HTTP API¶
iPXE script¶
Serves a static iPXE boot script which gathers client machine attributes and chainloads to the iPXE endpoint. Use DHCP/TFTP to point iPXE clients to this endpoint as the next-server.
GET http://matchbox.foo/boot.ipxe
GET http://matchbox.foo/boot.ipxe.0 // for dnsmasq
Response
#!ipxe
chain ipxe?uuid=${uuid}&mac=${mac:hexhyp}&domain=${domain}&hostname=${hostname}&serial=${serial}
Client's booted with the /ipxe.boot endpoint will introspect and make a request to /ipxe with the uuid, mac, hostname, and serial value as query arguments.
iPXE¶
Finds the profile for the machine and renders the network boot config (kernel, options, initrd) as an iPXE script.
GET http://matchbox.foo/ipxe?label=value
Query parameters
| Name | Type | Description |
|---|---|---|
| uuid | string | Hardware UUID |
| mac | string | MAC address |
| * | string | Arbitrary label |
Response
#!ipxe
kernel /assets/coreos/1967.3.0/coreos_production_pxe.vmlinuz coreos.config.url=http://matchbox.foo:8080/ignition?uuid=${uuid}&mac=${mac:hexhyp} coreos.first_boot=1 coreos.autologin
initrd /assets/coreos/1967.3.0/coreos_production_pxe_image.cpio.gz
boot
GRUB2¶
Finds the profile for the machine and renders the network boot config as a GRUB config. Use DHCP/TFTP to point GRUB clients to this endpoint as the next-server.
GET http://matchbox.foo/grub?label=value
Query parameters
| Name | Type | Description |
|---|---|---|
| uuid | string | Hardware UUID |
| mac | string | MAC address |
| * | string | Arbitrary label |
Response
default=0
timeout=1
menuentry "CoreOS" {
echo "Loading kernel"
linuxefi "(http;matchbox.foo:8080)/assets/coreos/1967.3.0/coreos_production_pxe.vmlinuz" "coreos.autologin" "coreos.config.url=http://matchbox.foo:8080/ignition" "coreos.first_boot"
echo "Loading initrd"
initrdefi "(http;matchbox.foo:8080)/assets/coreos/1967.3.0/coreos_production_pxe_image.cpio.gz"
}
Cloud config¶
DEPRECATED: Finds the profile matching the machine and renders the corresponding Cloud-Config with group metadata, selectors, and query params.
GET http://matchbox.foo/cloud?label=value
Query Parameters
| Name | Type | Description |
|---|---|---|
| uuid | string | Hardware UUID |
| mac | string | MAC address |
| * | string | Arbitrary label |
Response
#cloud-config
coreos:
units:
- name: etcd2.service
command: start
- name: fleet.service
command: start
Ignition Config¶
Finds the profile matching the machine and renders the corresponding Ignition for machine consumption.
GET http://matchbox.foo/ignition?label=value
Query parameters
| Name | Type | Description |
|---|---|---|
| uuid | string | Hardware UUID |
| mac | string | MAC address |
| * | string | Arbitrary label |
Response
{
"ignition": { "version": "3.3.0" },
"systemd": {
"units": [{
"name": "example.service",
"enabled": true,
"contents": "[Service]\nType=oneshot\nExecStart=/usr/bin/echo Hello World\n\n[Install]\nWantedBy=multi-user.target"
}]
}
}
Generic config¶
Finds the profile matching the machine and renders the corresponding generic config with group metadata, selectors, and query params.
GET http://matchbox.foo/generic?label=value
Query parameters
| Name | Type | Description |
|---|---|---|
| uuid | string | Hardware UUID |
| mac | string | MAC address |
| * | string | Arbitrary label |
Response
{
“uuid”: “”,
“mac”: “52:54:00:a1:9c:ae”,
“osInstalled”: true,
“rawQuery”: “mac=52:54:00:a1:9c:ae&os=installed”
}
Metadata¶
Finds the matching machine group and renders the group metadata, selectors, and query params in an "env file" style response.
GET http://matchbox.foo/metadata?mac=52-54-00-a1-9c-ae&foo=bar&count=3&gate=true
Query Parameters
| Name | Type | Description |
|---|---|---|
| uuid | string | Hardware UUID |
| mac | string | MAC address |
| * | string | Arbitrary label |
Response
META=data
ETCD_NAME=node1
SOME_NESTED_DATA=some-value
MAC=52:54:00:a1:9c:ae
REQUEST_QUERY_MAC=52:54:00:a1:9c:ae
REQUEST_QUERY_FOO=bar
REQUEST_QUERY_COUNT=3
REQUEST_QUERY_GATE=true
REQUEST_RAW_QUERY=mac=52-54-00-a1-9c-ae&foo=bar&count=3&gate=true
OpenPGP signatures¶
OpenPGP signature endpoints serve detached binary and ASCII armored signatures of rendered configs, if enabled. See OpenPGP Signing.
| Endpoint | Signature Endpoint | ASCII Signature Endpoint |
|---|---|---|
| iPXE | http://matchbox.foo/ipxe.sig |
http://matchbox.foo/ipxe.asc |
| GRUB2 | http://bootcf.foo/grub.sig |
http://matchbox.foo/grub.asc |
| Ignition | http://matchbox.foo/ignition.sig |
http://matchbox.foo/ignition.asc |
| Cloud-Config | http://matchbox.foo/cloud.sig |
http://matchbox.foo/cloud.asc |
| Generic | http://matchbox.foo/generic.sig |
http://matchbox.foo/generic.asc |
| Metadata | http://matchbox.foo/metadata.sig |
http://matchbox.foo/metadata.asc |
Get a config and its detached ASCII armored signature.
GET http://matchbox.foo/ipxe?label=value
GET http://matchbox.foo/ipxe.asc?label=value
Response
-----BEGIN PGP SIGNATURE-----
wsBcBAEBCAAQBQJWoDHyCRCzUpbPLRRcKAAAqQ8IAGD+eC9kzc/U7h9tgwvvWwm9
suTmVSGlzC5RwTRXg6CKuW31m3WAin2b5zWRPa7MxxanYMhhBbOfrqg/4xi1tfdE
w7ipmmgftl3re0np75Jt9K1rwGXUHTCs3yooz/zvqSvNSobG13FL5tp+Jl7a22wE
+W7x9BukTytVgNLt3IDIxsJ/rAEYUm4zySftooDbFVKj/SK5w8xg4zLmE6Jxz6wp
eaMlL1TEXy3NaFR0+hgbqM/tgeV2j6pmho8yaPF63iPnksH+gdmPiwasCfpSaJyr
NO+p24BL3PHZyKw0nsrm275C913OxEVgnNZX7TQltaweW23Cd1YBNjcfb3zv+Zo=
=mqZK
-----END PGP SIGNATURE-----
Assets¶
If you need to serve static assets (e.g. kernel, initrd), matchbox can serve arbitrary assets from the -assets-path.
matchbox.foo/assets/
└── coreos
└── 1967.3.0
├── coreos_production_pxe.vmlinuz
└── coreos_production_pxe_image.cpio.gz
└── 1153.0.0
├── coreos_production_pxe.vmlinuz
└── coreos_production_pxe_image.cpio.gz