Skip to content

Commit da980af

Browse files
kelbrown20kelbrown20
authored
Merge pull request #63913 from johnwilkins/OCPBUGS-17088
OCPBUGS-17088: Baremetal IPI install doc is missing required port access information
2 parents 25b233d + f7067fd commit da980af

File tree

1 file changed

+35
-2
lines changed

1 file changed

+35
-2
lines changed

modules/ipi-install-network-requirements.adoc

Lines changed: 35 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,39 @@ Installer-provisioned installation of {product-title} involves several network r
1010

1111
image::210_OpenShift_Baremetal_IPI_Deployment_updates_0122_2.png[Installer-provisioned networking]
1212

13+
[id="network-requirements-ensuring-required-ports-are-open_{context}"]
14+
== Ensuring required ports are open
15+
16+
Certain ports must be open between cluster nodes for installer-provisioned installations to complete successfully. In certain situations, such as using separate subnets for far edge worker nodes, you must ensure that the nodes in these subnets can communicate with nodes in the other subnets on the following required ports.
17+
18+
.Required ports
19+
[options="header"]
20+
|====
21+
|Port|Description
22+
23+
|`67`,`68` | When using a provisioning network, cluster nodes access the `dnsmasq` DHCP server over their provisioning network interfaces using ports `67` and `68`.
24+
25+
| `69` | When using a provisioning network, cluster nodes communicate with the TFTP server on port `69` using their provisioning network interfaces. The TFTP server runs on the bootstrap VM. The bootstrap VM runs on the provisioner node.
26+
27+
| `80` | When not using the image caching option or when using virtual media, the provisioner node must have port `80` open on the `baremetal` machine network interface to stream the {op-system-first} image from the provisioner node to the cluster nodes.
28+
29+
| `123` | The cluster nodes must access the NTP server on port `123` using the `baremetal` machine network.
30+
31+
|`5050`| The Ironic Inspector API runs on the control plane nodes and listens on port `5050`. The Inspector API is responsible for hardware introspection, which collects information about the hardware characteristics of the bare metal nodes.
32+
33+
|`6180`| When deploying with virtual media and not using TLS, the provisioner node and the control plane nodes must have port `6180` open on the `baremetal` machine network interface so that the baseboard management controller (BMC) of the worker nodes can access the {op-system} image. Starting with {product-title} 4.13, the default HTTP port is `6180`.
34+
35+
|`6183`| When deploying with virtual media and using TLS, the provisioner node and the control plane nodes must have port `6183` open on the `baremetal` machine network interface so that the BMC of the worker nodes can access the {op-system} image.
36+
37+
|`6385`| The Ironic API server runs initially on the bootstrap VM and later on the control plane nodes and listens on port `6385`. The Ironic API allows clients to interact with Ironic for bare metal node provisioning and management, including operations like enrolling new nodes, managing their power state, deploying images, and cleaning the hardware.
38+
39+
|`8080`| When using image caching without TLS, port `8080` must be open on the provisioner node and accessible by the BMC interfaces of the cluster nodes.
40+
41+
|`8083`| When using the image caching option with TLS, port `8083` must be open on the provisioner node and accessible by the BMC interfaces of the cluster nodes.
42+
43+
|`9999`| By default, the Ironic Python Agent (IPA) listens on TCP port `9999` for API calls from the Ironic conductor service. This port is used for communication between the bare metal node where IPA is running and the Ironic conductor service.
44+
45+
|====
1346

1447
[id="network-requirements-increase-mtu_{context}"]
1548
== Increase the network MTU
@@ -111,7 +144,7 @@ For the `baremetal` network, a network administrator must reserve a number of IP
111144
[IMPORTANT]
112145
.Reserving IP addresses so they become static IP addresses
113146
====
114-
Some administrators prefer to use static IP addresses so that each node's IP address remains constant in the absence of a DHCP server. To configure static IP addresses with NMState, see "(Optional) Configuring host network interfaces" in the "Setting up the environment for an OpenShift installation" section.
147+
Some administrators prefer to use static IP addresses so that each node's IP address remains constant in the absence of a DHCP server. To configure static IP addresses with NMState, see "(Optional) Configuring node network interfaces" in the "Setting up the environment for an OpenShift installation" section.
115148
====
116149

117150
[IMPORTANT]
@@ -161,4 +194,4 @@ You can reconfigure the control plane nodes to act as NTP servers on disconnecte
161194
[id='network-requirements-out-of-band_{context}']
162195
== Port access for the out-of-band management IP address
163196

164-
The out-of-band management IP address is on a separate network from the node. To ensure that the out-of-band management can communicate with the provisioner during installation, the out-of-band management IP address must be granted access to port `6180` on the bootstrap host and on the {product-title} control plane hosts. TLS port `6183` is required for virtual media installation, for example, via Redfish.
197+
The out-of-band management IP address is on a separate network from the node. To ensure that the out-of-band management can communicate with the provisioner node during installation, the out-of-band management IP address must be granted access to port `6180` on the provisioner node and on the {product-title} control plane nodes. TLS port `6183` is required for virtual media installation, for example, by using Redfish.

0 commit comments

Comments
 (0)