Add web management UI, offline packages, WinPE consolidation, and docs
- webapp/: Flask web management app with:
- Dashboard showing image types and service status
- USB import page for WinPE deployment content
- Unattend.xml visual editor (driver paths, specialize commands,
OOBE settings, first logon commands, raw XML view)
- API endpoints for services and image management
- SETUP.md: Complete setup documentation for streamlined process
- build-usb.sh: Now copies webapp and optional WinPE images to USB
- playbook: Added webapp deployment (systemd service, Apache reverse
proxy), offline package verification, WinPE auto-import from USB
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
cproudlock
132
SETUP.md
Normal file
132
SETUP.md
Normal file
@@ -0,0 +1,132 @@
|
||||
# PXE Server Setup Guide
|
||||
|
||||
Automated build process for deploying an Ubuntu-based PXE boot server that hosts GE Aerospace Windows PE images. The entire setup is air-gapped — no internet required on the target machine.
|
||||
|
||||
## Architecture
|
||||
|
||||
```
|
||||
Client PXE boot
|
||||
-> Broadcom signed iPXE (Secure Boot)
|
||||
-> wimboot (HTTP from Apache)
|
||||
-> WinPE (boot.wim)
|
||||
-> startnet.cmd maps Samba shares
|
||||
-> GE Aerospace image deployment
|
||||
```
|
||||
|
||||
### Services on the PXE Server
|
||||
|
||||
| Service | Port | Purpose |
|
||||
|----------|----------|--------------------------------------|
|
||||
| dnsmasq | 67/udp | DHCP (10.9.100.10–100) |
|
||||
| dnsmasq | 69/udp | TFTP (serves ipxe.efi) |
|
||||
| Apache | 80/tcp | HTTP (wimboot, WinPE boot files) |
|
||||
| Apache | 4433/tcp | iPXE boot script (GetPxeScript.aspx) |
|
||||
| Samba | 445/tcp | Deployment content shares |
|
||||
|
||||
## Prerequisites
|
||||
|
||||
### Hardware
|
||||
- Server or PC with >= 8 GB RAM, >= 250 GB disk, one wired NIC
|
||||
- USB thumb drive >= 8 GB (32+ GB if bundling WinPE images)
|
||||
|
||||
### Software (on your workstation)
|
||||
- Ubuntu Server 24.04 ISO — https://ubuntu.com/download/server
|
||||
- Docker (for downloading offline packages)
|
||||
- GE Aerospace Media Creator LITE (for caching WinPE images)
|
||||
|
||||
### GE Access Packages
|
||||
- EPM Rufus Exception Request
|
||||
- EPM DT Functions
|
||||
- DLP - Encrypted Removable (USB) Long Term Access
|
||||
|
||||
## Setup Process
|
||||
|
||||
### Step 1: Download Offline Packages (one-time, requires internet + Docker)
|
||||
|
||||
```bash
|
||||
./download-packages.sh
|
||||
```
|
||||
|
||||
This runs an Ubuntu 24.04 Docker container to download all .deb packages (ansible, dnsmasq, apache2, samba, etc.) into `offline-packages/`. ~102 MB total.
|
||||
|
||||
### Step 2: Build the USB
|
||||
|
||||
```bash
|
||||
# Basic — server only (import WinPE images later)
|
||||
sudo ./build-usb.sh /dev/sdX /path/to/ubuntu-24.04-live-server-amd64.iso
|
||||
|
||||
# With WinPE images bundled (single USB, larger drive needed)
|
||||
sudo ./build-usb.sh /dev/sdX /path/to/ubuntu-24.04.iso /path/to/winpe-images
|
||||
```
|
||||
|
||||
This creates a bootable USB with:
|
||||
- Partition 1: Ubuntu Server installer
|
||||
- Partition 2: CIDATA (autoinstall config, offline .debs, Ansible playbook, optional WinPE images)
|
||||
|
||||
### Step 3: Boot the Target Machine
|
||||
|
||||
1. Insert the USB into the target machine
|
||||
2. Press F12 (or vendor boot key) and select the USB
|
||||
3. Ubuntu auto-installs — no interaction needed
|
||||
4. After reboot, the first-boot script installs all .deb packages and runs the Ansible playbook
|
||||
5. PXE services (dnsmasq, Apache, Samba) are configured automatically
|
||||
|
||||
### Step 4: Connect to Isolated Network
|
||||
|
||||
Move the server's wired NIC to the isolated switch for PXE clients.
|
||||
|
||||
### Step 5: Import WinPE Content (if not bundled in Step 2)
|
||||
|
||||
Insert the Media Creator LITE USB and copy content to the Samba share:
|
||||
|
||||
```bash
|
||||
sudo mkdir -p /mnt/usb2
|
||||
sudo mount /dev/sdb2 /mnt/usb2
|
||||
sudo cp -r /mnt/usb2/. /srv/samba/winpeapps/standard
|
||||
sudo umount /mnt/usb2
|
||||
```
|
||||
|
||||
## Verification
|
||||
|
||||
1. Connect a test workstation to the isolated switch
|
||||
2. Set Network Boot (PXE) as first boot in BIOS/UEFI
|
||||
3. Boot — the client should pull an IP from 10.9.100.x
|
||||
4. iPXE loads, fetches the boot script from port 4433
|
||||
5. WinPE boots via wimboot + boot.wim over HTTP
|
||||
6. WinPE maps Samba shares and begins image deployment
|
||||
|
||||
## Project Structure
|
||||
|
||||
```
|
||||
pxe-server/
|
||||
├── autoinstall/
|
||||
│ ├── user-data # Cloud-init autoinstall (Ubuntu config, first-boot script)
|
||||
│ └── meta-data # Cloud-init metadata (empty, required)
|
||||
├── playbook/
|
||||
│ ├── pxe_server_setup.yml # Ansible: dnsmasq, Apache, Samba, iPXE, firewall, netplan
|
||||
│ └── inventory.ini # Ansible inventory
|
||||
├── unattend/
|
||||
│ └── FlatUnattendW10.xml # Windows unattend.xml sample
|
||||
├── offline-packages/ # .deb files (gitignored, built by download-packages.sh)
|
||||
├── build-usb.sh # Builds the installer USB
|
||||
├── download-packages.sh # Downloads offline .debs via Docker
|
||||
└── setup-guide-original.txt # Original manual setup doc (reference)
|
||||
```
|
||||
|
||||
## Image Types
|
||||
|
||||
| Image Type | Domain |
|
||||
|-------------------|-----------------|
|
||||
| geastandardpbr | geaerospace.com |
|
||||
| geaengineerpbr | geaerospace.com |
|
||||
| geashopfloorpbr | geaerospace.com |
|
||||
| gestandardlegacy | ge.com |
|
||||
| geengineerlegacy | ge.com |
|
||||
| geshopfloorlegacy | ge.com |
|
||||
|
||||
## Network Configuration
|
||||
|
||||
- PXE server static IP: `10.9.100.1/24`
|
||||
- DHCP range: `10.9.100.10` - `10.9.100.100`
|
||||
- Lease time: 12 hours
|
||||
- DNS: `8.8.8.8` (passed to clients, not used by server)
|
||||
Reference in New Issue
Block a user