Control Server Setup

Operating System Installation

Warewulf has almost no predetermined or required configurations aside from a base architecture networking layout. Install your Linux distribution of choice as you would like, but do pay attention to the cluster’s private network configuration.


A clustered resource depends on a private management network. This network can be either persistent (it is always “up” even after provisioning) to temporary which might only be used for provisioning and/or out of band system control and management e.g. IPMI).

It is important for this management network to be private to the compute resource because Warewulf requires network services on that network which may conflict with services on the production/public network (e.g. DHCP). It is also important from a security perspective as the management network for typical HPC systems have an implied trust level associated with it and generally there is no firewalling or network monitoring occurring on these networks.

Usually, the control node is “dual homed” which means it has at least two interface cards, one connected to the private cluster network and one dedicated to the public network (as the figure above demonstrates).


It is possible to omit the public network interface with a reverse NAT. Warewulf can operate in this configuration but it extends beyond the scope of this documentation.

Many clusters have more than one private network. This is common for performance critical HPC clusters that implement a high speed and low latency network like InfiniBand. In this case, this network is used for high speed data transfers for inter-process communication between compute nodes and file system IO.

Warewulf will need to be configured to use the private cluster management network. Warewulf will use this network for booting the nodes over PXE. There are three network protocols used to accomplish this DHCP/BOOT, TFTP, and HTTP on port 9873. Warewulf will use the operating system’s provided version of DHCP (ISC-DHCP) and TFTP for the PXE bootstrap to iPXE, and then iPXE will use Warewulf’s internal HTTP services to transfer the larger files for provisioning.


The addressing scheme of your private cluster network is 100% up to the system integrator, but for large clusters, many organizations like to organize the address allocations. Below is a recommended IP addressing scheme which we will use for the rest of this document.

  • Private network address IP

  • Private network subnet mask (

Here is an example of how the cluster’s address can be divided for a 255 node cluster:

  • - Cluster infrastructure including this host, schedulers, file systems, routers, switches, etc.

  • - DHCP range for booting nodes

  • - Static node addresses

  • - IPMI and/or out of band addresses for the compute nodes

Multiple networks

It is possible to configure several networks not just for the nodes but also for the management of dhcpd and tftp. There are two ways to achive this:

  1. Add the networks to the templates of dhcpd and/or the dnsmasq template directly.

  2. Add the networks to a dummy node and change the templates of dhcp and dnsmasq accordingly.

As the first solution is trivial only the second way is described in the following lines.

As first the first step, add the dummy node.

wwctl node add deliverynet

Now you will have to add the delivery networks to this node.

wwctl node set \
  --ipaddr \
  --netmask \
  --netname deliver1 \
  --nettagadd network=,dynstart=,dynend= \

wwctl node set \
  --ipaddr \
  --netmask \
  --netname deliver2 \
  --nettagadd network=,dynstart=,dynend= \

The ip address is used as the network address of host in the delivery network and an additional tags is used for definition of the network itself and the dynamic dhcp range. You can check the result with wwctl node list.

# wwctl node list -a deliverynet
NODE         FIELD                             PROFILE  VALUE
deliverynet  Id                                --       deliverynet
deliverynet  Comment                           default  This profile is automatically included for each node
deliverynet  ContainerName                     default  leap15.5
deliverynet  Ipxe                              --       (default)
deliverynet  RuntimeOverlay                    --       (generic)
deliverynet  SystemOverlay                     --       (wwinit)
deliverynet  Root                              --       (initramfs)
deliverynet  Init                              --       (/sbin/init)
deliverynet  Kernel.Args                       --       (quiet crashkernel=no vga=791 net.naming-scheme=v238)
deliverynet  Profiles                          --       default
deliverynet  PrimaryNetDev                     --       (deliver1)
deliverynet  NetDevs[deliver2].Type            --       (ethernet)
deliverynet  NetDevs[deliver2].OnBoot          --       (true)
deliverynet  NetDevs[deliver2].Ipaddr          --
deliverynet  NetDevs[deliver2].Netmask         --
deliverynet  NetDevs[deliver2].Tags[dynend]    --
deliverynet  NetDevs[deliver2].Tags[dynstart]  --
deliverynet  NetDevs[deliver2].Tags[network]   --
deliverynet  NetDevs[deliver1].Type            --       (ethernet)
deliverynet  NetDevs[deliver1].OnBoot          --       (true)
deliverynet  NetDevs[deliver1].Ipaddr          --
deliverynet  NetDevs[deliver1].Netmask         --
deliverynet  NetDevs[deliver1].Primary         --       (true)
deliverynet  NetDevs[deliver1].Tags[network]   --
deliverynet  NetDevs[deliver1].Tags[dynend]    --
deliverynet  NetDevs[deliver1].Tags[dynstart]  --

Now the templates of dhcpd and/or dnsmasq must be modified. You can edit the configuration files.

wwctl overlay edit host etc/dhcpd.conf.ww
wwctl overlay edit host etc/dnsmasq.d/ww4-hosts.ww

For the dhcp template you should add following lines

{{/* multiple networks */}}
{{- range $node := $.AllNodes}}
{{- if eq $node.Id.Get "deliverynet" }}
{{- range $netname, $netdev := $node.NetDevs}}
# network {{ $netname }}
subnet {{$}} netmask {{$netdev.Netmask.Get}} {
    max-lease-time 120;
    range {{$netdev.Tags.dynstart.Get}} {{$netdev.Tags.dynend.Get}};
    next-server {{$netdev.Ipaddr.Get}};
{{- end }}
{{- end }}
{{- end }}

and for the dnsmasq the following lines should be added

{{/* multiple networks */}}
{{- range $node := $.AllNodes}}
{{- if eq $node.Id.Get "deliverynet" }}
{{- range $netname, $netdev := $node.NetDevs}}
# network {{ $netname }}
{{- end }}
{{- end }}
{{- end }}

Note that the {{- if eq $node.Id.Get "deliverynet" }} is used to identify the dummy host which carries the network information.