Confluent¶
Confluent handles the essential bootstrap and day-to-day operation of scale-out server configurations. It deploys operating systems, controls hardware, manages consoles, gathers telemetry, and onboards new devices across clusters ranging from a handful of nodes to many thousands. Confluent supports both x86_64 and arm64 (aarch64) architectures.
Confluent is the modern successor of xCAT. If you are coming from xCAT, see Confluent vs. xCAT.
Where to begin¶
-
Get started
Install confluent and take a single example flow from a bare management server to a deployed cluster.
-
Install
Set up the confluent management server on your distribution of choice and open the required firewall ports.
-
Deploy operating systems
Provision stateful and stateless images over PXE, HTTP(S) boot, or virtual media, with customization at every phase.
-
Reference
The building blocks you use every day: node attributes, the noderange language, and attribute expressions.
-
Discover & onboard
Detect generic PXE systems or hardware managers, then onboard them by serial number, MAC, switch port, or physical location.
-
Automate
Drive confluent from the REST API, the Python client library, the filesystem-like
confettybrowser or backup and restore its database.
What confluent does¶
-
Console management
Arbitrate multi-user access with full, fine-grained timestamped logging and VT-aware buffering, so a console reconnect reconstitutes cleanly.
-
Hardware control
Power, next-boot device, BIOS/UEFI/BMC settings, storage controllers (RAID), health checks, telemetry, virtual media, and support data over IPMI, Redfish, and vendor plugins.
-
Network topology
Centralized access to MAC address tables and LLDP information across every switch through one interface.
-
Scale & availability
Group inheritance and formulaic attribute derivation, plus collective mode to span one confluent interface across servers for HA and large fleets.
Architecture¶
Management nodes run the confluentd service; clients drive it via CLI, web UI, or REST API. Compute nodes are provisioned over the management network and controlled out-of-band over the BMC network, and collective mode adds scale-out and high availability.
See the architecture overview for a tour of the components.
Security by default¶
Confluent is designed with secure default behaviors and explicit opt-in to reduced security:
- Fully validated TLS protects collective, deployment, and hardware management traffic.
- TPM2 can protect boot volumes and persist node trust across reboots in stateless environments.
- Node authentication options balance convenience against hardening for sensitive data such as the encrypted root password.
- An SSH PKI strategy enables convenient SSH without users curating their own keys or updating
known_hosts. - Secure Boot is supported for media and HTTP boot methods.
See TLS configuration, SSH design, and OS deployment security for details.
Ways to drive confluent¶
- A collection of straightforward Linux commands (
nodepower,nodeconsole,nodedeploy,nodeattrib, ...). - A command-line API browser,
confetty, that works like browsing a filesystem. - A Python client library.
- A REST API over HTTP.
Installation paths¶
There are two suggested approaches:
- Confluent directly (recommended) — best for most users, especially those without an existing xCAT installation.
- xCAT and confluent together — when you rely on an xCAT-exclusive features and want to use it alongside confluent. Start with the xCAT material under Archive.
Tip
Looking for something specific? Use the search box at the top of the page.