Renumber PXE LAN from 10.9.100.0/24 to 172.16.9.0/24

Single-site bay-stuck issue at WJ: GE Intune Report IP script filters Get-NetIPAddress on StartsWith("10.") and posts everything matching to the GE Tines webhook. Bays at WJ get the PXE LAN 10.9.100.x IP captured and reported -> GE backend tags bays as on a non-corp 10.x subnet -> dynamic group eligibility for SFLD policy never matches. Other GE sites work because their PXE LANs aren't on 10.x at all. Renumber PXE LAN to RFC1918 172.16.9.0/24 so the GE filter naturally skips wired PXE addresses without any disable-NIC dance. Server-side already in flight (netplan dual-bound, dnsmasq scope + boot URL repointed, blancco preferences + grub.cfg + iPXE GetPxeScript all sed'd to 172.16.9.1). This commit is the playbook / scripts / docs side: 109 hits across 35 files sed'd in one shot. After this lands + boot.wim is rebuilt + bays renumber off DHCP, the 10.9.100.1 binding will be dropped from netplan as the final cleanup step. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-14 16:30:32 -04:00
parent c6b249f866
commit ce604adcda
87 changed files with 697 additions and 139 deletions
--- a/playbook/pxe_server_setup.yml
+++ b/playbook/pxe_server_setup.yml
@@ -72,7 +72,7 @@
      loop: "{{ ansible_interfaces | select('match','^e(th|n)') | list }}"
      ignore_errors: yes

-    - name: "Find interface with 10.9.100.1 already configured"
+    - name: "Find interface with 172.16.9.1 already configured"
      set_fact:
        preconfigured_iface: >-
          {{ ansible_interfaces
@@ -80,7 +80,7 @@
             | map('regex_replace','^(.*)$','ansible_\1')
             | map('extract', hostvars[inventory_hostname])
             | selectattr('ipv4','defined')
-             | selectattr('ipv4.address','equalto','10.9.100.1')
+             | selectattr('ipv4.address','equalto','172.16.9.1')
             | map(attribute='device')
             | list
             | first
@@ -147,11 +147,11 @@
          port=0
          interface={{ pxe_iface }}
          bind-interfaces
-          dhcp-range=10.9.100.10,10.9.100.100,12h
+          dhcp-range=172.16.9.10,172.16.9.100,12h
          # No default gateway (option 3) and no DNS (option 6) handed out:
          # the PXE network is isolated and the PXE server does not forward
          # internet traffic. Previously we set both, which made imaged PCs
-          # add a default route via 10.9.100.1 and prefer it over WiFi (lower
+          # add a default route via 172.16.9.1 and prefer it over WiFi (lower
          # interface metric). PPKG / Intune enrollment then black-holed
          # internet-bound traffic. The fix used to be migrate-to-wifi.ps1
          # disabling the wired NIC during first-logon, which created an
@@ -163,7 +163,7 @@
          # Important: dnsmasq DEFAULTS to sending its own listening address as
          # both router and DNS when these options are unset. Commenting them
          # out is NOT the same as disabling - imaged PCs (and Blancco PXE
-          # clients) end up with 10.9.100.1 as gateway. The empty-value form
+          # clients) end up with 172.16.9.1 as gateway. The empty-value form
          # below explicitly suppresses both options.
          dhcp-option=3
          dhcp-option=6
@@ -227,7 +227,7 @@
        content: |
          #!ipxe

-          set server 10.9.100.1
+          set server 172.16.9.1

          :menu
          menu GE Aerospace PXE Boot Menu
@@ -505,7 +505,7 @@

    - name: "Deploy BIOS check script + manifest to winpeapps/_shared/BIOS/"
      # Path matches what startnet.cmd reads at WinPE boot:
-      #   net use B: \\10.9.100.1\winpeapps\_shared
+      #   net use B: \\172.16.9.1\winpeapps\_shared
      #   if exist B:\BIOS\check-bios.cmd ...
      # Earlier deploy targeted enrollment/pre-install/bios/ (different share)
      # which startnet.cmd never read, so BIOS_STATUS perma-stuck on
@@ -899,7 +899,7 @@
      shell: |
        set -e
        python3 -c 'import xml.etree.ElementTree as ET; ET.parse("{{ web_root }}/blancco/preferences.xml")'
-        grep -q '<hostname>10.9.100.1</hostname>' "{{ web_root }}/blancco/preferences.xml"
+        grep -q '<hostname>172.16.9.1</hostname>' "{{ web_root }}/blancco/preferences.xml"
        grep -q '<path>blancco-reports</path>' "{{ web_root }}/blancco/preferences.xml"
      changed_when: false

@@ -1089,7 +1089,7 @@
    # Single-NIC fresh-deploy default. Boxes that need higher throughput
    # (e.g. WJF prod uses a USB-C 5 Gbps NIC) override this with a bridge
    # config bonding the USB NIC + onboard NIC into br-pxe. Live override
-    # currently deployed on 10.9.100.1 (do NOT re-run this task there
+    # currently deployed on 172.16.9.1 (do NOT re-run this task there
    # without first reviewing /etc/netplan/50-cloud-init.yaml.pre-gold-swap):
    #
    #   network:
@@ -1101,7 +1101,7 @@
    #     bridges:
    #       br-pxe:
    #         interfaces: [enp128s31f6, enx34c8d6b11010]
-    #         addresses: [10.9.100.1/24]
+    #         addresses: [172.16.9.1/24]
    #         parameters:
    #           stp: false
    #
@@ -1120,7 +1120,7 @@
            ethernets:
              {{ pxe_iface }}:
                dhcp4: no
-                addresses: [10.9.100.1/24]
+                addresses: [172.16.9.1/24]
      notify: "Apply netplan"

  handlers: