Skip to main content

Customize OpenStack images for booting from ISCSI

When working with OpenStack Ironic and Tripleo, and using the boot from ISCSI feature, you may need to add some kernel parameters into the deployment image for that to work.
When using some specific hardware, you may need that the deployment image contains some specific kernel parameters on boot. For example, when trying to boot from ISCSI with IBFT nics, you need to add following kernel parameters:

rd.iscsi.ibft=1 rd.iscsi.firmware=1 

 The TripleO image that is generated by default doesn't contain those parameters, because they are very specific depending on the hardware you need. It is not also possible right now to send this parameters through Ironic.

The solution will be to customize the deployment image to add these kernel parameters. The overcloud-full.qcow2 image that comes by default with TripleO is a partition image. It means that the bootloader is not previously installed, but it is done through Ironic. So the way to add custom parameters, is modifying the /etc/default/grub file, adding those parameters.

So let's do it step by step:

1. On the undercloud, install libguestfs-tools: sudo yum install -y libguestfs-tools
2. On /home/stack, you will find overcloud-full.qcow2 image. Start customizing it:

guestfish -a overcloud-full.qcow2
<fs> run

<fs> list-filesystems
<fs> mount /dev/sda /
<fs> vi /etc/default/grub

GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8 crashkernel=auto rhgb quiet"

Edit GRUB_CMDLINE_LINUX and append the kernel parameters you need there. Exit the editor saving the file, and exit from guestfish

<fs> exit

Now is time to upload the modified image:

source /home/stack/stackrc
openstack overcloud image upload --existing

Now redeploy again, and the image will boot with the modified kernel parameters, allowing boot from ISCSI to work with your hardware.


  1. Thank you for sharing your article. Great efforts put it to find the list of articles which is very useful to know, Definitely will share the same to other forums.

    best openstack training in Chennai | openstack course fees in chennai

    best java training in chennai | primavera certification training in chennai

  2. Great article. Happy to visit your blog. Thanks for sharing.

    OpenStack Training

  3. I am really impressed with your blog article, such great & useful knowledge you mentioned here.Your post is very informative. I have read all your posts and all are very informative. Thanks for sharing and keep it up like this.
    Web Data Mining Company


Post a Comment

Popular posts from this blog

Setup an NFS client provisioner in Kubernetes

Setup an NFS client provisioner in Kubernetes One of the most common needs when deploying Kubernetes is the ability to use shared storage. While there are several options available, one of the most commons and easier to setup is to use an NFS server.
This post will explain how to setup a dynamic NFS client provisioner on Kubernetes, relying on an existing NFS server on your systems.
Step 1. Setup an NFS server (sample for CentOS) First thing you will need, of course, is to have an NFS server. This can be easily achieved with some easy steps:

Install nfs package: yum install -y nfs-utils Enable and start nfs service and rpcbind:
systemctl enable rpcbind
systemctl enable nfs-server
systemctl start rpcbind
systemctl start nfs-server
Create the directory that will be shared by NFS, and change the permissions:
mkdir /var/nfsshare
chmod -R 755 /var/nfsshare
chown nfsnobody:nfsnobody /var/nfsshare
 Share the NFS directory over the network, creating the /etc/exports file:
vi /etc/exports
/var/nfsshare …

How to deploy TripleO Queens without external network

TripleO Queens has an interesting feature that is called 'composable networks'. It allows to deploy Openstack with the choice of networks that you want, depending on your environment. Please see:

By default, the following networks are defined:
StorageStorage ManagementInternal ApiTenantManagementExternal The external network allows to reach the endpoints externally, and also to define networks to reach the vms externally as well. But to have that, it is needed to have a network with external access, routable, on your lab. Not all labs have it, specially for CI environments, so it may be useful to deploy without it, and just have internal access to endpoints and vms. In this blogpost i'm just going to explain how to achieve it.

First make a copy of your original tripleo-heat-templates, to another directory /home/stack/working-templates, and edit the following files:

Build and use security hardened images with TripleO

Starting to apply since Pike Concept of security hardened images Normally the images used for overcloud deployment in TripleO are not security hardened. It means, the images lack all the extra security measures needed to accomplish with ANSSI requirements. These extra measures are needed to deploy TripleO in environments where security is an important feature.
The following recommendations are given to accomplish with security guidelines:
ensure that /tmp is mounted on a separate volume or partition, and that it is mounted with rw,nosuid,nodev,noexec,relatime flagsensure that /var, /var/log and /var/log/audit are mounted on separates volumes or partitions, and that are mounted with rw,relatime flags.ensure that /home is mounted on a separate partition or volume, and that it is mounted with rw,nodev,relatime flags.include extra kernel boot flag to enable auditing: add audit=1 to GRUB_CMDLINE_LINUX settingdisable kernel support for USB via bootloader configuration: add nousb to GRUB_CMD…