Reorganize repo, enrollment share taxonomy, Blancco USB-build fixes, v4.10 PPKGs

Workstation reorganization: - All build/deploy/helper scripts moved into scripts/ (paths updated to use REPO_ROOT instead of SCRIPT_DIR so they resolve sibling dirs from the new depth) - New config/ directory placeholder for site-specific overrides - Removed stale: mok-keys/, test-vm.sh, test-lab.sh, setup-guide-original.txt, unattend/ (duplicate of moved playbook/FlatUnattendW10.xml) - README.md and SETUP.md structure listings updated, dead "Testing with KVM" section removed - .claude/ gitignored Enrollment share internal taxonomy (forward-looking; existing servers unaffected since they keep their current boot.wim with flat paths): - Single SMB share kept (WinPE only mounts one Y: drive), but content now organised into ppkgs/, scripts/, config/, shopfloor-setup/, pre-install/{bios, installers}, installers-post/cmm/, blancco/, logs/ - README.md deployed to share root explaining each subdir - New playbook tasks deploy site-config.json + wait-for-internet.ps1 + migrate-to-wifi.ps1 explicitly (were ad-hoc on legacy servers) - BIOS subdir moved into pre-install/bios/, preinstall/ renamed to pre-install/ - startnet.cmd + startnet-template.cmd updated with new Y:\subdir\ paths - Bumped GCCH PPKG references v4.9 -> v4.10 Blancco USB-build fixes (so next fresh USB install boots Blancco end-to-end without the manual fixup we did against GOLD): - grub-blancco.cfg: kernel/initrd switched HTTP -> TFTP (GRUB's HTTP module times out on multi-MB files); added modprobe.blacklist=iwlwifi,iwlmvm,btusb (WiFi drivers hang udev on Intel business PCs) - grubx64.efi rebuilt from updated cfg - Playbook task added to create /srv/tftp/blancco/ symlinks pointing at the HTTP-served binaries run-enrollment.ps1: OOBEComplete is now set AFTER PPKG install (Win11 22H2+ hangs indefinitely if OOBEComplete is set before the bulk-enrollment PPKG runs). Also includes deploy-bios.sh / pull-bios.sh / busybox-static / models.txt that were sitting untracked at the repo root.
2026-04-14 16:01:02 -04:00
parent d14c240b48
commit d6776f7c7f
26 changed files with 380 additions and 824 deletions
--- a/README.md
+++ b/README.md
@@ -54,7 +54,7 @@ Client PXE boot (UEFI Secure Boot)
 ### Step 1: Download Offline Packages

 ```bash
-./download-packages.sh
+./scripts/download-packages.sh
 ```

 Downloads all .deb packages and Python wheels for offline installation (~140 MB of debs, ~20 MB of wheels).
@@ -62,7 +62,7 @@ Downloads all .deb packages and Python wheels for offline installation (~140 MB
 ### Step 2: Prepare Boot Tools (optional)

 ```bash
-./prepare-boot-tools.sh /path/to/blancco.iso /path/to/clonezilla.zip /path/to/memtest.bin
+./scripts/prepare-boot-tools.sh /path/to/blancco.iso /path/to/clonezilla.zip /path/to/memtest.bin
 ```

 Extracts and configures boot tool files (Blancco, Clonezilla, Memtest86+). Automatically patches Blancco's config.img to auto-save erasure reports to the PXE server's Samba share.
@@ -70,7 +70,7 @@ Extracts and configures boot tool files (Blancco, Clonezilla, Memtest86+). Autom
 ### Step 3: Build the USB

 ```bash
-sudo ./build-usb.sh /dev/sdX /path/to/ubuntu-24.04-live-server-amd64.iso
+sudo ./scripts/build-usb.sh /dev/sdX /path/to/ubuntu-24.04-live-server-amd64.iso
 ```

 Creates a bootable USB with two partitions:
@@ -158,50 +158,32 @@ pxe-server/
 │       └── audit.html            # Activity audit log
 ├── docs/
 │   └── shopfloor-display-imaging-guide.md  # End-user imaging guide
-├── unattend/
-│   └── FlatUnattendW10.xml       # Windows unattend.xml template
 ├── boot-tools/                   # Extracted boot tool files (gitignored)
-│   ├── blancco/                  # Blancco Drive Eraser (Arch Linux-based)
+│   ├── blancco/                  # Blancco Drive Eraser
 │   ├── clonezilla/               # Clonezilla Live
 │   └── memtest/                  # Memtest86+
+├── boot-files/                   # WinPE boot files (boot.wim, wimboot, ipxe.efi, BCD)
 ├── offline-packages/             # .deb files (gitignored, built by download-packages.sh)
 ├── pip-wheels/                   # Python wheels (gitignored, built by download-packages.sh)
-├── download-packages.sh          # Downloads offline .debs + pip wheels
-├── build-usb.sh                  # Builds the installer USB (2-partition)
-├── prepare-boot-tools.sh         # Extracts and patches boot tool files
-├── build-proxmox-iso.sh          # Builds self-contained Proxmox installer ISO
-├── test-vm.sh                    # KVM test environment for validation
-├── test-lab.sh                   # Full PXE lab with server + client VMs
+├── enrollment/                   # PPKGs and run-enrollment.ps1 (gitignored)
+├── bios-staging/                 # Dell BIOS update binaries (gitignored)
+├── scripts/                      # Build, deploy, and helper scripts
+│   ├── build-usb.sh              # Builds the installer USB (2-partition)
+│   ├── build-proxmox-iso.sh      # Builds self-contained Proxmox installer ISO
+│   ├── prepare-boot-tools.sh     # Extracts and patches boot tool files
+│   ├── download-packages.sh      # Downloads offline .debs + pip wheels
+│   ├── download-drivers.py       # Downloads Dell drivers directly from dell.com
+│   ├── deploy-bios.sh            # Pushes BIOS updates to enrollment share
+│   ├── pull-bios.sh              # Pulls BIOS binaries from upstream cache
+│   ├── sync_hardware_models.py   # Syncs hardware model configs across images
+│   ├── Upload-Image.ps1          # Windows: upload MCL cache to PXE via SMB
+│   └── Download-Drivers.ps1      # Windows: download hardware drivers from GE CDN
+├── config/                       # Site-specific configuration overrides
 ├── startnet-template.cmd         # startnet.cmd template (synced with playbook copy)
-├── Download-Drivers.ps1          # Download hardware drivers from GE CDN (Windows)
-├── Upload-Image.ps1              # Upload MCL cache to PXE server via SMB (Windows)
-├── download-drivers.py           # Download Dell drivers directly from dell.com
-├── sync_hardware_models.py       # Sync hardware model configs across images
-├── SETUP.md                      # Detailed setup guide
-└── setup-guide-original.txt      # Original manual setup notes (reference)
+├── README.md                     # This file
+└── SETUP.md                      # Detailed setup guide
 ```

-## Testing with KVM
-
-A test VM script is included for validating the full provisioning pipeline without dedicated hardware:
-
-```bash
-# Download Ubuntu Server ISO
-wget -O ~/Downloads/ubuntu-24.04.3-live-server-amd64.iso \
-  https://releases.ubuntu.com/noble/ubuntu-24.04.3-live-server-amd64.iso
-
-# Launch test VM (requires libvirt/KVM)
-sudo ./test-vm.sh ~/Downloads/ubuntu-24.04.3-live-server-amd64.iso
-
-# Watch install progress
-sudo virsh console pxe-test
-
-# Clean up when done
-sudo ./test-vm.sh --destroy
-```
-
-The test VM creates an isolated libvirt network (10.9.100.0/24) and runs the full autoinstall + Ansible provisioning.
-
 ## Proxmox Deployment

 A single ISO can be built for deploying the PXE server in a Proxmox VM:
@@ -213,7 +195,7 @@ A single ISO can be built for deploying the PXE server in a Proxmox VM:
 sudo apt install xorriso p7zip-full

 # Build the installer ISO
-./build-proxmox-iso.sh /path/to/ubuntu-24.04-live-server-amd64.iso
+./scripts/build-proxmox-iso.sh /path/to/ubuntu-24.04-live-server-amd64.iso
 ```

 This creates `pxe-server-proxmox.iso` containing the Ubuntu installer, autoinstall config, all offline packages, the Ansible playbook, webapp, and boot tools.