ge-aerospace/pxe-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Renumber PXE LAN from 10.9.100.0/24 to 172.16.9.0/24

Browse Source 
Single-site bay-stuck issue at WJ: GE Intune Report IP script filters
Get-NetIPAddress on StartsWith("10.") and posts everything matching
to the GE Tines webhook. Bays at WJ get the PXE LAN 10.9.100.x IP
captured and reported -> GE backend tags bays as on a non-corp 10.x
subnet -> dynamic group eligibility for SFLD policy never matches.
Other GE sites work because their PXE LANs aren't on 10.x at all.

Renumber PXE LAN to RFC1918 172.16.9.0/24 so the GE filter naturally
skips wired PXE addresses without any disable-NIC dance.

Server-side already in flight (netplan dual-bound, dnsmasq scope +
boot URL repointed, blancco preferences + grub.cfg + iPXE GetPxeScript
all sed'd to 172.16.9.1). This commit is the playbook / scripts /
docs side: 109 hits across 35 files sed'd in one shot.

After this lands + boot.wim is rebuilt + bays renumber off DHCP,
the 10.9.100.1 binding will be dropped from netplan as the final
cleanup step.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
cproudlock
2026-05-14 16:30:32 -04:00
parent c6b249f866
commit ce604adcda
87 changed files with 697 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
playbook/pxe-server-helpers/pxe-dhcp-hook.sh
View File

@@ -3,7 +3,7 @@
# pxe-dhcp-hook.sh - dnsmasq dhcp-script hook.
#
# Runs every time a PXE client gets/changes/releases a DHCP lease on
# 10.9.100.0/24. Flushes conntrack entries and drops any lingering
# 172.16.9.0/24. Flushes conntrack entries and drops any lingering
# TCP sockets for that client IP. Prevents stale server-side state from
# causing "System error 53 - network path not found" when a WinPE client
# re-images the same machine without a clean SMB session teardown.

8
playbook/pxe-server-helpers/smb-soft-reset.sh
View File

@@ -14,7 +14,7 @@
# Step 2: restart nmbd (NetBIOS daemon - separate from smbd)
# Step 3: restart smbd (full smbd restart, kills all child sessions)
# Step 4: kill any leftover smbd child processes that survived restart
# Step 5: flush conntrack for 10.9.100.0/24 (kernel connection tracking)
# Step 5: flush conntrack for 172.16.9.0/24 (kernel connection tracking)
# Step 6: flush ARP / neighbour cache on br-pxe
# Step 7: drop TCP sockets on port 445 via ss -K
# Step 8: restart dnsmasq (DHCP/TFTP state as a last resort before reboot)
@@ -56,10 +56,10 @@ sleep 1
systemctl start smbd 2>&1
pause "Step 4 done"
echo "=== Step 5/8: flush conntrack entries for 10.9.100.0/24 ==="
echo "=== Step 5/8: flush conntrack entries for 172.16.9.0/24 ==="
if command -v conntrack >/dev/null 2>&1; then
conntrack -D -s 10.9.100.0/24 2>&1 || true
conntrack -D -d 10.9.100.0/24 2>&1 || true
conntrack -D -s 172.16.9.0/24 2>&1 || true
conntrack -D -d 172.16.9.0/24 2>&1 || true
else
echo " conntrack tool not installed - skipping (apt install conntrack)"
fi