Install a Subcloud Without Redfish Platform Management Service

For subclouds with servers that do not support Redfish Virtual Media Service, the ISO is installed locally at the subcloud. You can use the Central Cloud’s CLI to bootstrap subclouds from the Central Cloud.

About this task

After physically installing the hardware and network connectivity of a subcloud, the subcloud installation process has two phases:

  • Installing the ISO on controller-0; this is done locally at the subcloud by using either, a bootable USB device, or a local PXE boot server

  • Executing the dcmanager subcloud add command in the Central Cloud that uses Ansible to bootstrap StarlingX on controller-0 in the subcloud


After a successful remote installation of a subcloud in a Distributed Cloud system, a subsequent remote reinstallation fails because of an existing ssh key entry in the /root/.ssh/known_hosts on the System Controller. In this case, delete the host key entry, if present, from /root/.ssh/known_hosts on the System Controller before doing reinstallations.


  • You must have downloaded from a StarlingX mirror.

  • In order to be able to deploy subclouds from either controller, all local files that are referenced in the bootstrap.yml file must exist on both controllers (for example, /home/sysadmin/docker-registry-ca-cert.pem).


  1. At the subcloud location, physically install the servers and network connectivity required for the subcloud.


    The servers require connectivity to a gateway router that provides IP routing between the subcloud management subnet and the System Controller management subnet, and between the subcloud OAM subnet and the System Controller subnet.

  2. Update the ISO image to modify installation boot parameters (if required), automatically select boot menu options and add a kickstart file to automatically perform configurations such as configuring the initial IP Interface for bootstrapping.

    For subclouds, the initial IP Interface should be the planned OAM IP Interface for the subcloud.

    Use the script from a StarlingX mirror. The script is used as follows: -i <input bootimage.iso> -o <output bootimage.iso>
                    [ -a <ks-addon.cfg> ] [ -p param=value ]
                    [ -d <default menu option> ] [ -t <menu timeout> ]
         -i <file>: Specify input ISO file
         -o <file>: Specify output ISO file
         -a <file>: Specify ks-addon.cfg file
         -p <p=v>:  Specify boot parameter
                    -p rootfs_device=nvme0n1
                    -p boot_device=nvme0n1
                    -p rootfs_device=/dev/disk/by-path/pci-0000:00:0d.0-ata-1.0
                    -p boot_device=/dev/disk/by-path/pci-0000:00:0d.0-ata-1.0
         -d <default menu option>:
                    Specify default boot menu option:
                    0 - Standard Controller, Serial Console
                    1 - Standard Controller, Graphical Console
                    2 - AIO, Serial Console
                    3 - AIO, Graphical Console
                    4 - AIO Low-latency, Serial Console
                    5 - AIO Low-latency, Graphical Console
                    NULL - Clear default selection
         -t <menu timeout>:
                    Specify boot menu timeout, in seconds

    The following example ks-addon.cfg file, used with the -a option, sets up an initial IP interface at boot time by defining a VLAN on an Ethernet interface and has it use DHCP to request an IP address:

    #### start ks-addon.cfg
    cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$OAM_DEV
    cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$OAM_DEV.$OAM_VLAN
    #### end ks-addon.cfg

    After updating the ISO image, create a bootable USB with the ISO or put the ISO on a PXEBOOT server.

  3. At the subcloud location, install the StarlingX software from a USB device or a PXE Boot Server on the server designated as controller-0.

  4. At the subcloud location, verify that the OAM interface on the subcloud controller has been properly configured by the kickstart file added to the ISO.

  5. Log in to the subcloud’s controller-0 and ping the Central Cloud’s floating OAM IP Address.

  6. At the System Controller, create a /home/sysadmin/subcloud1-bootstrap-values.yaml overrides file for the subcloud.

    For example:

    system_mode: simplex
    name: "subcloud1"
    description: "test"
    location: "loc"
        url: registry.central:9001/
        url: registry.central:9001/
        url: registry.central:9001/
        url: registry.central:9001/
        url: registry.central:9001/
        url: registry.central:9001/
        username: sysinv
        password: <sysinv_password>
        type: docker

    Where <sysinv_password> can be found by running the following command as ‘sysadmin’ on the Central Cloud:

    $ keyring get sysinv services

    This configuration uses the local registry on your central cloud. If you prefer to use the default external registries, make the following substitutions for the docker_registries and additional_local_registry_images sections of the file.

       username: <your_wrs-aws.io_username>
       password: <your_wrs-aws.io_password>


    If you have a reason not to use the Central Cloud’s local registry you can pull the images from another local private docker registry.

  7. You can use the Central Cloud’s local registry to pull images on subclouds. The Central Cloud’s local registry’s HTTPS certificate must have the Central Cloud’s OAM IP, registry.local and registry.central in the certificate’s SAN list. For example, a valid certificate contains a SAN list "DNS.1: registry.local DNS.2: registry.central IP.1: <floating management\> IP.2: <floating OAM\>".

    If required, run the following command on the Central Cloud prior to bootstrapping the subcloud to install the new certificate for the Central Cloud with the updated SAN list:

    ~(keystone_admin)]$ system certificate-install -m docker_registry path_to_cert
  1. At the Central Cloud / System Controller, monitor the progress of the subcloud bootstrapping and deployment by using the deploy status field of the dcmanager subcloud list command.

    ~(keystone_admin)]$ dcmanager subcloud list
    | id | name      | management | availability | deploy status | sync    |
    |  1 | subcloud1 | unmanaged  | online       | complete      | unknown |

    The deploy status field has the following values:


    This status indicates that the Ansible bootstrap of StarlingX Platform software on the subcloud’s controller-0 is in progress.


    This status indicates that subcloud deployment is complete.

    The subcloud bootstrapping and deployment can take up to 30 minutes.


    If there is a failure during bootstrapping, you must delete the subcloud before re-adding it, using the dcmanager subcloud add command. For more information on deleting, managing or unmanaging a subcloud, see Managing Subclouds Using the CLI.

  2. You can also monitor detailed logging of the subcloud bootstrapping and deployment by monitoring the following log files on the active controller in the Central Cloud.


    For example:

    controller-0:/home/sysadmin# tail /var/log/dcmanager/ansible/subcloud1_bootstrap.log {password: secret, url: null} {password: secret, url: null}
    TASK [bootstrap/bringup-essential-services : Mark the bootstrap as completed] ***
    changed: [subcloud1]
    PLAY RECAP *********************************************************************
    subcloud1                  : ok=230  changed=137  unreachable=0    failed=0


  • Provision the newly installed and bootstrapped subcloud. For detailed StarlingX deployment procedures for the desired deployment configuration of the subcloud, see the post-bootstrap steps of the Installation guide.

  • Check and update docker registry credentials on the subcloud:

    SECRET_UUID='system service-parameter-list | fgrep
    $REGISTRY | fgrep auth-secret | awk '{print $10}''
    SECRET_REF='openstack secret list | fgrep $
    {SECRET_UUID} | awk '{print $2}''
    openstack secret get ${SECRET_REF} --payload -f value

    The secret payload should be username: sysinv password:<password>. If the secret payload is username: admin password:<password>, see, Updating Docker Registry Credentials on a Subcloud for more information.

  • For more information on bootstrapping and deploying, see the procedure Install a subcloud, step 4.