iPXE boot¶
https://blueprints.launchpad.net/ironic/+spec/ipxe-boot
This blueprint presents the work needed to add support for iPXE in Ironic.
Problem description¶
As the size of our deploy ramdisk would continue to increase (Ironic Python Agent) we need a more reliable way to transfer such data via the network without relying on TFTP. The problem with TFTP is that it’s unreliable and any transmission error will result consequently in boot problems (The first T in TFTP stands for trivial).
Proposed change¶
By adding support for iPXE we would have the ability to transfer data through HTTP which is a reliable protocol.
- New config options:
ipxe_enabled: Whether iPXE is enabled or not.
ipxe_boot_script: The path to the main iPXE script file.
http_server: The IP address of the HTTP server.
http_root: The HTTP root path.
When generating the PXE configuration file the kernel and initrd parameters should contain the HTTP URL for the files and not the TFTP path.
All the configuration files, ramdisks and kernels will now be put in the HTTP directory instead of the TFTP directory.
The pxe_bootfile_name config option should point to the iPXE image (undionly.kpxe).
A configuration template for iPXE.
The pxe_config_template config option should point to the iPXE configuration template.
An iPXE script file (ipxe_boot_script config option) which is the file fetched by the client after it has loaded the iPXE image, and from there the script will load the MAC-specific iPXE configuration file for that request.
When passing the DHCP boot options to Neutron we also have to pass the HTTP link pointing to the iPXE script file.
It’s important to note that Ironic is not responsible for managing the HTTP server, just like the TFTP server, it should be configured and running on the Node that ironic-conductor was deployed.
Another important note is that the iPXE image (undionly.kpxe) used for chainloading is sent to the clients via TFTP, so we still need a TFTP server up and running, this is the only TFTP transaction in the whole process, once the client has loaded iPXE, everything happens over HTTP.
Alternatives¶
Continue to use the standard PXE and rely on the TFTP protocol to transfer the data.
Data model impact¶
None
REST API impact¶
None
Driver API impact¶
None
Nova driver impact¶
None
Security impact¶
While not part of work proposed by this spec, iPXE supports using the HTTPS protocol which allows encrypting all communication with the HTTP server, this patch can be considered a plumbing work for that to be implemented in the future.
Other end user impact¶
To enable iPXE users would have to set the http_root, http_server and ipxe_enabled configuration options along with the tftp_root and tftp_server options.
Scalability impact¶
As a future work, we can add support to be able to fetch images and configuration files directly from Glance or Swift since those are already scalable.
Performance Impact¶
TFTP can be extremely slow, so fetching data over HTTP can improve the speed of transferring the images from the conductor to the Node being booted.
Other deployer impact¶
- New config options:
ipxe_enabled: Whether iPXE is enabled or not.
ipxe_boot_script: The path to the main iPXE script file.
http_server: The IP address of the HTTP server.
http_root: The HTTP root path.
By default iPXE will be disabled and so should not change anything on the current flow to deploy/configure Ironic. In the future since we are moving towards having the Ironic Python Agent to be the standard provisioning method, we might want to enable iPXE by default as part of that effort.
Developer impact¶
None
Implementation¶
Assignee(s)¶
- Primary assignee:
lucasagomes
- Other contributors:
None
Work Items¶
See the “Proposed change” section.
Dependencies¶
A HTTP server up and running.
Testing¶
Unit tests.
Add support to DevStack to be able to configure Ironic to use iPXE.
Documentation Impact¶
Documentation should be modified to instruct operators about how to enable and configure Ironic to use iPXE.
References¶
None
