Fossil/knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b53714113ca99b4b6eced507461309dc3c9bf35d
knowledge-base/PROVISIONING.en.md
Stanislav Hubacek 3fa11ef0f6 comiiit
2026-06-11 15:27:28 +02:00

7.0 KiB
Raw Blame History

📦 Provisioning — boot, installation, server management

Network boot (PXE / iPXE)

PXE boot flow

1. Server power-on → PXE ROM in NIC / UEFI
2. DHCP Broadcast → DHCP server offers IP + next-server (TFTP) + boot file
3. TFTP downloads pxelinux.0 (BIOS) / bootx64.efi (UEFI)
4. Loads configuration (pxelinux.cfg/default or MAC/IP-based)
5. Downloads kernel + initrd via TFTP/HTTP (iPXE)
6. Kernel boot → automated installation (Kickstart / Preseed / AutoYaST)

DHCP configuration (ISC DHCP)

subnet 10.0.0.0 netmask 255.255.255.0 {
    next-server 10.0.0.10;        # TFTP server
    filename "ipxe.efi";          # Boot file (UEFI)
    option domain-name-servers 10.0.0.10;
    option routers 10.0.0.1;
}

iPXE (modern PXE replacement)

  • HTTP instead of TFTP (faster, more reliable)
  • HTTPS support (Image verification, secure boot)
  • iSCSI boot, FCoE boot
  • Scriptable: chain http://boot.example.com/script.ipxe
  • Embedded: iPXE ROM flashed directly into NIC

PXE vs iPXE comparison

Feature PXE iPXE
Protocol TFTP (slow, 512B/block) HTTP/HTTPS/iSCSI
Encryption No HTTPS, TLS
Scripting Menu only Full scripting engine
Debugging Limited Built-in shell
UEFI/BIOS Both Both

Automated installation

Kickstart (RHEL/Alma/Rocky)

# Minimal kickstart for RHEL 9
text
url --url="http://10.0.0.10/install/rhel9"
lang en_US.UTF-8
keyboard us
timezone Europe/Prague --isUtc

rootpw --iscrypted $6$...

%packages
@^minimal-environment
vim
net-tools
%end

%post
echo "node001" > /etc/hostname
%end

reboot

Preseed (Debian/Ubuntu)

d-i debian-installer/locale string en_US.UTF-8
d-i keyboard-configuration/xkb-keymap us
d-i netcfg/choose_interface select auto
d-i netcfg/get_hostname string node001
d-i clock-setup/utc boolean true
d-i time/zone string Europe/Prague

d-i partman-auto/method string regular
d-i partman-auto/choose_recipe select atomic

d-i passwd/root-login boolean true
d-i passwd/root-password password securepass
d-i passwd/root-password-again password securepass

d-i pkgsel/include string openssh-server vim
d-i finish-install/reboot_in_progress note

Metal as a Service

MAAS (Canonical)

  • Discovery: DHCP → PXE boot → hardware detection (CPU, RAM, disk, MAC)
  • Commissioning: node goes through commissioning, stores inventory in DB
  • Deploy: OS image (Ubuntu, RHEL, ESXi) written to disk → reboot
  • Integration: Juju, OpenStack, Kubernetes (Charmed Kubernetes)
  • Networking: VLAN, subnet, DNS/DHCP management, BGP peering

Digital Rebar / RackN

  • Provisioning: workflow-based (stages: discovery → firmware → OS → config)
  • Multi-cloud: bare metal + cloud + edge
  • Template: templates for OS deployment (RHEL, Ubuntu, VMware)
  • API: fully REST API, Terraform provider

Management API — Redfish

DMTF Standard

REST API (JSON) → successor to IPMI.

Endpoint Purpose
/redfish/v1/Systems/ Server management (power, boot, inventory)
/redfish/v1/Chassis/ Physical hardware (PSU, fan, temp, sensors)
/redfish/v1/Managers/ BMC (iLO, iDRAC, XClarity)
/redfish/v1/UpdateService/ Firmware updates
/redfish/v1/EventService/ Event subscription (webhook)

Redfish examples

# Power on server
POST /redfish/v1/Systems/1/Actions/ComputerSystem.Reset
Body: {"ResetType": "On"}

# Set boot override (one-shot PXE)
PATCH /redfish/v1/Systems/1
Body: {"Boot": {"BootSourceOverrideTarget": "Pxe", "BootSourceOverrideEnabled": "Once"}}

# Get sensor data
GET /redfish/v1/Chassis/1/Thermal
→ {"Temperatures": [{"Name": "CPU1", "ReadingCelsius": 45}], "Fans": [...]}

IPMI (legacy)

  • Port 623/UDP (RMCP)
  • ipmitool power on/off/status
  • ipmitool sensor list
  • ipmitool chassis bootdev pxe
  • Serial over LAN: ipmitool sol activate

Terraform for provisioning

# Terraform provider for VMware vSphere
provider "vsphere" {
  user           = var.vsphere_user
  password       = var.vsphere_password
  vsphere_server = var.vsphere_server
}

resource "vsphere_virtual_machine" "web" {
  name             = "web-${count.index}"
  resource_pool_id = data.vsphere_resource_pool.pool.id
  datastore_id     = data.vsphere_datastore.ds.id
  num_cpus         = 4
  memory           = 16384
  guest_id         = "rhel9_64Guest"
  network_interface { network_id = data.vsphere_network.net.id }
  disk { label = "os", size = 80 }
}

More in CICD.md.

Firmware management

  • BIOS/UEFI settings: profile update during provisioning (Redfish PATCH /Systems/1/Bios)
  • Firmware updates: Redfish UpdateService, SUU (Dell), SUM (HPE), SMM (Supermicro)
  • Lifecycle Controller (Dell LC): integrated OS for firmware management
  • Baseline management: maintain consistent firmware versions across fleet
  • Boot: UEFI vs Legacy BIOS:
    • UEFI: Secure Boot, GPT, larger disks, faster boot
    • Legacy BIOS: MBR, compatibility, 2 TB boot disk limit

Configuration management (post-provisioning)

Tool Language Push/Pull Use case
Ansible YAML Push (SSH) General config management, ad-hoc
Puppet Ruby DSL Pull (agent) State management, enterprise
Chef Ruby DSL Pull (agent) Compliance, infrastructure automation
SaltStack YAML/Python Both (salt-minion) High-speed config, event-driven

More in CICD.md.

OpenStack Provisioning

OpenStack offers several methods for provisioning infrastructure:

Deployment tools

Tool Description Use case
TripleO (OpenStack on OpenStack) Deploy OpenStack using bare metal (Ironic) + Heat orchestration Production, Red Hat OSP
Kolla (Ansible + Docker) Containerized OpenStack services, Ansible orchestration Production, flexible
Kolla-Kubernetes OpenStack on Kubernetes Kubernetes-native, edge
Charmed OpenStack (Juju) Canonical, Juju charms for OpenStack Ubuntu, hybrid cloud
OpenStack Charms Juju charms for individual services Fine-grained deployment
DevStack Fast development deployment Dev/test, learning
OpenStack-Ansible Ansible playbooks for OpenStack (OSA) Legacy, AIO

Ironic (Bare Metal Provisioning)

  • OpenStack service for managing and provisioning bare metal servers
  • Supports PXE, iPXE, Redfish, IPMI
  • Concepts: Node (HW), Port (MAC), Driver (HW type)
  • Lifecycle: enroll → manage → inspect → provide → available → active
  • Integration with Nova: Nova runs instances on bare metal via Ironic

Glance (Image Management)

  • Image catalog for VM images and ISO
  • Supported formats: raw, qcow2, vmdk, vhd, iso
  • Image caching on compute node (for faster boot)
  • Multi-backend: file, Ceph RBD, Swift, NFS

Sources

Links, books and standards: sources/infrastructure/sources.md

Last revision: 2026-06-03

Reference in New Issue View Git Blame Copy Permalink