There are a number of internal URLs MAAS uses during commissioning and deployment which are useful to access when debugging. This document describes what they are and how to access them.
All bootloaders, images, kernels, and initrds found in /var/lib/maas/boot-resources/current on the rack controller are available over both HTTP and TFTP. Directory listing is enabled over HTTP
Bootloader configuration files
All bootloader configuration files are available over TFTP and are generated dynamically by the rack controller. The default configuration is used during enlistment. For any other state the MAC address must be included in the request.
PXELinux i386, AMD64
tftp://$RACK/pxelinux.cfg/default # MAC is delaminated with a '-' e.g 52-54-00-20-b1-01 tftp://$RACK/pxelinux.cfg/01-$MAC
GRUB UEFI AMD64, ARM64
tftp://$RACK/grub/grub.cfg-default-amd64 # MAC is delaminated with a ':' e.g 52:54:00:dd:d1:50 tftp://$RACK/grub/grub.cfg-$MAC
tftp://$RACK/ppc64el/pxelinux.cfg/default # MAC is delaminated with a '-' e.g 52-54-00-20-b1-01 tftp://$RACK/ppc64el/pxelinux.cfg/01-$MAC
MAAS implements a subset of the EC2 metadata service to provide machines with data such as hostname, SSH keys, and user data to be run. Only a subset of data can be accessed anonymously, most data requires OAUTH1 credentials.
Accessing the metadata server
As of MAAS 2.5 each rack controller runs an nginx HTTP proxy service which allows machines to only have to interact with the rack controller.
Metadata directly from the region
Metadata through the nginx proxy
The preseed contains the initial configuration for cloud-init to configure the system. Two URLs are available, one during enlistment and another used by all other environments.
The userdata contains scripts and other configuration data which is run by cloud-init. MAAS creates userdata by starting with a template and adding additional required data. These templates can be found in
The data is then base64 encoded and returned to the client.
Enlistment userdata can be access anonymously
Userdata for all other ephemeral environments
This method requires OAUTH1 credentials