Browse Source

Initial commit

master
James Harmison 1 year ago
commit
e93bc1720b
  1. 2
      .gitignore
  2. 17
      defaults/main.yml
  3. 25
      files/efi.h
  4. 38
      files/harmroute.crt
  5. 19
      files/pxe_inv.ipxe
  6. 31
      files/undionly.h
  7. 6
      handlers/main.yml
  8. 59
      tasks/build_ipxe.yml
  9. 25
      tasks/configure_tftp.yml
  10. 32
      tasks/main.yml
  11. 12
      tasks/temp_directory.yml

2
.gitignore

@ -0,0 +1,2 @@
tags

17
defaults/main.yml

@ -0,0 +1,17 @@
---
ipxe_repo: https://github.com/ipxe/ipxe
make_targets:
- bin/undionly.kpxe
- bin/ipxe.usb
- bin-x86_64-efi/ipxe.efi
- bin-i386-efi/ipxe.efi
make_config:
bin/undionly.kpxe: undionly
bin/ipxe.usb: efi
bin-x86_64-efi/ipxe.efi: efi
bin-i386-efi/ipxe.efi: efi
rebuild_ipxe: false

25
files/efi.h

@ -0,0 +1,25 @@
#define DOWNLOAD_PROTO_HTTPS /* Secure Hypertext Transfer Protocol */
#define DOWNLOAD_PROTO_NFS /* Network File System Protocol */
#define SANBOOT_PROTO_ISCSI /* iSCSI protocol */
#define SANBOOT_PROTO_IB_SRP /* Infiniband SCSI RDMA protocol */
#define SANBOOT_PROTO_FCP /* Fibre Channel protocol */
#define SANBOOT_PROTO_HTTP /* HTTP SAN protocol */
#undef CRYPTO_80211_WEP /* WEP encryption (deprecated and insecure!) */
#define NSLOOKUP_CMD /* DNS resolving command */
#define TIME_CMD /* Time commands */
#define DIGEST_CMD /* Image crypto digest commands */
#define LOTEST_CMD /* Loopback testing commands */
#define VLAN_CMD /* VLAN commands */
#define REBOOT_CMD /* Reboot command */
#define POWEROFF_CMD /* Power off command */
#define IMAGE_TRUST_CMD /* Image trust management commands */
#define PCI_CMD /* PCI commands */
#define PARAM_CMD /* Form parameter commands */
#define PING_CMD /* Ping command */
#define IPSTAT_CMD /* IP statistics commands */
#define PROFSTAT_CMD /* Profiling commands */
#define NTP_CMD /* NTP commands */
#define CERT_CMD /* Certificate management commands */

38
files/harmroute.crt

@ -0,0 +1,38 @@
-----BEGIN CERTIFICATE-----
MIIGlTCCBH2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMCVVMx
EDAOBgNVBAgTB0dlb3JnaWExEDAOBgNVBAcTB0F1Z3VzdGExHTAbBgNVBAoTFHNv
bGFjZSBsb3N0IHNlY3VyaXR5MSIwIAYJKoZIhvcNAQkBFhNqaGFybWlzb25AZ21h
aWwuY29tMRgwFgYDVQQDEw9IYXJtaXNvbiBSb3V0ZXIwHhcNMTgwNjEzMDI0MTAz
WhcNMjgwNjEwMDI0MTAzWjCBjjELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0dlb3Jn
aWExEDAOBgNVBAcTB0F1Z3VzdGExHTAbBgNVBAoTFHNvbGFjZSBsb3N0IHNlY3Vy
aXR5MSIwIAYJKoZIhvcNAQkBFhNqaGFybWlzb25AZ21haWwuY29tMRgwFgYDVQQD
Ew9IYXJtaXNvbiBSb3V0ZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQDUBl7YNs9izst49VdILIBOwLc+SssfMHhf3MMFmkWSQFEiH3kQEyVYGKpTPQCx
C1gIGN+ox4kax/IAM0h6DUfL7D2V/DbcVKn9yLEhFo/1LJRCouhDpFJ9A3ivzqfp
wix2VGNy6tyCJ4Q9NfWSM93pStHsS/AeE8e1X10b/IOqvRPtQBflRb0Rt5CL6XPC
EqsLskK9SUGDkpFAdUmEvyFxceC7vHVjDKvg7fjmKsmfZqd0skGnwjIPhW63e2+2
pQaJheXmoRKOUXnifHkFWhRJhqCGyYlx76VxwkR39gu93bRgceLydXawWmMu/oY6
PHHk6evrvUOc0aKkU0lTC41RD1tUybMPlCAozCQc94nM7IiVe21Pw7C/txrYLobt
5CDJS66+J4pAC7PPu178nHjKTOFVDp7RwLkOBUaJCfeK3asxI3P8z7jM6YQ1bUkt
BebQJbigtl4PAO+CXyJ6Rxqn8p2Q9P8uuRU7DKVWVlUw4oSoOdTqWYbssLFnqAg1
JZdeyGswzZDDkcN3eQr2idegI71FAFwLV2V6FGf0qn/8gbjStIiyQkB2V1wgUQHb
ZsjiR0Uap0nCFFpKc7DSYzltIohgdvkV4DnmcexmM2pFeuajuVj4f8WAmclupWsQ
j2Pgog9NGMj2A+O0Q23ahZI+14fUkqZODBaQ4leAynZffQIDAQABo4H7MIH4MB0G
A1UdDgQWBBQGNS4MV66cpqJfcoyXfXecRNFBQTCBuwYDVR0jBIGzMIGwgBQGNS4M
V66cpqJfcoyXfXecRNFBQaGBlKSBkTCBjjELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
B0dlb3JnaWExEDAOBgNVBAcTB0F1Z3VzdGExHTAbBgNVBAoTFHNvbGFjZSBsb3N0
IHNlY3VyaXR5MSIwIAYJKoZIhvcNAQkBFhNqaGFybWlzb25AZ21haWwuY29tMRgw
FgYDVQQDEw9IYXJtaXNvbiBSb3V0ZXKCAQAwDAYDVR0TBAUwAwEB/zALBgNVHQ8E
BAMCAQYwDQYJKoZIhvcNAQELBQADggIBAAURqr1Po+tWVnEMwH/dafi4/SxRsgo7
kx+XJGuiiemGUn8CJeBN35CoEP4bgZuLWKNasKV2SrPh7P8slLVnl2lSWNOs+3pg
/HFM+JdyCIwfMLlJE7GxJ//PCSynQIYC/zn4rStLvh7EmvtIvp2Vdgl+kqxnYk/d
mOwU5NYwpKoTAbPydTUb3cDQF5OsUYprD3sNoNRA+hhxHorT9uv51tVNDwitCK+g
XiJywCYgqhc+4Xue//lN/QzcUdECPXZrM41Ex4MxeSgUOVVbh/Nk/0JftYVPnshq
boScry5XXuXyj3nJl0vZzI+kXNOmWE7GaWRhivnzzQ8k/zSjLKAk479HjskphdqK
PMkLyORua5HQjB5SAGFRWSYQlUVq7KuaPxtkahmEFNyEvPF7TpdHWTgIKZxiLUGm
gJH25UBZfm02vwaquM3uaemDPTgghKoW6+gwHjuXmr7AhvgBP2y77BFg2668GT1I
Q9atu3Ev1z8+hNQ2nXsx0gksFkwt89KEiIbEwnc/qv3m7IzBhV+jSVuExNrh6ObV
lfW1nIt1rARF25YCp7FZwcVp1QPllz4S2MI54gAnI3gnnR9bNQol2vF0NSFVesNx
1U201Z2wjlw5cb2xT/fEslqmrSrhxawUXyYsCN1hTNwnQiFpsW8UaFsFDJJdjA7w
epmW5U8YK4yf
-----END CERTIFICATE-----

19
files/pxe_inv.ipxe

@ -0,0 +1,19 @@
#!ipxe
prompt --timeout 3000 Press a key to enter shell, or wait for PXE boot. || goto gopxe
shell
:gopxe
# Try to get DHCP ten times
set i:int32 0
:retry iseq ${i} 10 && goto giveup ||
inc i
sleep 1
dhcp && goto inv_get || goto retry
:giveup
shell
:inv_get
cpuid --ext 29 && set arch x86_64 || set arch i386
chain https://pxe.jharmison.com/boot?mfr=${manufacturer:uristring}&model=${product:uristring}&sn=${serial:uristring}&mac=${mac:uristring}&uuid=${uuid:uristring}&busid=${busid:uristring}&filename=${filename:uristring}&arch=${arch:uristring} || shell

31
files/undionly.h

@ -0,0 +1,31 @@
#define DOWNLOAD_PROTO_HTTPS /* Secure Hypertext Transfer Protocol */
#define DOWNLOAD_PROTO_NFS /* Network File System Protocol */
#define SANBOOT_PROTO_ISCSI /* iSCSI protocol */
#define SANBOOT_PROTO_IB_SRP /* Infiniband SCSI RDMA protocol */
#define SANBOOT_PROTO_FCP /* Fibre Channel protocol */
#define SANBOOT_PROTO_HTTP /* HTTP SAN protocol */
#undef CRYPTO_80211_WEP /* WEP encryption (deprecated and insecure!) */
#define IMAGE_PXE /* PXE image support */
#define IMAGE_SCRIPT /* iPXE script image support */
#define IMAGE_BZIMAGE /* Linux bzImage image support */
#define IMAGE_COMBOOT /* SYSLINUX COMBOOT image support */
#define PXE_CMD /* PXE commands */
#define NSLOOKUP_CMD /* DNS resolving command */
#define TIME_CMD /* Time commands */
#define DIGEST_CMD /* Image crypto digest commands */
#define LOTEST_CMD /* Loopback testing commands */
#define VLAN_CMD /* VLAN commands */
#define REBOOT_CMD /* Reboot command */
#define POWEROFF_CMD /* Power off command */
#define IMAGE_TRUST_CMD /* Image trust management commands */
#define PCI_CMD /* PCI commands */
#define PARAM_CMD /* Form parameter commands */
#define PING_CMD /* Ping command */
#define IPSTAT_CMD /* IP statistics commands */
#define PROFSTAT_CMD /* Profiling commands */
#define NTP_CMD /* NTP commands */
#define CERT_CMD /* Certificate management commands */

6
handlers/main.yml

@ -0,0 +1,6 @@
---
- name: remove temp
file:
path: '{{ ipxe_temp.path }}'
state: absent

59
tasks/build_ipxe.yml

@ -0,0 +1,59 @@
---
- name: Install prerequisites for compilation
dnf:
state: installed
name:
- xz-devel
become: yes
delegate_to: localhost
- name: Get the latest ipxe sources
git:
repo: '{{ ipxe_repo }}'
dest: '{{ tmp_dir }}/ipxe'
delegate_to: localhost
- name: Clean the repository of artifacts
shell: |
git clean -fx
git reset HEAD --hard
args:
chdir: '{{ tmp_dir }}/ipxe'
delegate_to: localhost
- name: Create iPXE folders for our targets
file:
state: directory
path: '{{ tmp_dir }}/ipxe/src/config/local/{{ item }}'
loop:
- efi
- undionly
delegate_to: localhost
- name: Drop config files/embeds
copy:
src: '{{ role_path }}/files/{{ item.src }}'
dest: '{{ tmp_dir }}/ipxe/src/{{ item.dest|default("") }}'
loop:
- src: efi.h
dest: config/local/efi/general.h
- src: undionly.h
dest: config/local/undionly/general.h
- src: pxe_inv.ipxe
- src: harmroute.crt
delegate_to: localhost
- name: Make iPXE targets
shell: |
{% if target in make_config.keys() %}
make {{ target }} EMBED=pxe_inv.ipxe CERT=harmroute.crt TRUST=harmroute.crt CONFIG={{ make_config[target] }} || exit 1
{% else %}
make {{ target }} EMBED=pxe_inv.ipxe CERT=harmroute.crt TRUST=harmroute.crt || exit 1
{% endif %}
loop: '{{ make_targets }}'
loop_control:
loop_var: target
args:
chdir: '{{ tmp_dir }}/ipxe/src'
delegate_to: localhost

25
tasks/configure_tftp.yml

@ -0,0 +1,25 @@
---
- name: Install tftp packages
dnf:
name:
- tftp
- tftp-server
- name: Enable tftp server
systemd:
name: tftp.socket
enabled: yes
state: started
- name: Allow tftp through firewall
firewalld:
service: tftp
immediate: yes
permanent: yes
state: enabled
- name: Add folder for i386 builds
file:
path: /var/lib/tftpboot/i386-efi
state: directory

32
tasks/main.yml

@ -0,0 +1,32 @@
---
- name: Create temp directory
include_tasks: temp_directory.yml
when: tmp_dir is not defined
- name: Check for existing ipxe builds
stat:
path: '{{ tmp_dir }}/ipxe/src/{{ item }}'
loop: '{{ make_targets }}'
when: not rebuild_ipxe
register: ipxe_builds
delegate_to: localhost
- name: Download and build latest iPXE for all targets
include_tasks: build_ipxe.yml
when: rebuild_ipxe or False in ipxe_builds.results|map(attribute='stat')|map(attribute='exists')
- name: Configure TFTP server
include_tasks: configure_tftp.yml
- name: Place iPXE on tftp server
copy:
src: '{{ tmp_dir }}/ipxe/src/{{ item.src }}'
dest: '/var/lib/tftpboot/{{ item.dest }}'
loop:
- src: bin/undionly.kpxe
dest: undionly.kpxe
- src: bin-x86_64-efi/ipxe.efi
dest: ipxe.efi
- src: bin-i386-efi/ipxe.efi
dest: i386-efi/ipxe.efi

12
tasks/temp_directory.yml

@ -0,0 +1,12 @@
---
- name: Create a temporary directory
tempfile:
state: directory
prefix: ipxe
register: ipxe_tmp
notify: remove temp
- name: Save path
set_fact:
tmp_dir: '{{ ipxe_tmp.path }}'
Loading…
Cancel
Save