feat: Add BareMetalHost configuration to NVIDIA VFIO example

bogdando · aider-chat-bot · bogdando · commit 251f6957a9f6 · 2025-09-11T13:56:55.000+02:00
Co-authored-by: aider (gemini/gemini-2.5-pro) &lt;aider@aider.chat&gt;
Signed-off-by: Bohdan Dobrelia &lt;bdobreli@redhat.com&gt;
diff --git a/examples/va/nvidia-vfio-passthrough/README.md b/examples/va/nvidia-vfio-passthrough/README.md
@@ -29,6 +29,27 @@ the appropriate native NVIDIA driver installed. You will need a standard NVIDIA
 driver. Do not use vGPU-enabled guest drivers. The GPU will appear as a physical
 PCI device within the guest.
 
+### Host Configuration (`examples/va/nvidia-vfio-passthrough/edpm/nodeset/values.yaml`)
+
+The following parameters are crucial for host-level configuration:
+
+*   **BareMetalHost configuration**: `baremetalhosts` section contains information required by metal3 to provision baremetal nodes.
+    *   `bmc.address`: The IP address of the Baseboard Management Controller (BMC).
+    *   `bootMACAddress`: The MAC address of the network interface that the node will use to PXE boot.
+    *   `rootDeviceHints`: Hints for metal3 to identify the root device for the OS installation.
+    *   `preprovisioningNetworkData`: Network configuration to be applied to the node for provisioning.
+
+*   `edpm_kernel_args`: Appends necessary kernel arguments for VFIO passthrough.
+    *   `intel_iommu=on iommu=pt`: Enables the IOMMU for device passthrough.
+    *   `vfio-pci.ids=10de:20f1`: Instructs the `vfio-pci` driver to claim the specified GPU(s) by their vendor and product IDs at boot time. The example IDs `10de:20f1` are for an NVIDIA A100 GPU.
+    *   `rd.driver.pre=vfio-pci`: Avoids race conditions during boot by loading vfio-pci kernel module early.
+
+*   `edpm_tuned_profile` and `edpm_tuned_isolated_cores`: These parameters configure the `tuned` service.
+    *   `edpm_tuned_profile` is set to `cpu-partitioning-powersave` to enable CPU isolation features.
+    *   `edpm_tuned_isolated_cores` specifies the cores to be isolated. For CPU isolation we strongly recommend using the Tuned approach rather than `isolcpus` kernel argument.
+
+*   **VFIO-PCI Binding Service**: The `vfio-pci-bind` service in `va/nvidia-vfio-passthrough/edpm/nodeset/nova_gpu.yaml` blacklists the `nouveau` and `nvidia` kernel modules to ensure they do not interfere with the `vfio-pci` driver. The service also regenerates the initramfs and grub configuration to apply these changes. A reboot is required for these changes to take effect.
+
 ### Nodes
 
 | Role                        | Machine Type | Count |
diff --git a/examples/va/nvidia-vfio-passthrough/data-plane-pre.md b/examples/va/nvidia-vfio-passthrough/data-plane-pre.md
@@ -14,7 +14,12 @@ Change to the nvidia-vfio-passthrough directory
 ```
 cd architecture/examples/va/nvidia-vfio-passthrough
 ```
-Edit the [edpm/nodeset/values.yaml](edpm/nodeset/values.yaml) and [edpm/deployment/values.yaml](edpm/deployment/values.yaml) files to suit your environment.
+Edit the `edpm/nodeset/values.yaml` and `edpm/deployment/values.yaml` files to suit your environment.
+
+In `edpm/nodeset/values.yaml`, pay special attention to the `baremetalhosts` section. You will need to provide details for each of your baremetal compute nodes, including:
+- `bmc.address`: The IP address of the Baseboard Management Controller (BMC).
+- `bootMACAddress`: The MAC address of the network interface that the node will use to PXE boot.
+- Other parameters as described in the main [README.md](README.md).
 ```
 vi edpm/nodeset/values.yaml
 vi edpm/deployment/values.yaml
diff --git a/examples/va/nvidia-vfio-passthrough/edpm/nodeset/values.yaml b/examples/va/nvidia-vfio-passthrough/edpm/nodeset/values.yaml
@@ -10,6 +10,54 @@ metadata:
 data:
   root_password: cmVkaGF0Cg==
   preProvisioned: false
+  metal3_inspection: disabled
+  baremetalhosts:
+    edpm-compute-0:
+      labels:
+        nodeName: edpm-compute-0
+      bmc:
+        address: CHANGEME
+      bootMACAddress: CHANGEME
+      rootDeviceHints:
+        deviceName: /dev/vda
+      preprovisioningNetworkData: |
+        networkData:
+          links:
+            - id: provisioning
+              type: phy
+              name: CHANGEME
+          networks:
+            - id: provisioning
+              type: ipv4
+              link: provisioning
+              ip_address: 172.22.0.100 # CHANGEME
+              netmask: 255.255.255.0
+              routes:
+                - destination: 0.0.0.0/0
+                  next_hop: 172.22.0.1 # CHANGEME
+    edpm-compute-1:
+      labels:
+        nodeName: edpm-compute-1
+      bmc:
+        address: CHANGEME
+      bootMACAddress: CHANGEME
+      rootDeviceHints:
+        deviceName: /dev/vda
+      preprovisioningNetworkData: |
+        networkData:
+          links:
+            - id: provisioning
+              type: phy
+              name: CHANGEME
+          networks:
+            - id: provisioning
+              type: ipv4
+              link: provisioning
+              ip_address: 172.22.0.101 # CHANGEME
+              netmask: 255.255.255.0
+              routes:
+                - destination: 0.0.0.0/0
+                  next_hop: 172.22.0.1 # CHANGEME
   baremetalSetTemplate:
     ctlplaneInterface: eno2  # CHANGEME
     cloudUserName: cloud-admin
diff --git a/va/nvidia-vfio-passthrough/edpm/nodeset/baremetalhost.yaml b/va/nvidia-vfio-passthrough/edpm/nodeset/baremetalhost.yaml
@@ -0,0 +1,30 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: edpm-compute-0-preprovision-network-data
+  namespace: openstack
+type: Opaque
+stringData: {}
+---
+apiVersion: metal3.io/v1alpha1
+kind: BareMetalHost
+metadata:
+  labels: {}
+  name: edpm-compute-0
+  namespace: openstack
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: edpm-compute-1-preprovision-network-data
+  namespace: openstack
+type: Opaque
+stringData: {}
+---
+apiVersion: metal3.io/v1alpha1
+kind: BareMetalHost
+metadata:
+  labels: {}
+  name: edpm-compute-1
+  namespace: openstack
diff --git a/va/nvidia-vfio-passthrough/edpm/nodeset/baremetalhost_template.yaml b/va/nvidia-vfio-passthrough/edpm/nodeset/baremetalhost_template.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: metal3.io/v1alpha1
+kind: BareMetalHost
+metadata:
+  labels: {}
+  name: _ignored_
+  namespace: openstack
+  annotations:
+    inspect.metal3.io: _replaced_
+spec:
+  architecture: x86_64
+  automatedCleaningMode: metadata
+  bmc:
+    address: _replaced_
+    credentialsName: bmc-secret
+  bootMACAddress: _replaced_
+  bootMode: UEFI
+  rootDeviceHints: {}
+  online: false
+  preprovisioningNetworkDataName: _replaced_
diff --git a/va/nvidia-vfio-passthrough/edpm/nodeset/kustomization.yaml b/va/nvidia-vfio-passthrough/edpm/nodeset/kustomization.yaml
@@ -23,6 +23,26 @@ components:
 resources:
   - baremetalset-password-secret.yaml
   - nova_gpu.yaml
+  - baremetalhost.yaml
+
+patches:
+  - target:
+      kind: BareMetalHost
+    path: baremetalhost_template.yaml
+  - target:
+      kind: BareMetalHost
+      name: edpm-compute-0
+    patch: |
+     - op: replace
+       path: /spec/preprovisioningNetworkDataName
+       value: edpm-compute-0-preprovision-network-data
+  - target:
+      kind: BareMetalHost
+      name: edpm-compute-1
+    patch: |
+     - op: replace
+       path: /spec/preprovisioningNetworkDataName
+       value: edpm-compute-1-preprovision-network-data
 
 replacements:
   - source:
@@ -88,3 +108,137 @@ replacements:
           - spec.baremetalSetTemplate
         options:
           create: true
+  # BareMetalHost
+  - source:
+      kind: ConfigMap
+      name: edpm-nodeset-values
+      fieldPath: data.metal3_inspection
+    targets:
+      - select:
+          kind: BareMetalHost
+        fieldPaths:
+          - metadata.annotations.inspect\.metal3\.io
+        options:
+          create: true
+  # edpm-compute-0
+  - source:
+      kind: ConfigMap
+      name: edpm-nodeset-values
+      fieldPath: data.baremetalhosts.edpm-compute-0.labels
+    targets:
+      - select:
+          kind: BareMetalHost
+          name: edpm-compute-0
+        fieldPaths:
+          - metadata.labels
+        options:
+          create: true
+  - source:
+      kind: ConfigMap
+      name: edpm-nodeset-values
+      fieldPath: data.baremetalhosts.edpm-compute-0.bmc.address
+    targets:
+      - select:
+          kind: BareMetalHost
+          name: edpm-compute-0
+        fieldPaths:
+          - spec.bmc.address
+        options:
+          create: true
+  - source:
+      kind: ConfigMap
+      name: edpm-nodeset-values
+      fieldPath: data.baremetalhosts.edpm-compute-0.bootMACAddress
+    targets:
+      - select:
+          kind: BareMetalHost
+          name: edpm-compute-0
+        fieldPaths:
+          - spec.bootMACAddress
+        options:
+          create: true
+  - source:
+      kind: ConfigMap
+      name: edpm-nodeset-values
+      fieldPath: data.baremetalhosts.edpm-compute-0.rootDeviceHints
+    targets:
+      - select:
+          kind: BareMetalHost
+          name: edpm-compute-0
+        fieldPaths:
+          - spec.rootDeviceHints
+        options:
+          create: true
+  - source:
+      kind: ConfigMap
+      name: edpm-nodeset-values
+      fieldPath: data.baremetalhosts.edpm-compute-0.preprovisioningNetworkData
+    targets:
+      - select:
+          kind: Secret
+          name: edpm-compute-0-preprovision-network-data
+        fieldPaths:
+          - stringData
+        options:
+          create: true
+  # edpm-compute-1
+  - source:
+      kind: ConfigMap
+      name: edpm-nodeset-values
+      fieldPath: data.baremetalhosts.edpm-compute-1.labels
+    targets:
+      - select:
+          kind: BareMetalHost
+          name: edpm-compute-1
+        fieldPaths:
+          - metadata.labels
+        options:
+          create: true
+  - source:
+      kind: ConfigMap
+      name: edpm-nodeset-values
+      fieldPath: data.baremetalhosts.edpm-compute-1.bmc.address
+    targets:
+      - select:
+          kind: BareMetalHost
+          name: edpm-compute-1
+        fieldPaths:
+          - spec.bmc.address
+        options:
+          create: true
+  - source:
+      kind: ConfigMap
+      name: edpm-nodeset-values
+      fieldPath: data.baremetalhosts.edpm-compute-1.bootMACAddress
+    targets:
+      - select:
+          kind: BareMetalHost
+          name: edpm-compute-1
+        fieldPaths:
+          - spec.bootMACAddress
+        options:
+          create: true
+  - source:
+      kind: ConfigMap
+      name: edpm-nodeset-values
+      fieldPath: data.baremetalhosts.edpm-compute-1.rootDeviceHints
+    targets:
+      - select:
+          kind: BareMetalHost
+          name: edpm-compute-1
+        fieldPaths:
+          - spec.rootDeviceHints
+        options:
+          create: true
+  - source:
+      kind: ConfigMap
+      name: edpm-nodeset-values
+      fieldPath: data.baremetalhosts.edpm-compute-1.preprovisioningNetworkData
+    targets:
+      - select:
+          kind: Secret
+          name: edpm-compute-1-preprovision-network-data
+        fieldPaths:
+          - stringData
+        options:
+          create: true
