diff options
Diffstat (limited to 'roles/pxe_server')
| -rw-r--r-- | roles/pxe_server/README.md | 55 | ||||
| -rw-r--r-- | roles/pxe_server/defaults/main.yml | 7 | ||||
| -rw-r--r-- | roles/pxe_server/templates/kickstart/rocky8-ks.cfg.j2 | 10 |
3 files changed, 66 insertions, 6 deletions
diff --git a/roles/pxe_server/README.md b/roles/pxe_server/README.md new file mode 100644 index 0000000..0f2fe60 --- /dev/null +++ b/roles/pxe_server/README.md @@ -0,0 +1,55 @@ +PXE Server +========== + +Description +----------- + +The `pxe_server` role generates TFTP boot files for PXE booting Rocky Linux. It +downloads bootable images and generates kickstart files. + +It does not actually configure the TFTP server itself; I use the OPNsense +`tftp` plugin to serve these files. You will also need an HTTP server to serve +the kernel and initrd files (you _can_ serve these over TFTP, but it's very +slow). + +Grub +---- + +You will need to build grub binaries and upload them to `$tftpboot/grub`. You +can generate them on an existing Rocky Linux host. + +First, install the required packages: + +````bash +dnf install grub2 grub2-pc grub2-efi grub2-pc-modules grub2-efi-x64-modules grub2-efi-aa64-modules +```` + +Then, generate the images: + +````bash + # location of the grub.cfg files within the tftp root + PREFIX=/grub + COMMON_MODULES="normal linux echo http tftp reboot configfile" + + # The last arguments are the modules to "statically link" into the grub image... + # the alternative is to put like 50 .mod files in the tftpboot directory. + grub2-mkimage --format=x86_64-efi --output=bootx64.efi -p $PREFIX $COMMON_MODULES efinet bsd + grub2-mkimage --format=arm64-efi --output=bootaa64.efi -p $PREFIX $COMMON_MODULES efinet + grub2-mkimage --format=i386-pc-pxe --output=booti386 -p $PREFIX $COMMON_MODULES pxe bsd +```` + +Variables +--------- + +This role **accepts** the following variables: + +Variable | Default | Description +-------------------------|------------------------------|------------ +`pxe_root` | `/tftpboot` | Path to store boot files +`pxe_http_port` | 80 | Port of HTTP server +`pxe_grub_prefix` | `grub` | Subdirectory for grub files +`pxe_ks_locale` | `en_US.UTF-8` | Kickstart locale +`pxe_ks_authorized_keys` | `{{ root_authorized_keys }}` | Kickstart `authorized_keys` for root user +`pxe_ks_timezone` | `{{ timezone }}` | Kickstart timezone +`pxe_ks_password` | `{{ root_password }}` | Kickstart root password +`pxe_ks_password_salt` | `{{ root_password_salt }}` | Kickstart root password salt diff --git a/roles/pxe_server/defaults/main.yml b/roles/pxe_server/defaults/main.yml index ce5f7dc..7128d92 100644 --- a/roles/pxe_server/defaults/main.yml +++ b/roles/pxe_server/defaults/main.yml @@ -1,4 +1,9 @@ pxe_root: /tftpboot pxe_http_port: 80 pxe_grub_prefix: grub -locale: en_US.UTF-8 + +pxe_ks_locale: en_US.UTF-8 +pxe_ks_authorized_keys: '{{ root_authorized_keys }}' +pxe_ks_timezone: '{{ timezone }}' +pxe_ks_password: '{{ root_password }}' +pxe_ks_password_salt: '{{ root_password_salt }}' diff --git a/roles/pxe_server/templates/kickstart/rocky8-ks.cfg.j2 b/roles/pxe_server/templates/kickstart/rocky8-ks.cfg.j2 index ddbb0f0..26422d3 100644 --- a/roles/pxe_server/templates/kickstart/rocky8-ks.cfg.j2 +++ b/roles/pxe_server/templates/kickstart/rocky8-ks.cfg.j2 @@ -19,11 +19,11 @@ printf 'network --bootproto=dhcp --device=%q --hostname=%q --onboot=yes --noipv6 # if ntp-server was specified by DHCP server, use it if [ -n "${dhcp[ntp_servers]:-}" ]; then printf 'timezone %q --utc --ntpservers=%q\n' \ - {{ timezone | quote }} \ + {{ pxe_ks_timezone | quote }} \ "${dhcp[ntp_servers]}" \ > /tmp/timezone.ks else - printf 'timezone %q --utc\n' {{ timezone | quote }} > /tmp/timezone.ks + printf 'timezone %q --utc\n' {{ pxe_ks_timezone | quote }} > /tmp/timezone.ks fi %end @@ -38,12 +38,12 @@ reboot firstboot --disabled firewall --disabled keyboard --vckeymap=us -lang {{ locale }} -rootpw --iscrypted {{ root_password | password_hash("sha512", root_password_salt | default("")) }} +lang {{ pxe_ks_locale }} +rootpw --iscrypted {{ pxe_ks_password | password_hash("sha512", pxe_ks_password_salt | default("")) }} selinux --disabled skipx -{% for pubkey in root_authorized_keys %} +{% for pubkey in pxe_ks_authorized_keys %} sshkey --username=root "{{ pubkey }}" {% endfor %} |