[Ironic] Teaching virtualbmc how to talk to Ironic?

Lars Kellogg-Stedman lars at redhat.com
Fri Oct 16 18:29:58 UTC 2020


In the work that we're doing with the Mass Open Cloud [1], we're
looking at using Ironic (and the multi-tenant support we contributed)
to manage access to a shared pool of hardware while still permitting
people to use their own provisioning tools.

We don't want to expose the hardware BMC directly to consumers; we
want Ironic to act as the access control mechanism for all activities
involving the hardware.

The missing part of this scenario is that at the moment this would
require provisioning tools to know how to talk to the Ironic API if
they want to perform BMC actions on the host, such as controlling
power.

While talking with Mainn the other day, it occurred to me that maybe
we could teach virtualbmc [2] how to talk to Ironic, so that we could
provide a virtual IPMI interface to provisioning tools. There are some
obvious questions here around credentials (I think we'd probably
generate them randomly when assigning control of a piece of hardware
to someone, but that's more of an implementation detail).

I wanted to sanity check this idea: does this seem reasonable? Are
there alternatives  you would suggest?

Thanks!

[1] https://github.com/CCI-MOC/esi
[2] https://github.com/openstack/virtualbmc

-- 
Lars Kellogg-Stedman <lars at redhat.com> | larsks @ {irc,twitter,github}
http://blog.oddbit.com/                | N1LKS




More information about the openstack-discuss mailing list