feat: pxe boot

docs/pxe.md

@@ -0,0 +1,27 @@
+# Opnsense | PXE
+
+## Setting up TFTP
+
+- Setup TFTP and network booting on DHCPv4 server
+- Create an `nginx` location to file system `/var/lib/tftpboot`
+- Create an nginx http server listening on 30080 TCP
+- Enable `dnsmasq` in the Opnsense services settings (set port to `63`)
+- Copy over `pxe.conf` to `/usr/local/etc/dnsmasq.conf.d/pxe.conf`
+- SSH into opnsense and run the following commands...
+
+```console
+$ mkdir -p /var/lib/tftpboot/pxelinux/
+$ curl https://releases.ubuntu.com/20.04/ubuntu-20.04.2-live-server-amd64.iso -o /var/lib/tftpboot/ubuntu-20.04.2-live-server-amd64.iso
+$ mount -t cd9660 /dev/`mdconfig -f /var/lib/tftpboot/ubuntu-20.04.2-live-server-amd64.iso` /mnt
+$ cp /mnt/casper/vmlinuz /var/lib/tftpboot/pxelinux/
+$ cp /mnt/casper/initrd /var/lib/tftpboot/pxelinux/
+$ umount /mnt
+$ curl http://archive.ubuntu.com/ubuntu/dists/focal/main/uefi/grub2-amd64/current/grubnetx64.efi.signed -o /var/lib/tftpboot/pxelinux/pxelinux.0
+```
+
+- Copy `grub/grub.conf` into `/var/lib/tftpboot/grub/grub.conf`
+- Copy `nodes/` into `/var/lib/tftpboot/nodes`
+
+## PXE boot on bare-metal servers
+
+Press F12 key during 15-20 seconds to enter PXE IPv4 boot option

server/pxe/grub/grub.cfg

@@ -0,0 +1,13 @@
+default=autoinstall
+timeout=5
+timeout_style=menu
+
+menuentry "Focal Live Installer - automated" --id=autoinstall {
+    configfile /nodes/$net_default_mac.conf
+}
+menuentry "Focal Live Installer" --id=install {
+    echo "Loading Kernel..."
+    linux /pxelinux/vmlinuz ip=dhcp url=http://192.168.8.1:30080/ubuntu-20.04.2-live-server-amd64.iso
+    echo "Loading Ram Disk..."
+    initrd /pxelinux/initrd
+}

server/pxe/nodes/1c:69:7a:01:28:ae.conf

@@ -0,0 +1,10 @@
+default=autoinstall
+timeout=5
+timeout_style=menu
+menuentry "k3s-worker3 Autoinstall" --id=autoinstall {
+    echo "Loading Kernel..."
+    # make sure to escape the ';'
+    linux /pxelinux/vmlinuz ip=dhcp url=http://192.168.8.1:30080/ubuntu-20.04.2-live-server-amd64.iso autoinstall ds=nocloud-net\;s=http://192.168.8.1:30080/nodes/k3s-worker1/
+    echo "Loading Ram Disk..."
+    initrd /pxelinux/initrd
+}

server/pxe/nodes/1c:69:7a:0d:0e:e9.conf

@@ -0,0 +1,10 @@
+default=autoinstall
+timeout=5
+timeout_style=menu
+menuentry "k3s-worker1 Autoinstall" --id=autoinstall {
+    echo "Loading Kernel..."
+    # make sure to escape the ';'
+    linux /pxelinux/vmlinuz ip=dhcp url=http://192.168.8.1:30080/ubuntu-20.04.2-live-server-amd64.iso autoinstall ds=nocloud-net\;s=http://192.168.8.1:30080/nodes/k3s-worker1/
+    echo "Loading Ram Disk..."
+    initrd /pxelinux/initrd
+}

server/pxe/nodes/1c:69:7a:0f:9f:ab.conf

@@ -0,0 +1,10 @@
+default=autoinstall
+timeout=5
+timeout_style=menu
+menuentry "k3s-worker2 Autoinstall" --id=autoinstall {
+    echo "Loading Kernel..."
+    # make sure to escape the ';'
+    linux /pxelinux/vmlinuz ip=dhcp url=http://192.168.8.1:30080/ubuntu-20.04.2-live-server-amd64.iso autoinstall ds=nocloud-net\;s=http://192.168.8.1:30080/nodes/k3s-worker1/
+    echo "Loading Ram Disk..."
+    initrd /pxelinux/initrd
+}

server/pxe/nodes/f4:4d:30:69:76:2d.conf

@@ -0,0 +1,10 @@
+default=autoinstall
+timeout=5
+timeout_style=menu
+menuentry "k3s-server Autoinstall" --id=autoinstall {
+    echo "Loading Kernel..."
+    # make sure to escape the ';'
+    linux /pxelinux/vmlinuz ip=dhcp url=http://192.168.8.1:30080/ubuntu-20.04.2-live-server-amd64.iso autoinstall ds=nocloud-net\;s=http://192.168.8.1:30080/nodes/k3s-server/
+    echo "Loading Ram Disk..."
+    initrd /pxelinux/initrd
+}

server/pxe/nodes/k3s-server/meta-data

@@ -0,0 +1 @@
+instance-id: focal-autoinstall

server/pxe/nodes/k3s-server/user-data

@@ -0,0 +1,89 @@
+#cloud-config
+autoinstall:
+  version: 1
+  refresh-installer:
+    update: true
+  apt:
+    geoip: true
+    preserve_sources_list: false
+    primary:
+      - arches: [amd64, i386]
+        uri: http://archive.ubuntu.com/ubuntu
+      - arches: [default]
+        uri: http://ports.ubuntu.com/ubuntu-ports
+  identity:
+    hostname: k3s-server
+    # mkpasswd --method=SHA-512 ubuntu
+    # python3 -c 'import crypt; print(crypt.crypt("ubuntu", crypt.mksalt(crypt.METHOD_SHA512)))'
+    password: $6$UKxMOUUjgoIasmuo$dgSyUpYzokiWNV7wZASBVfRXVrTQT5xmtxItqdQxfi86MI8Th/63iAcFLR97JAQXdBi0nV.pmZR.8uryF1SfG1
+    realname: Ubuntu
+    username: ubuntu
+  keyboard:
+    layout: fr
+    toggle: null
+    variant: ""
+  locale: en_US.UTF-8
+  network:
+    version: 2
+    ethernets:
+      eno1:
+        dhcp4: true
+        critical: true
+        dhcp-identifier: mac
+  ssh:
+    allow-pw: false
+    install-server: true
+    authorized-keys:
+      # claude-fixe-fedora
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINo7E0oAOzaq0XvUHkWvZSC8u1XxX8dDCq3bSyK2BCen claude@claude-fixe-fedora"
+      # claude-thinkpad-fedora
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+GMHgvbtf6f7xUMAQR+vZFfD/mIIfIDNX5iP8tDRXZ claude@claude-thinkpad-fedora"
+  storage:
+    grub:
+      reorder_uefi: false
+    swap:
+      size: 0
+    config:
+      - id: root-disk-0
+        type: disk
+        path: /dev/sda
+        wipe: superblock-recursive
+        preserve: false
+        grub_device: false
+        name: ""
+        ptable: gpt
+      - id: root-partition-0
+        type: partition
+        device: root-disk-0
+        size: 512M
+        wipe: superblock
+        flag: boot
+        number: 1
+        preserve: false
+        grub_device: true
+      - id: root-format-0
+        type: format
+        fstype: fat32
+        volume: root-partition-0
+        preserve: false
+      - id: root-partition-1
+        type: partition
+        device: root-disk-0
+        size: -1
+        wipe: superblock
+        flag: ""
+        number: 2
+        preserve: false
+      - id: root-format-1
+        type: format
+        fstype: ext4
+        volume: root-partition-1
+        preserve: false
+      - id: root-mount-0
+        type: mount
+        device: root-format-0
+        path: /boot/efi
+      - id: root-mount-1
+        type: mount
+        device: root-format-1
+        path: /

server/pxe/nodes/k3s-worker1/meta-data

@@ -0,0 +1 @@
+instance-id: focal-autoinstall

server/pxe/nodes/k3s-worker1/user-data

@@ -0,0 +1,89 @@
+#cloud-config
+autoinstall:
+  version: 1
+  refresh-installer:
+    update: true
+  apt:
+    geoip: true
+    preserve_sources_list: false
+    primary:
+      - arches: [amd64, i386]
+        uri: http://archive.ubuntu.com/ubuntu
+      - arches: [default]
+        uri: http://ports.ubuntu.com/ubuntu-ports
+  identity:
+    hostname: k3s-worker1
+    # mkpasswd --method=SHA-512 ubuntu
+    # python3 -c 'import crypt; print(crypt.crypt("ubuntu", crypt.mksalt(crypt.METHOD_SHA512)))'
+    password: $6$UKxMOUUjgoIasmuo$dgSyUpYzokiWNV7wZASBVfRXVrTQT5xmtxItqdQxfi86MI8Th/63iAcFLR97JAQXdBi0nV.pmZR.8uryF1SfG1
+    realname: Ubuntu
+    username: ubuntu
+  keyboard:
+    layout: fr
+    toggle: null
+    variant: ""
+  locale: en_US.UTF-8
+  network:
+    version: 2
+    ethernets:
+      eno1:
+        dhcp4: true
+        critical: true
+        dhcp-identifier: mac
+  ssh:
+    allow-pw: false
+    install-server: true
+    authorized-keys:
+      # claude-fixe-fedora
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINo7E0oAOzaq0XvUHkWvZSC8u1XxX8dDCq3bSyK2BCen claude@claude-fixe-fedora"
+      # claude-thinkpad-fedora
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+GMHgvbtf6f7xUMAQR+vZFfD/mIIfIDNX5iP8tDRXZ claude@claude-thinkpad-fedora"
+  storage:
+    grub:
+      reorder_uefi: false
+    swap:
+      size: 0
+    config:
+      - id: root-disk-0
+        type: disk
+        path: /dev/sda
+        wipe: superblock-recursive
+        preserve: false
+        grub_device: false
+        name: ""
+        ptable: gpt
+      - id: root-partition-0
+        type: partition
+        device: root-disk-0
+        size: 512M
+        wipe: superblock
+        flag: boot
+        number: 1
+        preserve: false
+        grub_device: true
+      - id: root-format-0
+        type: format
+        fstype: fat32
+        volume: root-partition-0
+        preserve: false
+      - id: root-partition-1
+        type: partition
+        device: root-disk-0
+        size: -1
+        wipe: superblock
+        flag: ""
+        number: 2
+        preserve: false
+      - id: root-format-1
+        type: format
+        fstype: ext4
+        volume: root-partition-1
+        preserve: false
+      - id: root-mount-0
+        type: mount
+        device: root-format-0
+        path: /boot/efi
+      - id: root-mount-1
+        type: mount
+        device: root-format-1
+        path: /

server/pxe/nodes/k3s-worker2/meta-data

@@ -0,0 +1 @@
+instance-id: focal-autoinstall

server/pxe/nodes/k3s-worker2/user-data

@@ -0,0 +1,89 @@
+#cloud-config
+autoinstall:
+  version: 1
+  refresh-installer:
+    update: true
+  apt:
+    geoip: true
+    preserve_sources_list: false
+    primary:
+      - arches: [amd64, i386]
+        uri: http://archive.ubuntu.com/ubuntu
+      - arches: [default]
+        uri: http://ports.ubuntu.com/ubuntu-ports
+  identity:
+    hostname: k3s-worker2
+    # mkpasswd --method=SHA-512 ubuntu
+    # python3 -c 'import crypt; print(crypt.crypt("ubuntu", crypt.mksalt(crypt.METHOD_SHA512)))'
+    password: $6$UKxMOUUjgoIasmuo$dgSyUpYzokiWNV7wZASBVfRXVrTQT5xmtxItqdQxfi86MI8Th/63iAcFLR97JAQXdBi0nV.pmZR.8uryF1SfG1
+    realname: Ubuntu
+    username: ubuntu
+  keyboard:
+    layout: fr
+    toggle: null
+    variant: ""
+  locale: en_US.UTF-8
+  network:
+    version: 2
+    ethernets:
+      eno1:
+        dhcp4: true
+        critical: true
+        dhcp-identifier: mac
+  ssh:
+    allow-pw: false
+    install-server: true
+    authorized-keys:
+      # claude-fixe-fedora
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINo7E0oAOzaq0XvUHkWvZSC8u1XxX8dDCq3bSyK2BCen claude@claude-fixe-fedora"
+      # claude-thinkpad-fedora
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+GMHgvbtf6f7xUMAQR+vZFfD/mIIfIDNX5iP8tDRXZ claude@claude-thinkpad-fedora"
+  storage:
+    grub:
+      reorder_uefi: false
+    swap:
+      size: 0
+    config:
+      - id: root-disk-0
+        type: disk
+        path: /dev/sda
+        wipe: superblock-recursive
+        preserve: false
+        grub_device: false
+        name: ""
+        ptable: gpt
+      - id: root-partition-0
+        type: partition
+        device: root-disk-0
+        size: 512M
+        wipe: superblock
+        flag: boot
+        number: 1
+        preserve: false
+        grub_device: true
+      - id: root-format-0
+        type: format
+        fstype: fat32
+        volume: root-partition-0
+        preserve: false
+      - id: root-partition-1
+        type: partition
+        device: root-disk-0
+        size: -1
+        wipe: superblock
+        flag: ""
+        number: 2
+        preserve: false
+      - id: root-format-1
+        type: format
+        fstype: ext4
+        volume: root-partition-1
+        preserve: false
+      - id: root-mount-0
+        type: mount
+        device: root-format-0
+        path: /boot/efi
+      - id: root-mount-1
+        type: mount
+        device: root-format-1
+        path: /

server/pxe/nodes/k3s-worker3/meta-data

@@ -0,0 +1 @@
+instance-id: focal-autoinstall

server/pxe/nodes/k3s-worker3/user-data

@@ -0,0 +1,89 @@
+#cloud-config
+autoinstall:
+  version: 1
+  refresh-installer:
+    update: true
+  apt:
+    geoip: true
+    preserve_sources_list: false
+    primary:
+      - arches: [amd64, i386]
+        uri: http://archive.ubuntu.com/ubuntu
+      - arches: [default]
+        uri: http://ports.ubuntu.com/ubuntu-ports
+  identity:
+    hostname: k3s-worker3
+    # mkpasswd --method=SHA-512 ubuntu
+    # python3 -c 'import crypt; print(crypt.crypt("ubuntu", crypt.mksalt(crypt.METHOD_SHA512)))'
+    password: $6$UKxMOUUjgoIasmuo$dgSyUpYzokiWNV7wZASBVfRXVrTQT5xmtxItqdQxfi86MI8Th/63iAcFLR97JAQXdBi0nV.pmZR.8uryF1SfG1
+    realname: Ubuntu
+    username: ubuntu
+  keyboard:
+    layout: fr
+    toggle: null
+    variant: ""
+  locale: en_US.UTF-8
+  network:
+    version: 2
+    ethernets:
+      eno1:
+        dhcp4: true
+        critical: true
+        dhcp-identifier: mac
+  ssh:
+    allow-pw: false
+    install-server: true
+    authorized-keys:
+      # claude-fixe-fedora
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINo7E0oAOzaq0XvUHkWvZSC8u1XxX8dDCq3bSyK2BCen claude@claude-fixe-fedora"
+      # claude-thinkpad-fedora
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+GMHgvbtf6f7xUMAQR+vZFfD/mIIfIDNX5iP8tDRXZ claude@claude-thinkpad-fedora"
+  storage:
+    grub:
+      reorder_uefi: false
+    swap:
+      size: 0
+    config:
+      - id: root-disk-0
+        type: disk
+        path: /dev/sda
+        wipe: superblock-recursive
+        preserve: false
+        grub_device: false
+        name: ""
+        ptable: gpt
+      - id: root-partition-0
+        type: partition
+        device: root-disk-0
+        size: 512M
+        wipe: superblock
+        flag: boot
+        number: 1
+        preserve: false
+        grub_device: true
+      - id: root-format-0
+        type: format
+        fstype: fat32
+        volume: root-partition-0
+        preserve: false
+      - id: root-partition-1
+        type: partition
+        device: root-disk-0
+        size: -1
+        wipe: superblock
+        flag: ""
+        number: 2
+        preserve: false
+      - id: root-format-1
+        type: format
+        fstype: ext4
+        volume: root-partition-1
+        preserve: false
+      - id: root-mount-0
+        type: mount
+        device: root-format-0
+        path: /boot/efi
+      - id: root-mount-1
+        type: mount
+        device: root-format-1
+        path: /

server/pxe/pxe.conf

@@ -0,0 +1,12 @@
+# enable tftp
+enable-tftp
+# set tftp root path
+tftp-root=/var/lib/tftpboot
+# disable dnsmasq dns
+port=0
+# set dns server
+dhcp-option=6,192.168.8.1
+# set router
+dhcp-option=3,192.168.8.1
+# set pxelinux boot image
+dhcp-boot=pxelinux/pxelinux.0