From a73f5d59f83206b4903a91c8498b84120968a19d Mon Sep 17 00:00:00 2001
From: Stonewall Jackson <stonewall@sacredheartsc.com>
Date: Sun, 19 Feb 2023 08:52:22 -0500
Subject: pxe_server: add docs

---
 roles/pxe_server/README.md                         | 55 ++++++++++++++++++++++
 roles/pxe_server/defaults/main.yml                 |  7 ++-
 .../templates/kickstart/rocky8-ks.cfg.j2           | 10 ++--
 3 files changed, 66 insertions(+), 6 deletions(-)
 create mode 100644 roles/pxe_server/README.md

(limited to 'roles/pxe_server')

diff --git a/roles/pxe_server/README.md b/roles/pxe_server/README.md
new file mode 100644
index 0000000..0f2fe60
--- /dev/null
+++ b/roles/pxe_server/README.md
@@ -0,0 +1,55 @@
+PXE Server
+==========
+
+Description
+-----------
+
+The `pxe_server` role generates TFTP boot files for PXE booting Rocky Linux. It
+downloads bootable images and generates kickstart files.
+
+It does not actually configure the TFTP server itself; I use the OPNsense
+`tftp` plugin to serve these files. You will also need an HTTP server to serve
+the kernel and initrd files (you _can_ serve these over TFTP, but it's very
+slow).
+
+Grub
+----
+
+You will need to build grub binaries and upload them to `$tftpboot/grub`. You
+can generate them on an existing Rocky Linux host.
+
+First, install the required packages:
+
+````bash
+dnf install grub2 grub2-pc grub2-efi grub2-pc-modules grub2-efi-x64-modules grub2-efi-aa64-modules
+````
+
+Then, generate the images:
+
+````bash
+  # location of the grub.cfg files within the tftp root
+  PREFIX=/grub
+  COMMON_MODULES="normal linux echo http tftp reboot configfile"
+
+  # The last arguments are the modules to "statically link" into the grub image...
+  # the alternative is to put like 50 .mod files in the tftpboot directory.
+  grub2-mkimage --format=x86_64-efi  --output=bootx64.efi  -p $PREFIX $COMMON_MODULES efinet bsd
+  grub2-mkimage --format=arm64-efi   --output=bootaa64.efi -p $PREFIX $COMMON_MODULES efinet
+  grub2-mkimage --format=i386-pc-pxe --output=booti386     -p $PREFIX $COMMON_MODULES pxe bsd
+````
+
+Variables
+---------
+
+This role **accepts** the following variables:
+
+Variable                 | Default                      | Description
+-------------------------|------------------------------|------------
+`pxe_root`               | `/tftpboot`                  | Path to store boot files
+`pxe_http_port`          | 80                           | Port of HTTP server
+`pxe_grub_prefix`        | `grub`                       | Subdirectory for grub files
+`pxe_ks_locale`          | `en_US.UTF-8`                | Kickstart locale
+`pxe_ks_authorized_keys` | `{{ root_authorized_keys }}` | Kickstart `authorized_keys` for root user
+`pxe_ks_timezone`        | `{{ timezone }}`             | Kickstart timezone
+`pxe_ks_password`        | `{{ root_password }}`        | Kickstart root password
+`pxe_ks_password_salt`   | `{{ root_password_salt }}`   | Kickstart root password salt
diff --git a/roles/pxe_server/defaults/main.yml b/roles/pxe_server/defaults/main.yml
index ce5f7dc..7128d92 100644
--- a/roles/pxe_server/defaults/main.yml
+++ b/roles/pxe_server/defaults/main.yml
@@ -1,4 +1,9 @@
 pxe_root: /tftpboot
 pxe_http_port: 80
 pxe_grub_prefix: grub
-locale: en_US.UTF-8
+
+pxe_ks_locale: en_US.UTF-8
+pxe_ks_authorized_keys: '{{ root_authorized_keys }}'
+pxe_ks_timezone: '{{ timezone }}'
+pxe_ks_password: '{{ root_password }}'
+pxe_ks_password_salt: '{{ root_password_salt }}'
diff --git a/roles/pxe_server/templates/kickstart/rocky8-ks.cfg.j2 b/roles/pxe_server/templates/kickstart/rocky8-ks.cfg.j2
index ddbb0f0..26422d3 100644
--- a/roles/pxe_server/templates/kickstart/rocky8-ks.cfg.j2
+++ b/roles/pxe_server/templates/kickstart/rocky8-ks.cfg.j2
@@ -19,11 +19,11 @@ printf 'network --bootproto=dhcp --device=%q --hostname=%q --onboot=yes --noipv6
 # if ntp-server was specified by DHCP server, use it
 if [ -n "${dhcp[ntp_servers]:-}" ]; then
   printf 'timezone %q --utc --ntpservers=%q\n' \
-    {{ timezone | quote }}                     \
+    {{ pxe_ks_timezone | quote }}              \
     "${dhcp[ntp_servers]}"                     \
     > /tmp/timezone.ks
 else
-  printf 'timezone %q --utc\n' {{ timezone | quote }} > /tmp/timezone.ks
+  printf 'timezone %q --utc\n' {{ pxe_ks_timezone | quote }} > /tmp/timezone.ks
 fi
 %end
 
@@ -38,12 +38,12 @@ reboot
 firstboot --disabled
 firewall --disabled
 keyboard --vckeymap=us
-lang {{ locale }}
-rootpw --iscrypted {{ root_password | password_hash("sha512", root_password_salt | default("")) }}
+lang {{ pxe_ks_locale }}
+rootpw --iscrypted {{ pxe_ks_password | password_hash("sha512", pxe_ks_password_salt | default("")) }}
 selinux --disabled
 skipx
 
-{% for pubkey in root_authorized_keys %}
+{% for pubkey in pxe_ks_authorized_keys %}
 sshkey --username=root "{{ pubkey }}"
 {% endfor %}
 
-- 
cgit