diff --git a/docs/files/pxe_opnsense_services_dhcpv4_network.png b/docs/files/pxe_opnsense_services_dhcpv4_network.png new file mode 100644 index 000000000..87acb1626 Binary files /dev/null and b/docs/files/pxe_opnsense_services_dhcpv4_network.png differ diff --git a/docs/files/pxe_opnsense_services_dnsmasq.png b/docs/files/pxe_opnsense_services_dnsmasq.png new file mode 100644 index 000000000..f46b6771f Binary files /dev/null and b/docs/files/pxe_opnsense_services_dnsmasq.png differ diff --git a/docs/files/pxe_opnsense_services_nginx_http_server.png b/docs/files/pxe_opnsense_services_nginx_http_server.png new file mode 100644 index 000000000..d3bd96154 Binary files /dev/null and b/docs/files/pxe_opnsense_services_nginx_http_server.png differ diff --git a/docs/files/pxe_opnsense_services_nginx_location.png b/docs/files/pxe_opnsense_services_nginx_location.png new file mode 100644 index 000000000..fdb2fcc83 Binary files /dev/null and b/docs/files/pxe_opnsense_services_nginx_location.png differ diff --git a/docs/pxe.md b/docs/pxe.md new file mode 100644 index 000000000..555b41c40 --- /dev/null +++ b/docs/pxe.md @@ -0,0 +1,27 @@ +# Opnsense | PXE + +## Setting up TFTP + +- Setup TFTP and network booting on DHCPv4 server +- Create an `nginx` location to file system `/var/lib/tftpboot` +- Create an nginx http server listening on 30080 TCP +- Enable `dnsmasq` in the Opnsense services settings (set port to `63`) +- Copy over `pxe.conf` to `/usr/local/etc/dnsmasq.conf.d/pxe.conf` +- SSH into opnsense and run the following commands... + +```console +$ mkdir -p /var/lib/tftpboot/pxelinux/ +$ curl https://releases.ubuntu.com/20.04/ubuntu-20.04.2-live-server-amd64.iso -o /var/lib/tftpboot/ubuntu-20.04.2-live-server-amd64.iso +$ mount -t cd9660 /dev/`mdconfig -f /var/lib/tftpboot/ubuntu-20.04.2-live-server-amd64.iso` /mnt +$ cp /mnt/casper/vmlinuz /var/lib/tftpboot/pxelinux/ +$ cp /mnt/casper/initrd /var/lib/tftpboot/pxelinux/ +$ umount /mnt +$ curl http://archive.ubuntu.com/ubuntu/dists/focal/main/uefi/grub2-amd64/current/grubnetx64.efi.signed -o /var/lib/tftpboot/pxelinux/pxelinux.0 +``` + +- Copy `grub/grub.conf` into `/var/lib/tftpboot/grub/grub.conf` +- Copy `nodes/` into `/var/lib/tftpboot/nodes` + +## PXE boot on bare-metal servers + +Press F12 key during 15-20 seconds to enter PXE IPv4 boot option diff --git a/server/pxe/grub/grub.cfg b/server/pxe/grub/grub.cfg new file mode 100644 index 000000000..fe2242d28 --- /dev/null +++ b/server/pxe/grub/grub.cfg @@ -0,0 +1,13 @@ +default=autoinstall +timeout=5 +timeout_style=menu + +menuentry "Focal Live Installer - automated" --id=autoinstall { + configfile /nodes/$net_default_mac.conf +} +menuentry "Focal Live Installer" --id=install { + echo "Loading Kernel..." + linux /pxelinux/vmlinuz ip=dhcp url=http://192.168.8.1:30080/ubuntu-20.04.2-live-server-amd64.iso + echo "Loading Ram Disk..." + initrd /pxelinux/initrd +} \ No newline at end of file diff --git a/server/pxe/nodes/1c:69:7a:01:28:ae.conf b/server/pxe/nodes/1c:69:7a:01:28:ae.conf new file mode 100644 index 000000000..94ac812b6 --- /dev/null +++ b/server/pxe/nodes/1c:69:7a:01:28:ae.conf @@ -0,0 +1,10 @@ +default=autoinstall +timeout=5 +timeout_style=menu +menuentry "k3s-worker3 Autoinstall" --id=autoinstall { + echo "Loading Kernel..." + # make sure to escape the ';' + linux /pxelinux/vmlinuz ip=dhcp url=http://192.168.8.1:30080/ubuntu-20.04.2-live-server-amd64.iso autoinstall ds=nocloud-net\;s=http://192.168.8.1:30080/nodes/k3s-worker1/ + echo "Loading Ram Disk..." + initrd /pxelinux/initrd +} \ No newline at end of file diff --git a/server/pxe/nodes/1c:69:7a:0d:0e:e9.conf b/server/pxe/nodes/1c:69:7a:0d:0e:e9.conf new file mode 100644 index 000000000..6a6163530 --- /dev/null +++ b/server/pxe/nodes/1c:69:7a:0d:0e:e9.conf @@ -0,0 +1,10 @@ +default=autoinstall +timeout=5 +timeout_style=menu +menuentry "k3s-worker1 Autoinstall" --id=autoinstall { + echo "Loading Kernel..." + # make sure to escape the ';' + linux /pxelinux/vmlinuz ip=dhcp url=http://192.168.8.1:30080/ubuntu-20.04.2-live-server-amd64.iso autoinstall ds=nocloud-net\;s=http://192.168.8.1:30080/nodes/k3s-worker1/ + echo "Loading Ram Disk..." + initrd /pxelinux/initrd +} \ No newline at end of file diff --git a/server/pxe/nodes/1c:69:7a:0f:9f:ab.conf b/server/pxe/nodes/1c:69:7a:0f:9f:ab.conf new file mode 100644 index 000000000..b4319bffb --- /dev/null +++ b/server/pxe/nodes/1c:69:7a:0f:9f:ab.conf @@ -0,0 +1,10 @@ +default=autoinstall +timeout=5 +timeout_style=menu +menuentry "k3s-worker2 Autoinstall" --id=autoinstall { + echo "Loading Kernel..." + # make sure to escape the ';' + linux /pxelinux/vmlinuz ip=dhcp url=http://192.168.8.1:30080/ubuntu-20.04.2-live-server-amd64.iso autoinstall ds=nocloud-net\;s=http://192.168.8.1:30080/nodes/k3s-worker1/ + echo "Loading Ram Disk..." + initrd /pxelinux/initrd +} \ No newline at end of file diff --git a/server/pxe/nodes/f4:4d:30:69:76:2d.conf b/server/pxe/nodes/f4:4d:30:69:76:2d.conf new file mode 100644 index 000000000..5944ba9e3 --- /dev/null +++ b/server/pxe/nodes/f4:4d:30:69:76:2d.conf @@ -0,0 +1,10 @@ +default=autoinstall +timeout=5 +timeout_style=menu +menuentry "k3s-server Autoinstall" --id=autoinstall { + echo "Loading Kernel..." + # make sure to escape the ';' + linux /pxelinux/vmlinuz ip=dhcp url=http://192.168.8.1:30080/ubuntu-20.04.2-live-server-amd64.iso autoinstall ds=nocloud-net\;s=http://192.168.8.1:30080/nodes/k3s-server/ + echo "Loading Ram Disk..." + initrd /pxelinux/initrd +} \ No newline at end of file diff --git a/server/pxe/nodes/k3s-server/meta-data b/server/pxe/nodes/k3s-server/meta-data new file mode 100644 index 000000000..49d3dd102 --- /dev/null +++ b/server/pxe/nodes/k3s-server/meta-data @@ -0,0 +1 @@ +instance-id: focal-autoinstall \ No newline at end of file diff --git a/server/pxe/nodes/k3s-server/user-data b/server/pxe/nodes/k3s-server/user-data new file mode 100644 index 000000000..85fa3078a --- /dev/null +++ b/server/pxe/nodes/k3s-server/user-data @@ -0,0 +1,89 @@ +#cloud-config +autoinstall: + version: 1 + refresh-installer: + update: true + apt: + geoip: true + preserve_sources_list: false + primary: + - arches: [amd64, i386] + uri: http://archive.ubuntu.com/ubuntu + - arches: [default] + uri: http://ports.ubuntu.com/ubuntu-ports + identity: + hostname: k3s-server + # mkpasswd --method=SHA-512 ubuntu + # python3 -c 'import crypt; print(crypt.crypt("ubuntu", crypt.mksalt(crypt.METHOD_SHA512)))' + password: $6$UKxMOUUjgoIasmuo$dgSyUpYzokiWNV7wZASBVfRXVrTQT5xmtxItqdQxfi86MI8Th/63iAcFLR97JAQXdBi0nV.pmZR.8uryF1SfG1 + realname: Ubuntu + username: ubuntu + keyboard: + layout: fr + toggle: null + variant: "" + locale: en_US.UTF-8 + network: + version: 2 + ethernets: + eno1: + dhcp4: true + critical: true + dhcp-identifier: mac + ssh: + allow-pw: false + install-server: true + authorized-keys: + # claude-fixe-fedora + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINo7E0oAOzaq0XvUHkWvZSC8u1XxX8dDCq3bSyK2BCen claude@claude-fixe-fedora" + # claude-thinkpad-fedora + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+GMHgvbtf6f7xUMAQR+vZFfD/mIIfIDNX5iP8tDRXZ claude@claude-thinkpad-fedora" + storage: + grub: + reorder_uefi: false + swap: + size: 0 + config: + - id: root-disk-0 + type: disk + path: /dev/sda + wipe: superblock-recursive + preserve: false + grub_device: false + name: "" + ptable: gpt + - id: root-partition-0 + type: partition + device: root-disk-0 + size: 512M + wipe: superblock + flag: boot + number: 1 + preserve: false + grub_device: true + - id: root-format-0 + type: format + fstype: fat32 + volume: root-partition-0 + preserve: false + - id: root-partition-1 + type: partition + device: root-disk-0 + size: -1 + wipe: superblock + flag: "" + number: 2 + preserve: false + - id: root-format-1 + type: format + fstype: ext4 + volume: root-partition-1 + preserve: false + - id: root-mount-0 + type: mount + device: root-format-0 + path: /boot/efi + - id: root-mount-1 + type: mount + device: root-format-1 + path: / diff --git a/server/pxe/nodes/k3s-worker1/meta-data b/server/pxe/nodes/k3s-worker1/meta-data new file mode 100644 index 000000000..49d3dd102 --- /dev/null +++ b/server/pxe/nodes/k3s-worker1/meta-data @@ -0,0 +1 @@ +instance-id: focal-autoinstall \ No newline at end of file diff --git a/server/pxe/nodes/k3s-worker1/user-data b/server/pxe/nodes/k3s-worker1/user-data new file mode 100644 index 000000000..579b5950b --- /dev/null +++ b/server/pxe/nodes/k3s-worker1/user-data @@ -0,0 +1,89 @@ +#cloud-config +autoinstall: + version: 1 + refresh-installer: + update: true + apt: + geoip: true + preserve_sources_list: false + primary: + - arches: [amd64, i386] + uri: http://archive.ubuntu.com/ubuntu + - arches: [default] + uri: http://ports.ubuntu.com/ubuntu-ports + identity: + hostname: k3s-worker1 + # mkpasswd --method=SHA-512 ubuntu + # python3 -c 'import crypt; print(crypt.crypt("ubuntu", crypt.mksalt(crypt.METHOD_SHA512)))' + password: $6$UKxMOUUjgoIasmuo$dgSyUpYzokiWNV7wZASBVfRXVrTQT5xmtxItqdQxfi86MI8Th/63iAcFLR97JAQXdBi0nV.pmZR.8uryF1SfG1 + realname: Ubuntu + username: ubuntu + keyboard: + layout: fr + toggle: null + variant: "" + locale: en_US.UTF-8 + network: + version: 2 + ethernets: + eno1: + dhcp4: true + critical: true + dhcp-identifier: mac + ssh: + allow-pw: false + install-server: true + authorized-keys: + # claude-fixe-fedora + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINo7E0oAOzaq0XvUHkWvZSC8u1XxX8dDCq3bSyK2BCen claude@claude-fixe-fedora" + # claude-thinkpad-fedora + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+GMHgvbtf6f7xUMAQR+vZFfD/mIIfIDNX5iP8tDRXZ claude@claude-thinkpad-fedora" + storage: + grub: + reorder_uefi: false + swap: + size: 0 + config: + - id: root-disk-0 + type: disk + path: /dev/sda + wipe: superblock-recursive + preserve: false + grub_device: false + name: "" + ptable: gpt + - id: root-partition-0 + type: partition + device: root-disk-0 + size: 512M + wipe: superblock + flag: boot + number: 1 + preserve: false + grub_device: true + - id: root-format-0 + type: format + fstype: fat32 + volume: root-partition-0 + preserve: false + - id: root-partition-1 + type: partition + device: root-disk-0 + size: -1 + wipe: superblock + flag: "" + number: 2 + preserve: false + - id: root-format-1 + type: format + fstype: ext4 + volume: root-partition-1 + preserve: false + - id: root-mount-0 + type: mount + device: root-format-0 + path: /boot/efi + - id: root-mount-1 + type: mount + device: root-format-1 + path: / diff --git a/server/pxe/nodes/k3s-worker2/meta-data b/server/pxe/nodes/k3s-worker2/meta-data new file mode 100644 index 000000000..49d3dd102 --- /dev/null +++ b/server/pxe/nodes/k3s-worker2/meta-data @@ -0,0 +1 @@ +instance-id: focal-autoinstall \ No newline at end of file diff --git a/server/pxe/nodes/k3s-worker2/user-data b/server/pxe/nodes/k3s-worker2/user-data new file mode 100644 index 000000000..db326dea8 --- /dev/null +++ b/server/pxe/nodes/k3s-worker2/user-data @@ -0,0 +1,89 @@ +#cloud-config +autoinstall: + version: 1 + refresh-installer: + update: true + apt: + geoip: true + preserve_sources_list: false + primary: + - arches: [amd64, i386] + uri: http://archive.ubuntu.com/ubuntu + - arches: [default] + uri: http://ports.ubuntu.com/ubuntu-ports + identity: + hostname: k3s-worker2 + # mkpasswd --method=SHA-512 ubuntu + # python3 -c 'import crypt; print(crypt.crypt("ubuntu", crypt.mksalt(crypt.METHOD_SHA512)))' + password: $6$UKxMOUUjgoIasmuo$dgSyUpYzokiWNV7wZASBVfRXVrTQT5xmtxItqdQxfi86MI8Th/63iAcFLR97JAQXdBi0nV.pmZR.8uryF1SfG1 + realname: Ubuntu + username: ubuntu + keyboard: + layout: fr + toggle: null + variant: "" + locale: en_US.UTF-8 + network: + version: 2 + ethernets: + eno1: + dhcp4: true + critical: true + dhcp-identifier: mac + ssh: + allow-pw: false + install-server: true + authorized-keys: + # claude-fixe-fedora + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINo7E0oAOzaq0XvUHkWvZSC8u1XxX8dDCq3bSyK2BCen claude@claude-fixe-fedora" + # claude-thinkpad-fedora + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+GMHgvbtf6f7xUMAQR+vZFfD/mIIfIDNX5iP8tDRXZ claude@claude-thinkpad-fedora" + storage: + grub: + reorder_uefi: false + swap: + size: 0 + config: + - id: root-disk-0 + type: disk + path: /dev/sda + wipe: superblock-recursive + preserve: false + grub_device: false + name: "" + ptable: gpt + - id: root-partition-0 + type: partition + device: root-disk-0 + size: 512M + wipe: superblock + flag: boot + number: 1 + preserve: false + grub_device: true + - id: root-format-0 + type: format + fstype: fat32 + volume: root-partition-0 + preserve: false + - id: root-partition-1 + type: partition + device: root-disk-0 + size: -1 + wipe: superblock + flag: "" + number: 2 + preserve: false + - id: root-format-1 + type: format + fstype: ext4 + volume: root-partition-1 + preserve: false + - id: root-mount-0 + type: mount + device: root-format-0 + path: /boot/efi + - id: root-mount-1 + type: mount + device: root-format-1 + path: / diff --git a/server/pxe/nodes/k3s-worker3/meta-data b/server/pxe/nodes/k3s-worker3/meta-data new file mode 100644 index 000000000..49d3dd102 --- /dev/null +++ b/server/pxe/nodes/k3s-worker3/meta-data @@ -0,0 +1 @@ +instance-id: focal-autoinstall \ No newline at end of file diff --git a/server/pxe/nodes/k3s-worker3/user-data b/server/pxe/nodes/k3s-worker3/user-data new file mode 100644 index 000000000..d43caa009 --- /dev/null +++ b/server/pxe/nodes/k3s-worker3/user-data @@ -0,0 +1,89 @@ +#cloud-config +autoinstall: + version: 1 + refresh-installer: + update: true + apt: + geoip: true + preserve_sources_list: false + primary: + - arches: [amd64, i386] + uri: http://archive.ubuntu.com/ubuntu + - arches: [default] + uri: http://ports.ubuntu.com/ubuntu-ports + identity: + hostname: k3s-worker3 + # mkpasswd --method=SHA-512 ubuntu + # python3 -c 'import crypt; print(crypt.crypt("ubuntu", crypt.mksalt(crypt.METHOD_SHA512)))' + password: $6$UKxMOUUjgoIasmuo$dgSyUpYzokiWNV7wZASBVfRXVrTQT5xmtxItqdQxfi86MI8Th/63iAcFLR97JAQXdBi0nV.pmZR.8uryF1SfG1 + realname: Ubuntu + username: ubuntu + keyboard: + layout: fr + toggle: null + variant: "" + locale: en_US.UTF-8 + network: + version: 2 + ethernets: + eno1: + dhcp4: true + critical: true + dhcp-identifier: mac + ssh: + allow-pw: false + install-server: true + authorized-keys: + # claude-fixe-fedora + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINo7E0oAOzaq0XvUHkWvZSC8u1XxX8dDCq3bSyK2BCen claude@claude-fixe-fedora" + # claude-thinkpad-fedora + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+GMHgvbtf6f7xUMAQR+vZFfD/mIIfIDNX5iP8tDRXZ claude@claude-thinkpad-fedora" + storage: + grub: + reorder_uefi: false + swap: + size: 0 + config: + - id: root-disk-0 + type: disk + path: /dev/sda + wipe: superblock-recursive + preserve: false + grub_device: false + name: "" + ptable: gpt + - id: root-partition-0 + type: partition + device: root-disk-0 + size: 512M + wipe: superblock + flag: boot + number: 1 + preserve: false + grub_device: true + - id: root-format-0 + type: format + fstype: fat32 + volume: root-partition-0 + preserve: false + - id: root-partition-1 + type: partition + device: root-disk-0 + size: -1 + wipe: superblock + flag: "" + number: 2 + preserve: false + - id: root-format-1 + type: format + fstype: ext4 + volume: root-partition-1 + preserve: false + - id: root-mount-0 + type: mount + device: root-format-0 + path: /boot/efi + - id: root-mount-1 + type: mount + device: root-format-1 + path: / diff --git a/server/pxe/pxe.conf b/server/pxe/pxe.conf new file mode 100644 index 000000000..59b432a58 --- /dev/null +++ b/server/pxe/pxe.conf @@ -0,0 +1,12 @@ +# enable tftp +enable-tftp +# set tftp root path +tftp-root=/var/lib/tftpboot +# disable dnsmasq dns +port=0 +# set dns server +dhcp-option=6,192.168.8.1 +# set router +dhcp-option=3,192.168.8.1 +# set pxelinux boot image +dhcp-boot=pxelinux/pxelinux.0 \ No newline at end of file