# OpenShift via Bare Metal IPI The `install-config.yaml` below is what I used to automate installing OpenShift on some Dell servers. I used "Virtual Media" instead of PXE. This requires the Dell servers to have iDRAC with firmware version according to the table below... https://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/installing_on_bare_metal/installer-provisioned-infrastructure#ipi-install-firmware-requirements-for-installing-with-virtual-media_ipi-install-prerequisites Running `openshift-install` with this config file will cause a temporary "bootstrap" VM to be created. That temporary VM is used to mount the customized ISO to the iDRAC and boot the servers. :::warning Because a temporary VM is created, it's not recommened to run this confg / `openshift-install` on a VM. That would cause a nested virtualization situation which I've seen fail with no clear error message. 😥 I would recommend using a laptop or some other phsical bastion / workstation / whatever that is close to the iDRAC. You don't want to have the temporary VM be far away from the iDRACs... ::: ```yaml= --- apiVersion: v1 baseDomain: dota-lab.iad.redhat.com metadata: name: dell-taco #fips: true networking: machineNetwork: - cidr: 10.15.168.0/24 networkType: OVNKubernetes controlPlane: name: master replicas: 3 compute: - name: worker replicas: 0 # Create a "compact" 3-node cluster sshKey: 'ssh-ed25519 AAAAC3Nza... core@openshift-nodes' pullSecret: '{"auths":{"mirror.example.com:8443":{"auth":"YWRtaW46cmVkaGF0MTIz"}}}'' platform: baremetal: additionalNTPServers: - clock.corp.redhat.com apiVIPs: - 10.15.168.147 ingressVIPs: - 10.15.168.148 # The externalBridge and provisioningNetwork parameters control the creation of the bootstrap VM (via libvirt) externalBridge: "labnet" ### Configured via NetworkManager (nmcli con add type bridge ...) provisioningNetwork: "Disabled" ### Don't use PXE, use redfish/idrac-virtualmedia instead hosts: - name: dell-r760-01 role: master bmc: address: idrac-virtualmedia://dell-r760-01-idrac.dota-lab.iad.redhat.com/redfish/v1/Systems/System.Embedded.1 disableCertificateVerification: True ###jcall got certs signed by ca2.corp.redhat.com certs, and provided the CA certs in additionalTrustBundle, but it still fails :( username: root password: calvin bootMode: UEFI #not using UEFISecureBoot for this host because it conflicts with NVIDIA GPU Operator/driver :( bootMACAddress: 30:3e:a7:28:40:40 # You must provide a valid MAC address from the host if you disable the provisioning network. rootDeviceHints: model: "Dell BOSS" # This is a substring match for "Dell BOSS-N1" #deviceName: "/dev/disk/by-path/pci-0000:01:00.0-nvme-1" # use the more generic "model" name above networkConfig: #https://docs.redhat.com/en/documentation/openshift_container_platform/4.10/html/installing/deploying-installer-provisioned-clusters-on-bare-metal#configuring-host-network-interfaces-in-the-install-config-yaml-file_ipi-install-installation-workflow interfaces: - name: bond-labnet type: bond state: up mtu: 9000 link-aggregation: mode: 802.3ad port: - eno12399 - eno12409 lldp: enabled: true ipv4: enabled: true dhcp: true ipv6: enabled: false - name: dell-r760-02 role: master bmc: address: idrac-virtualmedia://dell-r760-02-idrac.dota-lab.iad.redhat.com/redfish/v1/Systems/System.Embedded.1 disableCertificateVerification: True username: root password: calvin bootMode: UEFISecureBoot bootMACAddress: 30:3e:a7:28:41:98 rootDeviceHints: model: "Dell BOSS" networkConfig: interfaces: - name: bond-labnet type: bond state: up mtu: 9000 link-aggregation: mode: 802.3ad port: - eno12399 - eno12409 lldp: enabled: true ipv4: enabled: true dhcp: true ipv6: enabled: false - name: dell-r760-03 role: master bmc: address: idrac-virtualmedia://dell-r760-03-idrac.dota-lab.iad.redhat.com/redfish/v1/Systems/System.Embedded.1 disableCertificateVerification: True username: root password: calvin bootMode: UEFISecureBoot bootMACAddress: 30:3e:a7:28:42:68 rootDeviceHints: model: "Dell BOSS" networkConfig: interfaces: - name: bond-labnet type: bond state: up mtu: 9000 link-aggregation: mode: 802.3ad port: - eno12399 - eno12409 lldp: enabled: true ipv4: enabled: true dhcp: true ipv6: enabled: false ```