-of-band steps run from your control plane and can talk to the BMC. More interesting for us are in-band steps that run from within the machine and offer nearly infinite opportunity for customization.
Today we'll create a solution for the following story:
As an operator, I would like to inject small files into the root partition of the final instance through the bare metal API.
There are, of course, numerous way of implementing it, cloud-init being probably the most popular. But we will concentrate on using a deploy step. The complete source code for this tutorial can be found here: https://github.com/dtantsur/ironic-inject-files/
I am (slightly) sorry for interrupting technical posts with politics, but, as all responsible adults know, even when you're not interested in politics, politics may get interested in you (insert your favorite "In Soviet Russia" joke).
Hearing the shocking news from Russia, I constantly experience mixed feelings. On one side, I'm lucky to live in a country, where opposition leaders are not murdered or thrown in jail for poorly fabricated reasons, where people are not beaten on the streets for merely expressing their opinion, where you cannot be jailed for a like, repost or retweet, where nobody interferes in your sexual life, where economy has not been slowly stagnating for a decade due to incompetent thieves ruling the country, where I don't have to keep a distance from police officers just in case (I still do - old habits die hard).
"Human dignity shall be inviolable. To respect and protect it shall be the duty of all state authority."
is how the German Constitution starts, and I have a warm feeling inside when I see these words printed here and there, even as part of street art! I wish my country took this seriously. I wish my country took its own Constitution seriously. What is happening now is incomprehensible for a man who has spent the last 7 years exploring the modern world.
On the other hand, I'm ashamed of my luck, of the fact that I'm safe and cozy here while tens of thousands in Russia are fighting for their (and mine) freedom, for the future of the country. I have never been the brave one. I would not be able, like Alexey Navalny, to return to his country to face humiliation, repressions and potentially death. And while I'm doing my best supporting the protests with money and information, I don't return, even for a short visit. Not because I'm such a prominent oppositionist, no. Quite the opposite: I'm a regular guy, and if I get arrested, jailed or murdered by the state repression machine, tens of thousands won't hit the streets. I would be a drop in the sea of violence.
But I hate to be a person without a homeland. I hate to be ashamed to say I'm Russian. I hate to be associated not with great classic literature, music or fascinating nature, but with repressions and invasions in neighbor countries. Well, at least I can be thankful to this wonderful country that became my second - and real - home and explore it as much as the situation allows.
P.S. If Russia means something for you, other than a far away country with vodka, bears and a batshit crazy government, please consider helping ovdinfo.org and zona.media. And please spread the word!
In this post I'm presenting the ramdisk deploy interface, explaining how to use it to run ephemeral workloads and how to provide configuration data for them.
Ironic has been actively explored by the scientific community as a way to automate running calculations without incurring the costs of virtualization. This sort of workloads does not necessarily require installing anything on the machine's hard drive, which may instead be used for caching, swap or not used at all. The results are posted back via HTTP(s) or stored on a network share.
Note
This is a guest post from Tzu-Mainn Chen, Principal Software Engineer from Red Hat, who is working on the Elastic Secure Infrastructure initiative.
Ironic node muti-tenancy is a relatively new feature in Ironic. What is it and how can it be used?
A recent discussion on Twitter has prompted me to write about the toolset I'm using during development, covering both work-related and personal projects. I will not just provide names and links, but also explain how exactly I use every tool.
Today I'm presenting the miniscript project and discussion the future of the ironic-inspector feature called introspection rules. If the ironic business is of no interest for you, scroll right to Enter MiniScript and stop there.
2020 has been a turbulent year, let us see what it brought to ironic! Here is my recollection of the most important events in the ironic world, as well as new features and other changes.
Auto-discovery of bare metal nodes is a peculiar thing: everyone wants it in theory, but very few end up using it after facing the harsh reality. The truth is, there is not so much information you can discover by powering a machine on and booting a special ramdisk on it. I mean, oh, sure, we can collect literally thousands of various facts and runtime characteristics, but a few critical ones keep evading us. Specifically, BMC credentials. The very few facts ironic needs to be able to manage the machine. Oops.
In all fairness to hardware vendors, it's not very sensible to allow any user, even one with root access, to learn these critical bits of a hardware infrastructure. Not in the cloud era.
Two ideas appeared from numerous heated (and not so much) discussions, one great and one abysmal:
Introspection rules as a way to encode the logic of setting the credentials post-discovery.
Setting IPMI credentials during discovery.
Today we're talking about the latter.
This is a brief summary of bare metal discussions at the OpenInfra Summit & PTG 2019 in Denver.