iPXE to use Swift Temporary URLs

iPXE to use Swift Temporary URLs


This adds support for generating Swift temporary URLs for the deploy ramdisk and kernel when booting with iPXE.

Problem description

Currently the iPXE driver requires an external HTTP server to serve the deploy ramdisk and kernel. When used with Glance, the ironic-conductor fetches the images from it and place them under the HTTP root directory, and if a rebalance happens in the hash right the new ironic-conductor taking over the node have to do the same thing, fetch the images and cache it locally to be able to manage that node.

Having an external HTTP server should not be required when Glance is used with a Swift backend, with Swift we can generate temporary URLs that can be passed to iPXE to download the images without requiring credentials.

Proposed change

The proposed implementation consists in having the iPXE driver to create a Swift tempurl for the deploy ramdisk and kernel that the node will boot as part of the config generation.

This also proposes adding a boolean configuration option under the pxe group called ipxe_use_swift. If True this will tell iPXE to not cache the images in the disk and generate the Swift tempurl for the ramdisk and kernel, if False, iPXE will continue to cache the images under the HTTP root directory. Defaults to False.

Note that in order to keep compatibility with Nova behavior, kernel/ramdisk of the user image still have to be cached in case netboot is required. Doing otherwise will make it impossible for user to reboot the instance from within when tempurls have expired or the image is deleted from Glance altogether.


Continue to use an external HTTP server and caching the images on the disk.

Data model impact


State Machine Impact


REST API impact


Client (CLI) impact


RPC API impact


Driver API impact


Nova driver impact


Ramdisk impact


Security impact

There’s a positive security impact because the Swift temporary URLs does have an expiration time and the images in the external HTTP server will be available until the instance is destroyed.

Other end user impact


Scalability impact

There is a scaling benefit to download directly from Swift since a Swift cluster can be scaled horizontally by adding new nodes.

Performance Impact


Other deployer impact


Developer impact




Primary assignee:
lucasagomes <lucasagomes@gmail.com>
Other contributors:
pshchelo <shchelokovskyy@gmail.com>

Work Items

  • Add the new ipxe_use_swift configuration option under the pxe group.
  • Get the PXE driver to generate the Swift temporary URLs as part of the configuration generation when ipxe_use_swift is True.
  • Skip caching the image on the disk when ipxe_use_swift is True.




Unittests will be added.

Upgrades and Backwards Compatibility


Documentation Impact

The iPXE documentation will be updated to reflect the changes made by this spec.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.

Ironic Specs