This blueprint presents the work needed to add support for iPXE in Ironic.
As the size of our deploy ramdisk would continue to increase (Ironic Python Agent) we need a more reliable way to transfer such data via the network without relying on TFTP. The problem with TFTP is that it’s unreliable and any transmission error will result consequently in boot problems (The first T in TFTP stands for trivial).
By adding support for iPXE we would have the ability to transfer data through HTTP which is a reliable protocol.
It’s important to note that Ironic is not responsible for managing the HTTP server, just like the TFTP server, it should be configured and running on the Node that ironic-conductor was deployed.
Another important note is that the iPXE image (undionly.kpxe) used for chainloading is sent to the clients via TFTP, so we still need a TFTP server up and running, this is the only TFTP transaction in the whole process, once the client has loaded iPXE, everything happens over HTTP.
Continue to use the standard PXE and rely on the TFTP protocol to transfer the data.
While not part of work proposed by this spec, iPXE supports using the HTTPS protocol which allows encrypting all communication with the HTTP server, this patch can be considered a plumbing work for that to be implemented in the future.
To enable iPXE users would have to set the http_root, http_server and ipxe_enabled configuration options along with the tftp_root and tftp_server options.
As a future work, we can add support to be able to fetch images and configuration files directly from Glance or Swift since those are already scalable.
TFTP can be extremely slow, so fetching data over HTTP can improve the speed of transferring the images from the conductor to the Node being booted.
By default iPXE will be disabled and so should not change anything on the current flow to deploy/configure Ironic. In the future since we are moving towards having the Ironic Python Agent to be the standard provisioning method, we might want to enable iPXE by default as part of that effort.
See the “Proposed change” section.
A HTTP server up and running.
Documentation should be modified to instruct operators about how to enable and configure Ironic to use iPXE.