ge-aerospace/pxe-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Renumber PXE LAN from 10.9.100.0/24 to 172.16.9.0/24

Browse Source 
Single-site bay-stuck issue at WJ: GE Intune Report IP script filters
Get-NetIPAddress on StartsWith("10.") and posts everything matching
to the GE Tines webhook. Bays at WJ get the PXE LAN 10.9.100.x IP
captured and reported -> GE backend tags bays as on a non-corp 10.x
subnet -> dynamic group eligibility for SFLD policy never matches.
Other GE sites work because their PXE LANs aren't on 10.x at all.

Renumber PXE LAN to RFC1918 172.16.9.0/24 so the GE filter naturally
skips wired PXE addresses without any disable-NIC dance.

Server-side already in flight (netplan dual-bound, dnsmasq scope +
boot URL repointed, blancco preferences + grub.cfg + iPXE GetPxeScript
all sed'd to 172.16.9.1). This commit is the playbook / scripts /
docs side: 109 hits across 35 files sed'd in one shot.

After this lands + boot.wim is rebuilt + bays renumber off DHCP,
the 10.9.100.1 binding will be dropped from netplan as the final
cleanup step.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
cproudlock
2026-05-14 16:30:32 -04:00
parent c6b249f866
commit ce604adcda
87 changed files with 697 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
scripts/Upload-Image.ps1
View File

@@ -8,15 +8,15 @@
# .\Upload-Image.ps1 (selected OS + packages, no drivers)
# .\Upload-Image.ps1 -IncludeDrivers (also upload selected hardware drivers)
# .\Upload-Image.ps1 -CachePath "D:\MCL\Cache" (custom cache location)
# .\Upload-Image.ps1 -Server 10.9.100.1 (custom server IP)
# .\Upload-Image.ps1 -Server 172.16.9.1 (custom server IP)
#
# After upload, use the PXE webapp (http://10.9.100.1:9009) to import
# After upload, use the PXE webapp (http://172.16.9.1:9009) to import
# the uploaded content into the desired image type.
#
param(
[string]$CachePath = "C:\ProgramData\GEAerospace\MediaCreator\Cache",
[string]$Server = "10.9.100.1",
[string]$Server = "172.16.9.1",
[string]$User = "pxe-upload",
[string]$Pass = "pxe",
[switch]$IncludeDrivers

4
scripts/build-proxmox-iso.sh
View File

@@ -350,8 +350,8 @@ echo " - Network: Bridge connected to isolated PXE network"
echo " 3. Attach ISO as CD-ROM and start the VM"
echo " 4. Ubuntu auto-installs (~10-15 minutes, zero interaction)"
echo " 5. After reboot, first-boot configures all PXE services"
echo " 6. Access webapp at http://10.9.100.1:9009"
echo " 6. Access webapp at http://172.16.9.1:9009"
echo ""
echo "NOTE: The VM's network bridge must be connected to your isolated PXE"
echo " network. The server will use static IP 10.9.100.1/24."
echo " network. The server will use static IP 172.16.9.1/24."
echo ""

4
scripts/deploy-bios.sh
View File

@@ -3,12 +3,12 @@
# Copies Flash64W.exe, BIOS binaries, models.txt, and check-bios.cmd
#
# Usage: ./deploy-bios.sh [server-ip]
# Default server: 10.9.100.1
# Default server: 172.16.9.1
set -e
REPO_ROOT="$(cd "$(dirname "$0")"/.. && pwd)"
PXE_SERVER="${1:-10.9.100.1}"
PXE_SERVER="${1:-172.16.9.1}"
PXE_USER="pxe"
PXE_PASS="pxe"
REMOTE_DIR="/srv/samba/enrollment/BIOS"

187
scripts/diagnostics/Capture-LockdownState.ps1
View File

@@ -23,7 +23,7 @@
Output lands under C:\ProgramData\state-<stage>-<timestamp>\.
Copy the whole folder back to the workstation
(\\10.9.100.1\image-upload or dump to pxe-images manually) and diff.
(\\172.16.9.1\image-upload or dump to pxe-images manually) and diff.
Diffing tips:
pre-category -> post-category : what the category-driven Intune
@@ -175,6 +175,189 @@ Step "dsregcmd /status" {
dsregcmd /status 2>&1 | Out-File "$out\dsregcmd.txt"
}
# --- Intune readiness probe (4-layer gate, frozen at this snapshot moment).
# Aligned with Microsoft's documented IME / ESP gates - see:
# https://learn.microsoft.com/en-us/windows/client-management/mdm-diagnose-enrollment
# https://patchmypc.com/blog/intune-management-extension-esp-phases/
#
# Layer 1 - AAD + MDM enrollment object exists
# AzureAdJoined, IntuneEnrolled (HKLM\Enrollments\<GUID> EnrollmentState=1)
# Layer 2 - Microsoft's own success markers
# MdmEnrollEvent75Found ("Auto MDM Enroll: Succeeded" in DeviceManagement-Enterprise-Diagnostics-Provider/Admin)
# No MdmEnrollEvent76Found (failure) within last 7d
# HasProvisioningCompleted=1 in OMADM\Accounts\<id>
# FirstSync IsSyncDone=1 in Enrollments\<id>\FirstSync
# Layer 3 - Policy actually delivered (CSP succeeded, not just provider registered)
# PolicyManager\Providers\<EnrollmentId>\default\Device exists
# PolicyManager\current\device has subkeys
# Layer 4 - IME running (Win32App / PowerShell channel ready)
# IME service running, IME log dir populated
# Sidecar Policy Provider InstallationState=Completed (best-effort log grep)
#
# Pre-category snapshots that show layers 2-3 red = category assigned too
# early -> reboot races the policy/payload pull -> stalled deploy -> re-image.
Step "intune category-readiness probe" {
$r = [ordered]@{
# Layer 1
AzureAdJoined = $false
AzureAdTenant = $null
DeviceId = $null
IntuneEnrolled = $false
EnrollmentId = $null
# Layer 2
MdmEnrollEvent75Found = $false
MdmEnrollEvent75Time = $null
MdmEnrollEvent76Found = $false
MdmEnrollEvent76Time = $null
HasProvisioningCompleted = $false
FirstSyncIsSyncDone = $false
# Layer 3
PolicyManagerProviderForEnrollment = $false
PolicyManagerCurrentDeviceSubkeys = 0
# Layer 4
ImeServiceRunning = $false
ImeLogDirPopulated = $false
SidecarInstallationState = $null # 'Completed' | 'InProgress' | $null
# Misc
LastSyncEventTime = $null
Stage = $Stage
SnapshotTime = $null
}
# Layer 1: AAD + tenant + DeviceId
try {
$ds = & dsregcmd /status 2>&1 | Out-String
if ($ds -match 'AzureAdJoined\s*:\s*YES') { $r.AzureAdJoined = $true }
if ($ds -match 'TenantId\s*:\s*(\S+)') { $r.AzureAdTenant = $matches[1] }
if ($ds -match '(?m)^\s*DeviceId\s*:\s*(\S+)') { $r.DeviceId = $matches[1] }
} catch {}
# Layer 1: enrollment record
try {
$eks = Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\Enrollments' -ErrorAction SilentlyContinue |
Where-Object {
$p = Get-ItemProperty $_.PSPath -ErrorAction SilentlyContinue
$p -and $p.EnrollmentState -eq 1 -and $_.PSChildName -ne 'Context'
}
if ($eks) {
$r.IntuneEnrolled = $true
$r.EnrollmentId = $eks[0].PSChildName
}
} catch {}
# Layer 2: event 75 (success) + 76 (failure) in last 7d
try {
$cutoff = (Get-Date).AddDays(-7)
$evts = Get-WinEvent -LogName 'Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin' -MaxEvents 1000 -ErrorAction SilentlyContinue |
Where-Object { $_.TimeCreated -gt $cutoff }
$e75 = $evts | Where-Object { $_.Id -eq 75 } | Sort-Object TimeCreated -Descending | Select-Object -First 1
$e76 = $evts | Where-Object { $_.Id -eq 76 } | Sort-Object TimeCreated -Descending | Select-Object -First 1
if ($e75) { $r.MdmEnrollEvent75Found = $true; $r.MdmEnrollEvent75Time = $e75.TimeCreated.ToString('o') }
if ($e76) { $r.MdmEnrollEvent76Found = $true; $r.MdmEnrollEvent76Time = $e76.TimeCreated.ToString('o') }
$latest = $evts | Sort-Object TimeCreated -Descending | Select-Object -First 1
if ($latest) { $r.LastSyncEventTime = $latest.TimeCreated.ToString('o') }
} catch {}
# Layer 2 + 3: per-enrollment regs (only meaningful with an EnrollmentId)
if ($r.EnrollmentId) {
try {
$omadm = "HKLM:\SOFTWARE\Microsoft\Provisioning\OMADM\Accounts\$($r.EnrollmentId)"
if (Test-Path $omadm) {
$v = (Get-ItemProperty -Path $omadm -Name HasProvisioningCompleted -ErrorAction SilentlyContinue).HasProvisioningCompleted
if ($v -eq 1) { $r.HasProvisioningCompleted = $true }
}
} catch {}
try {
$fs = "HKLM:\SOFTWARE\Microsoft\Enrollments\$($r.EnrollmentId)\FirstSync"
if (Test-Path $fs) {
$v = (Get-ItemProperty -Path $fs -Name IsSyncDone -ErrorAction SilentlyContinue).IsSyncDone
if ($v -eq 1) { $r.FirstSyncIsSyncDone = $true }
}
} catch {}
try {
$pp = "HKLM:\SOFTWARE\Microsoft\PolicyManager\Providers\$($r.EnrollmentId)\default\Device"
if (Test-Path $pp) { $r.PolicyManagerProviderForEnrollment = $true }
} catch {}
}
# Layer 3: actual policy mirror under current\device
try {
$cur = Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device' -ErrorAction SilentlyContinue
$r.PolicyManagerCurrentDeviceSubkeys = if ($cur) { $cur.Count } else { 0 }
} catch {}
# Layer 4: IME service + logs
try {
$svc = Get-Service -Name 'IntuneManagementExtension' -ErrorAction SilentlyContinue
if ($svc -and $svc.Status -eq 'Running') { $r.ImeServiceRunning = $true }
$imeLog = 'C:\ProgramData\Microsoft\IntuneManagementExtension\Logs'
if ((Test-Path $imeLog) -and (Get-ChildItem $imeLog -ErrorAction SilentlyContinue | Select-Object -First 1)) {
$r.ImeLogDirPopulated = $true
}
} catch {}
# Layer 4: Sidecar Policy Provider InstallationState (best-effort grep of IME log)
try {
$imeLogFile = 'C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\IntuneManagementExtension.log'
if (Test-Path $imeLogFile) {
$hits = Select-String -Path $imeLogFile -Pattern 'Sidecar.*?[Ii]nstallation\s*[Ss]tate.*?(Completed|InProgress|NotStarted|Failed)' -ErrorAction SilentlyContinue |
Select-Object -Last 1
if ($hits -and $hits.Matches.Count -gt 0 -and $hits.Matches[0].Groups.Count -ge 2) {
$r.SidecarInstallationState = $hits.Matches[0].Groups[1].Value
}
}
} catch {}
# Verdict
$r.SnapshotTime = (Get-Date).ToString('o')
$r.ReadyForCategoryAssignment = (
$r.AzureAdJoined -and
$r.IntuneEnrolled -and
$r.MdmEnrollEvent75Found -and
(-not $r.MdmEnrollEvent76Found) -and
$r.HasProvisioningCompleted -and
$r.FirstSyncIsSyncDone -and
$r.PolicyManagerProviderForEnrollment -and
($r.PolicyManagerCurrentDeviceSubkeys -gt 0) -and
$r.ImeServiceRunning -and
$r.ImeLogDirPopulated
)
[pscustomobject]$r | ConvertTo-Json -Depth 3 | Out-File "$out\intune-readiness.json"
# Human-readable summary (PS 5.1-safe: $(if ...) subexpressions, no inline-if-as-expression)
@(
"Intune category-readiness probe @ $($r.SnapshotTime) (stage=$Stage)"
'------------------------------------------------------------------'
' Layer 1 - AAD + MDM enrollment object'
(" [{0}] AzureAdJoined tenant={1}" -f $(if ($r.AzureAdJoined) {'OK '} else {'FAIL'}), $r.AzureAdTenant)
(" [{0}] IntuneEnrolled id={1}" -f $(if ($r.IntuneEnrolled) {'OK '} else {'FAIL'}), $r.EnrollmentId)
' Layer 2 - Microsoft success markers'
(" [{0}] Event 75 (Auto MDM Enroll: Succeeded) time={1}" -f $(if ($r.MdmEnrollEvent75Found) {'OK '} else {'FAIL'}), $r.MdmEnrollEvent75Time)
(" [{0}] No event 76 in last 7d (no enroll failure) lastFail={1}" -f $(if ($r.MdmEnrollEvent76Found) {'FAIL'} else {'OK '}), $r.MdmEnrollEvent76Time)
(" [{0}] OMADM HasProvisioningCompleted=1" -f $(if ($r.HasProvisioningCompleted) {'OK '} else {'FAIL'}))
(" [{0}] Enrollments\<id>\FirstSync IsSyncDone=1" -f $(if ($r.FirstSyncIsSyncDone) {'OK '} else {'FAIL'}))
' Layer 3 - policy actually delivered'
(" [{0}] PolicyManager\Providers\<EnrollmentId>\default\Device exists" -f $(if ($r.PolicyManagerProviderForEnrollment) {'OK '} else {'FAIL'}))
(" [{0}] PolicyManager\current\device subkey count={1}" -f $(if ($r.PolicyManagerCurrentDeviceSubkeys -gt 0) {'OK '} else {'FAIL'}), $r.PolicyManagerCurrentDeviceSubkeys)
' Layer 4 - IME running (Win32App / PS1 channel)'
(" [{0}] IME service running" -f $(if ($r.ImeServiceRunning) {'OK '} else {'FAIL'}))
(" [{0}] IME log dir populated" -f $(if ($r.ImeLogDirPopulated) {'OK '} else {'FAIL'}))
(" [--] Sidecar InstallationState (best-effort) value={0}" -f $(if ($r.SidecarInstallationState) { $r.SidecarInstallationState } else { '(unknown)' }))
'------------------------------------------------------------------'
("ReadyForCategoryAssignment: $($r.ReadyForCategoryAssignment)")
("DeviceId: $($r.DeviceId)")
("LastMDMEvent: $($r.LastSyncEventTime)")
''
'Notes:'
' - All layers must be green before assigning device category in Intune.'
' - Even when ready locally, allow >=15 min after adding the user/device'
' to the target Entra group (server-side group eval delay, MS docs).'
' - Pre-category snapshot with red Layer 2/3 = root cause for "imaging'
' stalled and required re-image" (category raced the policy pull).'
) | Out-File "$out\intune-readiness.txt"
}
# --- SFLD credential manager YAML (identifies the Intune category)
Step "snapshot SFLD CredentialManager dir" {
$cmDir = 'C:\ProgramData\SFLD\CredentialManager'
@@ -291,6 +474,6 @@ Write-Host ""
Write-Host "Snapshot complete: $out"
Write-Host ""
Write-Host "Next: copy that folder to the workstation. Easiest:"
Write-Host " net use Z: \\10.9.100.1\image-upload /user:pxe-upload pxe /persistent:no"
Write-Host " net use Z: \\172.16.9.1\image-upload /user:pxe-upload pxe /persistent:no"
Write-Host " robocopy `"$out`" `"Z:\state-$Stage-$stamp`" /E /NFL /NDL /NJH /NJS"
Write-Host " net use Z: /delete /y"

142
scripts/diagnostics/Compare-LockdownStates.ps1 Normal file
View File

@@ -0,0 +1,142 @@
#Requires -RunAsAdministrator
<#
.SYNOPSIS
Diff two snapshot dirs from Capture-LockdownState.ps1 to surface
deltas (what arrived between the two checkpoints).
.DESCRIPTION
Compares two state-* dirs (typically pre-category vs post-category,
or post-category vs post-lockdown) along these axes:
- intune-readiness.json (5 readiness signals, did they flip?)
- dsregcmd.txt (AAD join state diff)
- Reg dumps (.reg files): line-level diff
- File inventories (*.csv): rows added/removed
- Event log CSVs (DeviceManagement-Events, Tasks-RunHistory):
new rows count
Output: human-readable summary to console + a delta-<stamp>.txt
next to the second snapshot dir.
.PARAMETER Before
Path to the earlier snapshot dir (e.g. state-pre-category-...)
.PARAMETER After
Path to the later snapshot dir (e.g. state-post-category-...)
.EXAMPLE
.\Compare-LockdownStates.ps1 -Before C:\ProgramData\state-pre-category-20260504-180000 -After C:\ProgramData\state-post-category-20260504-181500
#>
[CmdletBinding()]
param(
[Parameter(Mandatory=$true)] [string]$Before,
[Parameter(Mandatory=$true)] [string]$After
)
$ErrorActionPreference = 'Continue'
if (-not (Test-Path $Before)) { throw "Before dir not found: $Before" }
if (-not (Test-Path $After)) { throw "After dir not found: $After" }
$out = Join-Path $After ("delta-vs-" + (Split-Path $Before -Leaf) + ".txt")
$lines = New-Object System.Collections.Generic.List[string]
function Add-Line { param([string]$s) $lines.Add($s); Write-Host $s }
Add-Line "=========================================================="
Add-Line "Snapshot delta"
Add-Line " Before: $Before"
Add-Line " After: $After"
Add-Line "=========================================================="
Add-Line ""
# --- 1. Intune readiness signals delta ---
Add-Line '--- Intune readiness signals (5-row gate) ---'
$rb = $null; $ra = $null
$rbPath = Join-Path $Before 'intune-readiness.json'
$raPath = Join-Path $After 'intune-readiness.json'
if ((Test-Path $rbPath) -and (Test-Path $raPath)) {
$rb = Get-Content $rbPath -Raw | ConvertFrom-Json
$ra = Get-Content $raPath -Raw | ConvertFrom-Json
$signals = 'AzureAdJoined','IntuneEnrolled','MdmSyncRecent','ImeServiceRunning','ImeLogDirPopulated'
foreach ($s in $signals) {
$b = $rb.$s; $a = $ra.$s
$tag = if ($b -eq $a) { ' same' } elseif ($a) { '+ flipped TRUE' } else { '- regressed FALSE' }
Add-Line (" {0,-25} before={1,-5} after={2,-5} {3}" -f $s, $b, $a, $tag)
}
Add-Line (" {0,-25} before={1,-5} after={2,-5}" -f 'PolicyMgr providers', $rb.PolicyManagerProviders, $ra.PolicyManagerProviders)
Add-Line (" ReadyForCategoryAssignment: before={0} after={1}" -f $rb.ReadyForCategoryAssignment, $ra.ReadyForCategoryAssignment)
} else {
Add-Line " (intune-readiness.json missing in one or both snapshots)"
}
Add-Line ''
# --- 2. dsregcmd diff (key boolean lines) ---
Add-Line '--- dsregcmd state diff ---'
$dsBefore = Get-Content (Join-Path $Before 'dsregcmd.txt') -ErrorAction SilentlyContinue
$dsAfter = Get-Content (Join-Path $After 'dsregcmd.txt') -ErrorAction SilentlyContinue
foreach ($key in 'AzureAdJoined','EnterpriseJoined','DomainJoined','TenantId','TenantName','MdmUrl','MdmTouUrl','MdmComplianceUrl','SettingsUrl') {
$b = ($dsBefore | Select-String -Pattern "^\s*$key\s*:" -SimpleMatch).Line | Select-Object -First 1
$a = ($dsAfter | Select-String -Pattern "^\s*$key\s*:" -SimpleMatch).Line | Select-Object -First 1
if ($b -ne $a) {
Add-Line " CHANGED $key"
Add-Line " before: $(if ($b) { $b } else { '(missing)' })"
Add-Line " after : $(if ($a) { $a } else { '(missing)' })"
}
}
Add-Line ''
# --- 3. Registry .reg files - line-level diff (count lines added/removed) ---
Add-Line '--- registry dump deltas (line counts) ---'
$regsBefore = Get-ChildItem $Before -Filter '*.reg' -ErrorAction SilentlyContinue
foreach ($rb in $regsBefore) {
$rbName = $rb.Name
$raPath = Join-Path $After $rbName
if (-not (Test-Path $raPath)) { continue }
$bLines = Get-Content $rb.FullName -ErrorAction SilentlyContinue
$aLines = Get-Content $raPath -ErrorAction SilentlyContinue
$added = (Compare-Object -ReferenceObject $bLines -DifferenceObject $aLines | Where-Object SideIndicator -eq '=>').Count
$removed = (Compare-Object -ReferenceObject $bLines -DifferenceObject $aLines | Where-Object SideIndicator -eq '<=').Count
if ($added -or $removed) {
Add-Line (" {0,-30} +{1,-4} -{2}" -f $rbName, $added, $removed)
}
}
Add-Line ''
# --- 4. CSV inventories - row count delta ---
Add-Line '--- file inventory deltas (CSV row counts) ---'
$csvsBefore = Get-ChildItem $Before -Filter '*.csv' -ErrorAction SilentlyContinue
foreach ($cb in $csvsBefore) {
$cbName = $cb.Name
$caPath = Join-Path $After $cbName
if (-not (Test-Path $caPath)) { continue }
try {
$bRows = (Import-Csv $cb.FullName).Count
$aRows = (Import-Csv $caPath).Count
if ($bRows -ne $aRows) {
Add-Line (" {0,-35} before={1,-5} after={2,-5} delta={3:+#;-#;0}" -f $cbName, $bRows, $aRows, ($aRows - $bRows))
}
} catch {}
}
Add-Line ''
# --- 5. Newly-present + newly-absent files in the snapshot ---
Add-Line '--- snapshot directory contents delta ---'
$bf = Get-ChildItem $Before -File -Recurse | ForEach-Object { $_.FullName.Substring($Before.Length) }
$af = Get-ChildItem $After -File -Recurse | ForEach-Object { $_.FullName.Substring($After.Length) }
$onlyA = Compare-Object -ReferenceObject $bf -DifferenceObject $af -PassThru | Where-Object { $af -contains $_ -and $bf -notcontains $_ }
$onlyB = Compare-Object -ReferenceObject $bf -DifferenceObject $af -PassThru | Where-Object { $bf -contains $_ -and $af -notcontains $_ }
if ($onlyA) {
Add-Line " NEW in After:"
$onlyA | ForEach-Object { Add-Line " + $_" }
}
if ($onlyB) {
Add-Line " REMOVED in After:"
$onlyB | ForEach-Object { Add-Line " - $_" }
}
Add-Line ''
# Persist
$lines | Out-File $out -Encoding utf8
Write-Host ""
Write-Host "Delta written to: $out" -ForegroundColor Cyan

4
scripts/diagnostics/snapshot-runbook.txt
View File

@@ -13,7 +13,7 @@ enrollment, and is enrolled to Intune but no device category assigned yet.
0. Map share + stage script (run once, at the start)
----------------------------------------
net use Z: \\10.9.100.1\image-upload /user:pxe-upload pxe /persistent:no
net use Z: \\172.16.9.1\image-upload /user:pxe-upload pxe /persistent:no
Copy-Item Z:\Capture-LockdownState.ps1 C:\Windows\Temp\
Set-ExecutionPolicy -Scope Process Bypass -Force
@@ -83,7 +83,7 @@ Output: C:\ProgramData\state-post-lockdown-<stamp>\
}
net use Z: /delete /y
The three folders land at \\10.9.100.1\image-upload\state-*-<stamp>\.
The three folders land at \\172.16.9.1\image-upload\state-*-<stamp>\.
On the workstation: pull from /home/pxe/image-upload/ on the PXE server
(scp or local mount) and diff against any prior baseline (e.g. the
4/15 v1.3.1 working snapshot at pxe-images/state-post-lockdown-20260415-154705/).

4
scripts/download-drivers.py
View File

@@ -31,7 +31,7 @@ import xml.etree.ElementTree as ET
from pathlib import Path
REPO_DIR = Path(__file__).resolve().parent
PXE_HOST = "10.9.100.1"
PXE_HOST = "172.16.9.1"
PXE_USER = "pxe"
PXE_PASS = "pxe"
UPLOAD_DEST = "/home/pxe/image-upload"
@@ -715,7 +715,7 @@ def main():
concurrent.futures.wait(futures)
# --- Download BIOS (goes to shared winpeapps dir, read by check-bios.cmd
# in WinPE phase via \\10.9.100.1\winpeapps\_shared\BIOS\). Playbook
# in WinPE phase via \\172.16.9.1\winpeapps\_shared\BIOS\). Playbook
# task at pxe_server_setup.yml:485 deploys check-bios.cmd + Flash64W.exe
# to this same directory. ---
bios_ok = bios_err = 0

4
scripts/prepare-boot-tools.sh
View File

@@ -137,7 +137,7 @@ data = data.replace(
)
data = data.replace(
b'<hostname></hostname>',
b'<hostname>10.9.100.1</hostname>'
b'<hostname>172.16.9.1</hostname>'
)
data = data.replace(
b'<path></path>',
@@ -190,7 +190,7 @@ PYEOF
# Repack CPIO with exact 512-byte block alignment (194560 bytes)
ls -1 "$CFGTMP" | (cd "$CFGTMP" && cpio -o -H newc 2>/dev/null) | \
dd bs=512 conv=sync 2>/dev/null > "$OUT_DIR/blancco/config.img"
echo " Reports: SMB blancco@10.9.100.1/blancco-reports, bootable report enabled"
echo " Reports: SMB blancco@172.16.9.1/blancco-reports, bootable report enabled"
fi
cd "$REPO_ROOT"
rm -rf "$CFGTMP"

2
scripts/pull-bios.sh
View File

@@ -6,7 +6,7 @@ set -e
REPO_ROOT="$(cd "$(dirname "$0")"/.. && pwd)"
DEST="$REPO_ROOT/bios-staging"
PXE_SERVER="10.9.100.1"
PXE_SERVER="172.16.9.1"
PXE_USER="pxe"
PXE_PASS="pxe"