On 17/10/20 7:29 am, Lars Kellogg-Stedman wrote:
In the work that we're doing with the Mass Open Cloud [1], we're looking at using Ironic (and the multi-tenant support we contributed) to manage access to a shared pool of hardware while still permitting people to use their own provisioning tools.
We don't want to expose the hardware BMC directly to consumers; we want Ironic to act as the access control mechanism for all activities involving the hardware.
The missing part of this scenario is that at the moment this would require provisioning tools to know how to talk to the Ironic API if they want to perform BMC actions on the host, such as controlling power.
While talking with Mainn the other day, it occurred to me that maybe we could teach virtualbmc [2] how to talk to Ironic, so that we could provide a virtual IPMI interface to provisioning tools. There are some obvious questions here around credentials (I think we'd probably generate them randomly when assigning control of a piece of hardware to someone, but that's more of an implementation detail).
I wanted to sanity check this idea: does this seem reasonable? Are there alternatives you would suggest?
As far as I'm aware, an IPMI host:port endpoint will manage exactly one baremetal host, with no obvious mechanism to specify which host to control when you have multiple hosts behind a single endpoint. These days with the rise of Redfish I think IPMI is considered a legacy interface now. I suspect a BMC interface is not the right abstraction for a multi-tenant baremetal API, that's why Ironic was started in the first place ;) If there are provisioning tools frequently used by the target audience of Mass Open Cloud which have poor Ironic API support then we'd like to know what those tools are so we can improve that support.
Thanks!
[1] https://github.com/CCI-MOC/esi [2] https://github.com/openstack/virtualbmc