How to Deploy Bare Metal Servers with OpenStack Ironic: A Step-by-Step Guide

Bare Metal Overview

Bare metal is a cloud computing service that provides physical servers as resources to tenants, allowing them to request, manage, and configure hardware without an operating system installed. In OpenStack, the Ironic component handles bare metal deployment and management, interacting with Keystone, Nova, Neutron, Cinder, and Swift.

Deployment Phase

During the provisioning (deploy) phase, the tenant requests bare metal resources, the cloud allocates them, and loads a system image. Ironic‑conductor sets the server to PXE boot mode, notifies Neutron to prepare TFTP, and the server retrieves kernel and ramdisk (containing the ironic‑python‑agent) via DHCP. The agent then contacts the Ironic control node to fetch the full user system image.

Running Phase

After deployment, the bare metal server boots the installed system image and begins serving tenant workloads. Once the image is ready, Ironic signals the server to reboot, entering the tenant network for normal operation.

Different Network Modes

Ironic natively supports Flat and VLAN networking; VXLAN is not directly supported. By integrating the networking‑l2gw project, VXLAN deployment becomes possible.

Flat network mode : The management network must communicate with the IPMI network for power control and BIOS configuration. The deploy and tenant networks share the same flat external network, which must also interoperate with the management network.

VLAN network mode : Requires the networking‑generic‑switch plugin in Neutron. Ironic configures the switch ports to use a deploy VLAN during provisioning and a tenant VLAN during runtime, or a single VLAN for both phases.

VXLAN network mode : After installing networking‑l2gw, a neutron‑l2gw‑agent is started. The switch connected to the bare metal must enable OVSDB. L2GW creates tunnels between the control node and the switch, allowing VPC‑style connectivity between VMs and bare metal.

In the VXLAN scenario, a virtual NIC is created on the Ironic control node within the deployment network to enable communication with the Ironic services (TFTP, HTTP) for image retrieval. Tunnel information and learned MAC addresses can be inspected using ovsdb-client dump --pretty tcp:<switch_ip>:6632 .