CLI Commands

Users can access any OpenStack CLI command that they have permission to use. For example, once a node is assigned to an owner or lessee they can use Ironic CLI commands to work with that node as limited by Ironic policy; see the Ironic CLI reference for more information.

These commands may be of particular interest to ESI users.

Assigning Owners

	Admin Actions
Assign Node Owner	`openstack baremetal node set --owner <project_id> <node_name_or_uuid>`
Unassign Node Owner	`openstack baremetal node unset --owner <node_name_or_uuid>`

Leasing Workflows

There are two possible node leasing workflows.

Simple Workflow

In the simple case, node lessees are managed directly by admins and owners, who assign and unassign nodes to a project as they see fit. This workflow does not require any custom ESI services.

	Admin/Owner Actions
Assign Node Lessee	`openstack baremetal node set --lessee <project_id> <node_name_or_uuid>`
Unassign Node Lessee	`openstack baremetal node unset --lessee <node_name_or_uuid>`

ESI Leasing Workflow

If ESI Leap is installed, then node leases can also be managed as follows:

Owner Actions

Node owners can lease a node directly to a lessee, or offer up their nodes for lease for a given time period. Unoffered nodes cannot be seen by lessees.

	Owner Actions
Create Lease	`openstack esi lease create --start-time <start_time> --end-time <end_time> <node_uuid_or_name> <lessee_project>`
Show Lease	`openstack esi lease show <lease_uuid>`
Delete Lease	`openstack esi lease delete <lease_uuid>`
Create Offer	`openstack esi offer create --start-time <start_time> --end-time <end_time> <node_uuid_or_name>`
View Offer	`openstack esi offer show <offer_uuid>`
Delete Offer	`openstack esi offer delete <offer_uuid>`

Lessee Actions

Users can view available offers and claim an offer to create a lease.

	Lessee Actions
List Offers	`openstack esi offer list`
Claim Offer	`openstack esi offer claim --start-time <start_time> --end-time <end_time> <offer_uuid>`
List Leases	`openstack esi lease list`
Show Lease	`openstack esi lease show <lease_uuid>`
Delete Lease	`openstack esi lease delete <lease_uuid>`

Subleases

A lessee can perform owner actions on a node that they have leased, effectively subleasing a node. Note that a sublessee cannot further sublease a node.

Limited Offers and Subprojects

An offer can be made available to a limited number of projects by using the --lessee option when creating the offer.

	Owner Actions
Create Limited Offer	`openstack esi offer create --start-time <start_time> --end-time <end_time> --lessee <lessee_project> <node_uuid_or_name>`

An offer created in such a way is available not only to the lessee project, but to the entire subtree of projects beneath the lessee project. As a result, using this feature effectively requires projects to be carefully organized.

Provisioning a Node

There are multiple ways for a non-admin to provision a node.

Image

Image-based provisioning can be accomplished through the use of Metalsmith. It requires the image to be uploaded into OpenStack Glance. Once that’s done, a non-admin can run the following:

	Actions
Provision Node	`metalsmith deploy --resource-class baremetal --image <image> --network <network> --candidate <node id> --ssh-public-key <path-to-key>`
Undeploy Node	`metalsmith undeploy <node id>`

Volume

If you’d like to create a volume from an image, run the following:

	Actions
Create Volume from Image	`openstack volume create <volume-name> --image <image> --bootable --size <size-in-gb>`

In order to boot a node from a volume, two node attributes must be set as follows:

The node owner or admin should set the iscsi_boot node capability prior to leasing the node.
The node lessee should not be allowed to edit the storage_interface node attribute. Instead, they can run the following command to temporarily override that value (until the node is cleaned):

	Actions
Override Storage Interface	`openstack baremetal node set --instance-info storage_interface=cinder <node>`

The process for booting a node from a volume is described in the Ironic boot-from-volume documentation. You can also use python-esiclient to run that workflow with a single command:

	Actions
Boot Node from Volume	`openstack esi node volume attach (--network <network> \| --port <port>) <node> <volume>`

External Provisioning

In order to use an external provisioning service, simply attach the node to the appropriate network. You can do so through OpenStack Neutron and Ironic CLI commands; or use python-esiclient:

	Actions
Attach Network to Node	`openstack esi node network attach (--network <network> \| --port <port> \| --trunk <trunk>) <node>`

Serial Console Access

In order to access a node using a serial console, the admin or owner must configure the node’s console interface. Instructions for this can be found under Configuring Web or Serial Console in Ironic’s documentation. Once the node is properly configured, the console can be enabled and disabled as needed.

Following is the pre-requisite for functioning of serial console:

The ipmi_terminal_port port must be unique and only the admin or node owner can set this value.
The admin must open the firewall on the controller to allow TCP connections on the port.

	Actions
Enable Console	`openstack baremetal node console enable <node>`
Disable Console	`openstack baremetal node console disable <node>`

Serial console information is available from the Bare Metal service. Get serial console information for a node from the Bare Metal service as follows:

	Actions
Show Console Information	`openstack baremetal node console show <node>`

openstack baremetal node console show <node> will generate the following output:

Property	Value
console_enabled	True
console_info	{u’url’: u’`tcp://<host>:<port>`’, u’type’: u’socat’}

If console_enabled is true, we can access the serial console using following command:

socat - tcp:<host>:<port>

If console_enabled is false or console_info is None then the serial console is disabled. Note, there can only be one ipmi connection to the node, meaning only one user may access the console at a time.

Additional ESI CLI Actions

python-esiclient and python-esileapclient provide additional commands that combine multiple OpenStack CLI functions into a single action.

Node/Lease Information

	Actions
List Nodes with Lease Status	`openstack esi node list`

Node/Network Management

	Actions
List Node/Network Attachments	`openstack esi node network list`
Attach Network to Node	`openstack esi node network attach (--network <network> \| --port <port> \| --trunk <trunk>) <node>`
Detach Network from Node	`openstack esi node network detach <node> <port>`

Boot Node from Volume

	Actions
Boot Node from Volume	`openstack esi node volume attach (--network <network> \| --port <port>) <node> <volume>`

Boot Node from Disk

	Actions
Boot Node from Disk	`openstack baremetal node boot device set <node> disk (--persistent)`

If not adding --persistent, the node will only boot from device once. Conversely, --persistent makes changes persistent for all future boots until the node is cleaned.

Trunk Ports

	Actions
List Trunk Ports	`openstack esi trunk list`
Create Trunk Port	`openstack esi trunk create --native-network <native-network> --tagged-networks <tagged-network> <name>`
Add Network to Trunk Port	`openstack esi trunk add network --tagged-networks <tagged-network> <name>`
Remove Network from Trunk Port	`openstack esi trunk remove network --tagged-networks <tagged-network> <name>`
Delete Trunk Port	`openstack esi trunk delete <name>`

	Network Owner Actions
List RBAC Policies	`openstack network rbac list`
Share Network	`openstack network rbac create --action access_as_shared --type network --target-project <project-to-gain-access> <network>`
Unshare Network	`openstack network rbac delete <rbac policy>`

	Image Owner Actions
Share Image	`openstack image add project <image> <project>`
Unshare Image	`openstack image remove project <image> <project>`

	Target Volume Owner Actions
Accept Volume Transfer Request	`openstack volume transfer request accept --auth-key <auth_key> <request_id>`