Skip to main content

Overview

Xloud Bare Metal provisioning (powered by Ironic) treats physical servers as first-class cloud resources. Operators enroll nodes by registering their management interface credentials, introspect hardware to automatically collect CPU, RAM, disk, and NIC information, and then provision OS images directly to bare metal — with the same API workflow used for virtual machine instances. Bifrost provides a standalone enrollment and provisioning path for initial cluster bootstrap, operating independently of the full Xloud Identity and compute stack.
Prerequisites
  • Ironic and Ironic Conductor services enabled in your deployment
  • Physical servers with accessible BMC (IPMI, Redfish, or iDRAC) on the management network
  • Provisioning network configured with DHCP and PXE boot support
  • Deploy image (e.g., Ubuntu 22.04 IPA) uploaded to Xloud Image Service
  • Administrator role in the target project

Architecture

Service Components

ComponentRole
Ironic APIREST API for node registration, state transitions, and provisioning requests
Ironic ConductorExecutes node state transitions — power operations, PXE boot, disk imaging
Ironic Python Agent (IPA)Lightweight OS booted in RAM during introspection and deployment; collects hardware inventory and writes disk images
BifrostStandalone provisioning tool using Ironic without the full cloud stack — used for initial cluster bootstrap

Key Capabilities

Xloud-Developed — Bare metal provisioning is available with XPCI.

PXE / iPXE Network Boot

Nodes boot from the network using PXE or iPXE. The Ironic Conductor serves a lightweight agent image over TFTP/HTTP, which runs entirely in RAM to perform hardware introspection and disk imaging.

BMC Power Management

Full out-of-band control via IPMI and Redfish — power on, power off, reboot, boot device selection, sensor readings, and firmware inventory. No agent or OS required on the target server.

Unified Management

Manage bare metal servers and virtual machines from the same API and dashboard. The Xloud Compute scheduler places workloads on either physical or virtual hosts using a single resource pool.

Hardware Introspection

Automated discovery of CPU, RAM, disk, and NIC details. The Ironic Python Agent collects a full hardware inventory during introspection, eliminating manual data entry for node properties.

Supported BMC Types

VendorBMCMinimum VersionDriverNotes
DelliDRAC9+idrac or redfishRedfish preferred for newer firmware
HPEiLO5+ilo or redfishiLO REST API available alongside Redfish
LenovoXCC2.0+redfishLenovo XClarity Controller
SupermicroBMCRedfish-capableredfishVaries by motherboard model
GenericIPMI 2.0AnyipmiBaseline support for all IPMI-compliant hardware
Redfish provides richer capabilities than IPMI — firmware inventory, detailed sensor data, and secure HTTPS transport. Use Redfish when available and fall back to IPMI only for legacy hardware.

Supported Drivers

DriverProtocolBMC TypeNotes
ipmiIPMI 2.0Generic IPMISupported on most server hardware from all major vendors
redfishRedfish (REST/HTTPS)DMTF Redfish v1.xDell iDRAC 9+, HPE iLO 5+, Supermicro BMC
idracIPMI + RedfishDell iDRACDell-specific driver with extended capabilities
iloiLO REST APIHPE iLOHPE-specific driver with HPE-native features
irmciRMCFujitsu iRMCFujitsu PRIMERGY servers
Prefer the redfish driver when BMC firmware supports it. Redfish provides richer hardware introspection data and is the long-term standard for out-of-band management.

Node Provisioning Lifecycle

Ironic nodes progress through a defined set of states. Understanding this lifecycle is essential for diagnosing enrollment and provisioning issues.
StateDescription
enrollNode registered in Ironic; credentials not yet validated
manageableCredentials validated; node is under administrator control
inspectingIronic Python Agent running in RAM; collecting hardware inventory
availableNode ready for provisioning; available to Compute scheduler
activeOS deployed; node is running as a provisioned bare metal instance
cleaningDisk wipe in progress; returning node to clean state after deprovisioning

Enrolling a Node

Bare metal node enrollment requires administrator privileges.

Navigate to bare metal nodes

Log in to the Xloud Dashboard and navigate to Admin → Bare Metal → Nodes. Click Enroll Node.

Configure driver and credentials

FieldExample ValueDescription
DriverredfishManagement interface driver
Driver Info: redfish_addresshttps://192.168.1.100BMC URL
Driver Info: redfish_usernameadminBMC username
Driver Info: redfish_password*****BMC password
Driver Info: redfish_verify_cafalseSkip TLS verification for self-signed BMC certs
Namecompute-node-04Human-readable node name

Transition to manageable

After enrollment, select the node and click Set Manageable. Ironic validates the BMC credentials by attempting a power state query.
Node transitions to manageable state. Power state is reported as power on or power off.

Run hardware introspection

Select the node in manageable state and click Inspect. Ironic instructs the BMC to PXE-boot into the Ironic Python Agent. Introspection typically takes 3–5 minutes.
Node returns to manageable state. The Overview tab shows detected CPU, RAM, disk, and NIC details.

Make available for provisioning

Select the node and click Provide. This moves the node to the available state, making it eligible for provisioning by Compute.
Node status shows available. The node appears in the scheduler’s resource pool.

Bifrost Standalone Enrollment

Bifrost is used to provision the first physical nodes in a new cluster — before Xloud Identity and the full API stack are running. It provides a subset of Ironic functionality without requiring Keystone authentication.

Install Bifrost

Clone and install Bifrost
git clone https://opendev.org/openstack/bifrost.git
cd bifrost
./scripts/env-setup.sh
source /opt/stack/bifrost/bin/activate

Configure inventory

bifrost-inventory.yml
compute-node-01:
  ansible_host: 192.168.1.101
  uuid: "{{ ansible_date_time.epoch }}-compute-01"
  driver_info:
    power:
      ipmi_address: 192.168.1.201
      ipmi_username: admin
      ipmi_password: secret
  nics:
    - mac: "aa:bb:cc:dd:ee:01"
  properties:
    cpu_arch: x86_64
    ram_mb: 65536
    disk_gb: 500
    cpus: 32

Enroll and deploy

Enroll nodes and deploy image
ansible-playbook -i bifrost-inventory.yml \
  /opt/stack/bifrost/playbooks/bifrost-enroll-dynamic.yaml

ansible-playbook -i bifrost-inventory.yml \
  /opt/stack/bifrost/playbooks/bifrost-deploy-dynamic.yaml \
  -e ipa_upstream_release=latest \
  -e deploy_image_filename=ubuntu-22.04-server.raw
Nodes boot, receive the OS image, and come up with the configured hostname and SSH key.

Network Requirements

NetworkPurposeRequirements
Provisioning networkPXE boot and IPA communication during enrollment and deploymentDHCP server, TFTP/HTTP for PXE, routed to Ironic Conductor
Management networkOut-of-band BMC access (IPMI/Redfish)Isolated VLAN, reachable from Ironic Conductor only
Tenant networkProduction traffic after provisioningStandard Xloud networking — assigned post-deployment
The provisioning and management networks should be isolated from tenant networks. The management network carries BMC credentials and power control traffic — exposure to tenant VMs is a security risk.

Troubleshooting

Cause: Ironic has not yet validated the BMC credentials — the node must be explicitly transitioned to manageable.Resolution:
Transition to manageable
openstack baremetal node manage <node-uuid>
If this fails with a driver error, verify BMC connectivity:
Validate driver interfaces
openstack baremetal node validate <node-uuid>
Check power interface result — False indicates unreachable BMC.
Cause: The node did not PXE-boot into the IPA image, or the IPA image could not reach the Ironic Conductor over the provisioning network.Resolution:
  1. Verify the node’s NIC MAC address is registered: openstack baremetal port list --node <uuid>
  2. Confirm the provisioning DHCP server is serving the correct PXE configuration
  3. Check Ironic Conductor logs: journalctl -u ironic-conductor -f
  4. Verify IPA can reach Ironic API: the IPA image needs HTTP access to the callback URL
Cause: The automated disk cleaning step (shredding previous data) failed, often due to disk detection errors in the IPA environment.Resolution:
Check node error message
openstack baremetal node show <node-uuid> -c last_error
For test environments, disable cleaning to skip disk wiping:
Disable automated cleaning
openstack baremetal node set <node-uuid> --automated-clean false
Disabling automated cleaning leaves previous data on disk. Do not use this setting in production environments where nodes are shared across projects.
Cause: The deploy image was written to the wrong disk device, or the boot loader was not installed correctly.Resolution: Check IPA logs in the Ironic Conductor:
View conductor logs for deployment errors
journalctl -u ironic-conductor --since "1 hour ago" | grep <node-uuid>
Verify the correct root device hint is set if the server has multiple disks:
Set root device hint
openstack baremetal node set <node-uuid> \
  --property root_device='{"wwn": "0x4000cca77fc4dba1"}'

Next Steps

Compute Architecture

Understand how Ironic integrates with the Xloud Compute scheduler for bare metal placement

Ansible Integration

Automate post-provision OS configuration on newly deployed bare metal nodes

Compute Hosts

Manage hypervisor and bare metal hosts in the compute resource pool

Security Hardening

Apply security hardening to bare metal nodes after provisioning