Managed and unmanaged inspection¶
In-band inspection can be managed or unmanaged. This document explains the difference between these two concepts and applies both to the built-in in-band inspection and to Inspector Support.
Managed inspection¶
Inspection is managed when the Bare Metal conductor fully configures the node for inspection, including setting boot device, boot mode and power state. This is the only way to conduct inspection using Virtual media boot or with Layer 3 or DHCP-less ramdisk booting. This mode is engaged automatically when the node has sufficient information to configure boot (e.g. ports in case of iPXE).
For network interfaces based on OpenStack Networking (e.g. flat
and
neutron
), the UUID or name of the inspection network must be provided via
configuration or driver_info
, for example:
[neutron]
inspection_network = <NETWORK UUID>
There are a few configuration options that tune managed inspection, the most
important is extra_kernel_params
, which allows adding kernel parameters for
inspection specifically. This is where you can configure
inspection collectors and other parameters, for example:
[inspector]
extra_kernel_params = ipa-inspection-collectors=default,logs ipa-collect-lldp=1
For the callback URL the ironic-inspector endpoint from the service catalog is used. If you want to override the endpoint for callback only, set the following option:
[inspector]
callback_endpoint_override = https://example.com/baremetal-introspection/v1/continue
For the built-in inspection, the bare metal API endpoint can be overridden instead:
[service_catalog]
endpoint_override = https://example.com/baremetal
Unmanaged inspection¶
Under unmanaged inspection we understand in-band inspection where the boot configuration (iPXE scripts, DHCP options, etc) is not provided by the Bare Metal service. In this case, the node is simply set to boot from network and powered on. The operator is responsible for the correct network boot configuration, e.g. as explained in Configuring unmanaged in-band inspection.
Unmanaged inspection was the only inspection mode before the Ussuri release, and it is still used when the node’s boot cannot be configured by the conductor. The options described above do not affect unmanaged inspection.
Because of the complex installation and operation requirements, unmanaged
inspection is disabled by default. To enable it, set require_managed_boot
to False
:
[inspector]
require_managed_boot = False