How to Deploy OpenShift IPI on KVM Using Redfish and Sushy Simulation

Deploying OpenShift IPI on KVM (Baremetal Simulation with Redfish & Sushy)

Technical writer Ashish Nair details a method for deploying OpenShift via Installer Provisioned Infrastructure (IPI) on KVM by simulating bare-metal power management. The process leverages Sushy-tools to act as a Redfish emulator for libvirt-managed virtual machines.

Why This Matters

While OpenShift does not natively support IPI on KVM, this simulation technique allows engineers to replicate complex bare-metal deployment workflows in resource-constrained lab environments. By utilizing Redfish emulation, developers can test the full automation lifecycle of OpenShift—including hardware provisioning and node management—without requiring expensive physical server hardware or dedicated IPMI/iDrac interfaces.

Key Insights

• Sushy-tools serves as a Redfish emulator that interfaces with the libvirt daemon (qemu:///system) to provide virtual BMC capabilities for VMs (Ashish Nair, 2026).
• OpenShift installers used for this method must be compiled with the ‘libvirt’ tag using ‘TAGS=libvirt hack/build.sh’ to enable the necessary provisioning hooks.
• The installation process requires a specific libvirt network configuration with DNSmasq to handle the initial bootstrap phase and node discovery.
• Redfish power operations in this environment depend on UEFI firmware, requiring specific symbolic links in /usr/share/OVMF for secure boot and variable persistence.
• The install-config.yaml must define hosts as baremetal with bmc addresses using the ‘redfish-virtualmedia+http’ protocol to interact with the Sushy emulator.

Working Examples

Creating virtual disks for OpenShift master and worker nodes.

qemu-img create -f qcow2 /var/lib/libvirt/images/master-1.qcow2 120G; qemu-img create -f qcow2 /var/lib/libvirt/images/master-2.qcow2 120G; qemu-img create -f qcow2 /var/lib/libvirt/images/master-3.qcow2 120G; qemu-img create -f qcow2 /var/lib/libvirt/images/worker-1.qcow2 120G

Setting up and starting the Sushy Redfish emulator.

python3 -m venv ~/sushy-env; source ~/sushy-env/bin/activate; pip install sushy-tools; sushy-emulator -i 192.168.122.1 --port 8000 --libvirt-uri qemu:///system

Validating Redfish power control via the Sushy emulator.

curl -X POST http://192.168.122.1:8000/redfish/v1/Systems/<ID>/Actions/ComputerSystem.Reset -H "Content-Type: application/json" -d '{"ResetType": "On"}'

Compiling the OpenShift installer with libvirt support.

git clone https://github.com/openshift/installer.git; cd installer; TAGS=libvirt hack/build.sh; sudo cp bin/openshift-install /usr/local/bin/

Configuration snippet for install-config.yaml targeting the Redfish emulator.

platform: baremetal: externalBridge: "virbr0" apiVIP: 192.168.122.10 ingressVIP: 192.168.122.11 provisioningNetwork: "Disabled" hosts: - name: master role: master bmc: address: redfish-virtualmedia+http://192.168.122.1:8000/redfish/v1/Systems/<ID> username: admin password: password bootMACAddress: 52:54:00:3d:30:b5

Practical Applications

• Simulating bare-metal OpenShift production environments on a single developer workstation for CI/CD pipeline testing.
• Pitfall: Failing to create symbolic links for OVMF firmware files will cause Redfish power-on commands to fail, halting the installation.
• Testing OpenShift cluster updates and IPI lifecycle management without access to physical iDrac or ILO interfaces.
• Pitfall: Incorrect machineNetwork CIDR or externalBridge settings in install-config.yaml will cause the bootstrap node to lose connectivity.

References:

• https://dev.to/ashish_nair_d9b10ba4f8126/deploying-openshift-ipi-on-kvm-baremetal-simulation-with-redfish-sushy-2o60
• https://github.com/openshift/installer.git