github.com/openshift/installer@v1.4.17/docs/user/metal/customization_ipi.md (about) 1 # Bare Metal Platform Customization 2 3 ## Cluster-scoped properties 4 5 ### Advanced Configuration Parameters 6 7 | Parameter | Default | Description | 8 | --- | --- | --- | 9 `libvirtURI` | `qemu://localhost/system` | The location of the hypervisor for running the bootstrap VM. See [Using a Remote Hypervisor](using-a-remote-hypervisor) for more details. | 10 `clusterProvisioningIP` | The third address on the provisioning network. `172.22.0.3` | The IP within the cluster where the provisioning services run. | 11 `bootstrapProvisioningIP` | The second address on the provisioning network. `172.22.0.2` | The IP on the bootstrap VM where the provisioning services run while the control plane is being deployed. | 12 `externalBridge` | `baremetal` | The name of the bridge of the hypervisor attached to the external network. | 13 `externalMACAddress` | `` | A MAC address to use for the external NIC on the bootstrap VM. This is optional and if blank is generated by libvirt. | 14 `provisioningBridge` | `provisioning` | The name of the bridge on the hypervisor attached to the provisioning network. | 15 `provisioningMACAddress` | `` | A MAC address to use for the provisioning NIC on the bootstrap VM. This is optional and if blank is generated by libvirt. | 16 `provisioningNetworkCIDR` | `172.22.0.0/24` | The CIDR for the network to use for provisioning. | 17 `provisioningDHCPExternal` | `false` | Flag indicating that DHCP for the provisioning network is managed outside of the cluster by existing infrastructure services. | 18 `provisioningDHCPRange` | The tenth through the second last IP on the provisioning network. `172.22.0.10,172.22.0.254` | The IP range to use for hosts on the provisioning network. | 19 `defaultMachinePlatform` | | The default configuration used for machine pools without a platform configuration. | 20 `bootstrapOSImage` | *based on the release image* | A URL to override the default operating system image for the bootstrap node. The URL must contain a sha256 hash of the image. Example `https://mirror.example.com/images/qemu.qcow2.gz?sha256=a07bd...` | 21 `clusterOSImage` | *based on the release image* | A URL to override the default operating system for cluster nodes. The URL must include a sha256 hash of the image. Example `https://mirror.example.com/images/metal.qcow2.gz?sha256=3b5a8...` | 22 23 ### Image Overrides 24 25 When doing a disconnected installation, the baremetal platform has the 26 additional requirement that we have locations to download the RHCOS 27 images. The installer downloads these from a CoreOS stream metadata 28 embedded in the installer code, but they can be 29 overridden to point to a local mirror. 30 31 See [CoreOS bootimages](../overview.md#coreos-bootimages) for more information 32 about bootimages. 33 34 The SHA256 parameter in the URL is required, and should match the 35 uncompressed SHA256 from the stream metadata JSON. 36 37 * `bootstrapOSImage` (optional string): Override the image used for the 38 bootstrap virtual machine. 39 * `clusterOSImage` (optional string): Override the image used for 40 cluster machines. 41 42 Example: 43 44 ```yaml 45 platform: 46 baremetal: 47 bootstrapOSImage: http://mirror.example.com/images/rhcos-43.81.201912131630.0-qemu.x86_64.qcow2.gz?sha256=f40e826ac4a6c5c073416a7bc0039ec8726a338885d2031e7607cec8783e580e 48 clusterOSImage: http://mirror.example.com/images/rhcos-43.81.201912131630.0-openstack.x86_64.qcow2.gz?sha256=ffebbd68e8a1f2a245ca19522c16c86f67f9ac8e4e0c1f0a812b068b16f7265d 49 ``` 50 51 ### Networking customization 52 53 By default, the baremetal IPI environment uses a provisioning network of 54 `172.22.0.0/24`, picks the 2nd and 3rd address of that subnet for the 55 bootstrap and cluster provisioning IP's, and operates an internal DHCP 56 and TFTP server in the cluster to support provisioning. Much of this can 57 be customized. 58 59 60 * `provisioningNetworkCIDR` (optional string): Override the default provisioning network. 61 * `bootstrapProvisioningIP` (optional string): Override the bootstrap 62 provisioning IP. If unspecified, uses the 2nd address in the 63 provisioning network's subnet. 64 * `clusterProvisioningIP` (optional string): Override the IP used by the 65 cluster's provisioning infrastructure. If unspecified, uses the 3rd 66 address in the provisioning network's subnet. 67 68 Example: 69 70 ```yaml 71 platform: 72 baremetal: 73 provisioningNetworkCIDR: 172.23.0.0/16 74 bootstrapProvisioningIP: 172.23.0.2 75 clusterProvisioningIP: 172.23.0.3 76 ``` 77 78 * `provisioningDHCPRange` (optional string): By default, the installer picks a range from 79 the 10th to the second from last address. To use a different range, specify this 80 using the provisioningDHCPRange option in the baremetal platform. This 81 should be a comma-separated list indicating the start and end range. 82 83 Example: 84 85 ```yaml 86 platform: 87 baremetal: 88 provisioningDHCPRange: "172.23.0.10,172.23.0.254" 89 ``` 90 91 * `provisioningDHCPExternal` (optional boolean): If you would prefer to 92 use an external DHCP server, you can specify provisioningDHCPExternal, 93 in which case the cluster will only run TFTP. When using PXE boot for 94 the control plane and workers, your DHCP server needs to specify the 95 next-server as `bootstrapProvisioningIP` for the control plane, and 96 `clusterProvisioningIP` for the workers. 97 98 Example: 99 100 ```yaml 101 platform: 102 baremetal: 103 provisioningDHCPExternal: true 104 ``` 105 106 ## Using a Remote Hypervisor 107 108 The IPI installation process requires access to a libvirt-based 109 hypervisor host on which to run a bootstrap VM. The VM is removed 110 after the control plane is up and fully functional, so the hypervisor 111 is not needed to operate the cluster. When running the installer by 112 hand, it is most common to use the local host as the hypervisor. When 113 network topology requires, it is possible to use a separate host. 114 115 The `libvirtURI` can be used to specify the location of the remote 116 hypervisor. For example 117 `qemu+ssh://hyperuser@hypervisor.example.com/system` tells the 118 installer to connect to `hypervisor.example.com` over ssh as the 119 `hyperuser` user and create the bootstrap VM there. 120 121 The user on the host running the installer must be able to connect via 122 ssh to the hypervisor using the username given in the URI, without 123 being prompted for a password. 124 125 The user on the hypervisor must be in the `libvirt` group and have 126 permission to communicate with the libvirt services. 127 128 The hypervisor must meet the network requirements described in 129 the [Prerequisites](install_ipi.md#prerequisites) section. 130 131 Example: 132 133 ```yaml 134 platform: 135 baremetal: 136 libvirtURI: qemu+ssh://hyperuser@hypervisor.example.com/system 137 ``` 138 139 ## Disabling Certificate Verification for BMCs 140 141 By default TLS clients communicating with BMCs will require valid 142 certificates signed by a known certificate authority. In environments 143 where certificates are signed by unknown authorities, this behavior 144 can be disabled by setting `disableCertificateVerification` to `true` 145 for each `bmc` entry. 146 147 ## Shift to external load balancer post deployment 148 149 The following [link](./external_loadbalancer_ipi.md) describes how to move external api/ingress traffic from the default self-hosted load balancer to another load balancer.