1) We boot a CoreOS image over PXE. IPA is built using Docker, exported as a filesystem, and runs in a linux container via systemd-nspawn. It can take config options via command line or kernel command line. The build system is here. [1]
2) It could, yes. Images are downloaded directly from Swift, and both the client and the server has 10gig links. We're also investigating multicast and bittorrent as alternatives for image distribution.
3) Not sure if you mean agent images or OS images... regardless, at Rackspace, each region runs as its own standalone cloud - so there shouldn't be any communication between data centers when provisioning. Does that answer your question?
4) We're working on implementing client certificate checking for communication between IPA and Ironic. The agents also live on an isolated VLAN that is only accessible by Ironic and Swift.
1) I am actually curious how IPA is deployed to the ramdisks. Any pointers?
2) The turn around time for provisioning is now dependent on download speed etc. When provisioning batches this could be a problem, right?
3)Did you use any kind of CDN (for image persistence) when dealing with provisioning in different availability zones?
4) Does IPA also implement SSL/Auth?