7.0 KiB
7.0 KiB
📦 Provisioning — boot, installation, server management
Network boot (PXE / iPXE)
PXE boot flow
1. Server power-on → PXE ROM in NIC / UEFI
2. DHCP Broadcast → DHCP server offers IP + next-server (TFTP) + boot file
3. TFTP downloads pxelinux.0 (BIOS) / bootx64.efi (UEFI)
4. Loads configuration (pxelinux.cfg/default or MAC/IP-based)
5. Downloads kernel + initrd via TFTP/HTTP (iPXE)
6. Kernel boot → automated installation (Kickstart / Preseed / AutoYaST)
DHCP configuration (ISC DHCP)
subnet 10.0.0.0 netmask 255.255.255.0 {
next-server 10.0.0.10; # TFTP server
filename "ipxe.efi"; # Boot file (UEFI)
option domain-name-servers 10.0.0.10;
option routers 10.0.0.1;
}
iPXE (modern PXE replacement)
- HTTP instead of TFTP (faster, more reliable)
- HTTPS support (Image verification, secure boot)
- iSCSI boot, FCoE boot
- Scriptable:
chain http://boot.example.com/script.ipxe - Embedded: iPXE ROM flashed directly into NIC
PXE vs iPXE comparison
| Feature | PXE | iPXE |
|---|---|---|
| Protocol | TFTP (slow, 512B/block) | HTTP/HTTPS/iSCSI |
| Encryption | No | HTTPS, TLS |
| Scripting | Menu only | Full scripting engine |
| Debugging | Limited | Built-in shell |
| UEFI/BIOS | Both | Both |
Automated installation
Kickstart (RHEL/Alma/Rocky)
# Minimal kickstart for RHEL 9
text
url --url="http://10.0.0.10/install/rhel9"
lang en_US.UTF-8
keyboard us
timezone Europe/Prague --isUtc
rootpw --iscrypted $6$...
%packages
@^minimal-environment
vim
net-tools
%end
%post
echo "node001" > /etc/hostname
%end
reboot
Preseed (Debian/Ubuntu)
d-i debian-installer/locale string en_US.UTF-8
d-i keyboard-configuration/xkb-keymap us
d-i netcfg/choose_interface select auto
d-i netcfg/get_hostname string node001
d-i clock-setup/utc boolean true
d-i time/zone string Europe/Prague
d-i partman-auto/method string regular
d-i partman-auto/choose_recipe select atomic
d-i passwd/root-login boolean true
d-i passwd/root-password password securepass
d-i passwd/root-password-again password securepass
d-i pkgsel/include string openssh-server vim
d-i finish-install/reboot_in_progress note
Metal as a Service
MAAS (Canonical)
- Discovery: DHCP → PXE boot → hardware detection (CPU, RAM, disk, MAC)
- Commissioning: node goes through commissioning, stores inventory in DB
- Deploy: OS image (Ubuntu, RHEL, ESXi) written to disk → reboot
- Integration: Juju, OpenStack, Kubernetes (Charmed Kubernetes)
- Networking: VLAN, subnet, DNS/DHCP management, BGP peering
Digital Rebar / RackN
- Provisioning: workflow-based (stages: discovery → firmware → OS → config)
- Multi-cloud: bare metal + cloud + edge
- Template: templates for OS deployment (RHEL, Ubuntu, VMware)
- API: fully REST API, Terraform provider
Management API — Redfish
DMTF Standard
REST API (JSON) → successor to IPMI.
| Endpoint | Purpose |
|---|---|
/redfish/v1/Systems/ |
Server management (power, boot, inventory) |
/redfish/v1/Chassis/ |
Physical hardware (PSU, fan, temp, sensors) |
/redfish/v1/Managers/ |
BMC (iLO, iDRAC, XClarity) |
/redfish/v1/UpdateService/ |
Firmware updates |
/redfish/v1/EventService/ |
Event subscription (webhook) |
Redfish examples
# Power on server
POST /redfish/v1/Systems/1/Actions/ComputerSystem.Reset
Body: {"ResetType": "On"}
# Set boot override (one-shot PXE)
PATCH /redfish/v1/Systems/1
Body: {"Boot": {"BootSourceOverrideTarget": "Pxe", "BootSourceOverrideEnabled": "Once"}}
# Get sensor data
GET /redfish/v1/Chassis/1/Thermal
→ {"Temperatures": [{"Name": "CPU1", "ReadingCelsius": 45}], "Fans": [...]}
IPMI (legacy)
- Port 623/UDP (RMCP)
ipmitool power on/off/statusipmitool sensor listipmitool chassis bootdev pxe- Serial over LAN:
ipmitool sol activate
Terraform for provisioning
# Terraform provider for VMware vSphere
provider "vsphere" {
user = var.vsphere_user
password = var.vsphere_password
vsphere_server = var.vsphere_server
}
resource "vsphere_virtual_machine" "web" {
name = "web-${count.index}"
resource_pool_id = data.vsphere_resource_pool.pool.id
datastore_id = data.vsphere_datastore.ds.id
num_cpus = 4
memory = 16384
guest_id = "rhel9_64Guest"
network_interface { network_id = data.vsphere_network.net.id }
disk { label = "os", size = 80 }
}
More in CICD.en.md.
Firmware management
- BIOS/UEFI settings: profile update during provisioning (Redfish
PATCH /Systems/1/Bios) - Firmware updates: Redfish UpdateService, SUU (Dell), SUM (HPE), SMM (Supermicro)
- Lifecycle Controller (Dell LC): integrated OS for firmware management
- Baseline management: maintain consistent firmware versions across fleet
- Boot: UEFI vs Legacy BIOS:
- UEFI: Secure Boot, GPT, larger disks, faster boot
- Legacy BIOS: MBR, compatibility, 2 TB boot disk limit
Configuration management (post-provisioning)
| Tool | Language | Push/Pull | Use case |
|---|---|---|---|
| Ansible | YAML | Push (SSH) | General config management, ad-hoc |
| Puppet | Ruby DSL | Pull (agent) | State management, enterprise |
| Chef | Ruby DSL | Pull (agent) | Compliance, infrastructure automation |
| SaltStack | YAML/Python | Both (salt-minion) | High-speed config, event-driven |
More in CICD.en.md.
OpenStack Provisioning
OpenStack offers several methods for provisioning infrastructure:
Deployment tools
| Tool | Description | Use case |
|---|---|---|
| TripleO (OpenStack on OpenStack) | Deploy OpenStack using bare metal (Ironic) + Heat orchestration | Production, Red Hat OSP |
| Kolla (Ansible + Docker) | Containerized OpenStack services, Ansible orchestration | Production, flexible |
| Kolla-Kubernetes | OpenStack on Kubernetes | Kubernetes-native, edge |
| Charmed OpenStack (Juju) | Canonical, Juju charms for OpenStack | Ubuntu, hybrid cloud |
| OpenStack Charms | Juju charms for individual services | Fine-grained deployment |
| DevStack | Fast development deployment | Dev/test, learning |
| OpenStack-Ansible | Ansible playbooks for OpenStack (OSA) | Legacy, AIO |
Ironic (Bare Metal Provisioning)
- OpenStack service for managing and provisioning bare metal servers
- Supports PXE, iPXE, Redfish, IPMI
- Concepts: Node (HW), Port (MAC), Driver (HW type)
- Lifecycle: enroll → manage → inspect → provide → available → active
- Integration with Nova: Nova runs instances on bare metal via Ironic
Glance (Image Management)
- Image catalog for VM images and ISO
- Supported formats: raw, qcow2, vmdk, vhd, iso
- Image caching on compute node (for faster boot)
- Multi-backend: file, Ceph RBD, Swift, NFS
Sources
Links, books and standards: sources/infrastructure/sources.en.md
Last revision: 2026-06-03