Skip to main content

Customize OpenStack images for booting from ISCSI

When working with OpenStack Ironic and Tripleo, and using the boot from ISCSI feature, you may need to add some kernel parameters into the deployment image for that to work.
When using some specific hardware, you may need that the deployment image contains some specific kernel parameters on boot. For example, when trying to boot from ISCSI with IBFT nics, you need to add following kernel parameters:

rd.iscsi.ibft=1 rd.iscsi.firmware=1 

 The TripleO image that is generated by default doesn't contain those parameters, because they are very specific depending on the hardware you need. It is not also possible right now to send this parameters through Ironic.

The solution will be to customize the deployment image to add these kernel parameters. The overcloud-full.qcow2 image that comes by default with TripleO is a partition image. It means that the bootloader is not previously installed, but it is done through Ironic. So the way to add custom parameters, is modifying the /etc/default/grub file, adding those parameters.

So let's do it step by step:

1. On the undercloud, install libguestfs-tools: sudo yum install -y libguestfs-tools
2. On /home/stack, you will find overcloud-full.qcow2 image. Start customizing it:

guestfish -a overcloud-full.qcow2
<fs> run

<fs> list-filesystems
<fs> mount /dev/sda /
<fs> vi /etc/default/grub

GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8 crashkernel=auto rhgb quiet"

Edit GRUB_CMDLINE_LINUX and append the kernel parameters you need there. Exit the editor saving the file, and exit from guestfish

<fs> exit

Now is time to upload the modified image:

source /home/stack/stackrc
openstack overcloud image upload --existing

Now redeploy again, and the image will boot with the modified kernel parameters, allowing boot from ISCSI to work with your hardware.


Popular posts from this blog

Deploying and upgrading TripleO with local mirrors

Continued from

In the previous blogpost, I explained how to automate the RHEL mirror creation using Now we are going to learn how to deploy and upgrade TripleO using those.
Deploying TripleO Undercloud To use local mirrors in the undercloud, you simply need to get the generated osp<version>.repo that you generated with the rhel-local-mirrors playbook, and copy it to /etc/yum.repos.d/ , in the undercloud host:
sudo curl http://<local_mirror_ip>/osp<version>_repo/osp<version>.repo \ -o /etc/yum.repos.d/osp.repo Then proceed with the standard instructions for deploy.
Overcloud Each node from the overcloud (controllers, computes, etc...) needs to have a copy of the repository file from our server where we host the local mirrors. To achieve it, you can include an script that downloads the osp<version>.repo file when deployi…

Build and use security hardened images with TripleO

Starting to apply since Pike Concept of security hardened images Normally the images used for overcloud deployment in TripleO are not security hardened. It means, the images lack all the extra security measures needed to accomplish with ANSSI requirements. These extra measures are needed to deploy TripleO in environments where security is an important feature.
The following recommendations are given to accomplish with security guidelines:
ensure that /tmp is mounted on a separate volume or partition, and that it is mounted with rw,nosuid,nodev,noexec,relatime flagsensure that /var, /var/log and /var/log/audit are mounted on separates volumes or partitions, and that are mounted with rw,relatime flags.ensure that /home is mounted on a separate partition or volume, and that it is mounted with rw,nodev,relatime flags.include extra kernel boot flag to enable auditing: add audit=1 to GRUB_CMDLINE_LINUX settingdisable kernel support for USB via bootloader configuration: add nousb to GRUB_CMD…

Automating local mirrors creation in RHEL

Sometimes there is a need to consume RHEL mirrors locally, not using the Red Hat content delivery network. It may be needed to speed up some deployment, or due to network constraints.

I create an ansible playbook, rhel-local-mirrors (, that can help with that.
What does rhel-local-mirrors do? It is basically a tool that connects to the Red Hat CDN, and syncs the repositories locally, allowing to populate the desired mirrors, that can be accessed by other systems via HTTP.

The playbook is performing several tasks, that can be run together or independently:
register a system on the Red Hat Networkprepare the system to host mirrorscreate the specified mirrorsschedule automatic updates of the mirrors How to use it?It is an Ansible playbook, so start by installing it, in any prefered format. Then continue by cloning the playbook:
git clone playbook expects a group of servers called