Blancco PXE boot via Ubuntu kernel switch_root

Blancco's own kernel freezes on Dell Precision towers during PXE boot. Workaround: boot Ubuntu kernel via GRUB chainload, download Blancco's 666MB squashfs rootfs + 132MB kernel modules over HTTP, mount overlay filesystem, and switch_root into Blancco's userspace. - Add blancco-init.sh: custom initramfs init script for switch_root approach - Add blancco-preferences.xml: pre-configured with network share for reports - Update playbook: build initramfs, deploy Ubuntu kernel/modules, config - Update prepare-boot-tools.sh: add HTTP modules to GRUB EFI build - Add UEFI HTTP Boot support to dnsmasq config - iPXE menu chains to grubx64.efi (replaces sanboot of ISO) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-18 11:20:00 -05:00
parent 15983854ed
commit dd2fec5a41
4 changed files with 626 additions and 18 deletions
--- a/playbook/pxe_server_setup.yml
+++ b/playbook/pxe_server_setup.yml
@@ -136,7 +136,13 @@
          dhcp-option=6,8.8.8.8
          enable-tftp
          tftp-root={{ tftp_dir }}
+          # HTTP Boot clients (UEFI) identify with vendor class "HTTPClient"
+          dhcp-vendorclass=set:httpboot,HTTPClient
+          dhcp-option-force=tag:httpboot,60,"HTTPClient"
+          dhcp-option-force=tag:httpboot,66,""
+          dhcp-boot=tag:httpboot,http://10.9.100.1/blancco/grubx64.efi
          dhcp-boot=ipxe.efi
+          log-dhcp

    - name: "Create TFTP directory"
      file:
@@ -445,24 +451,86 @@
        - blancco
        - memtest

-    - name: "Create TFTP blancco directory for GRUB boot"
-      file:
-        path: "{{ tftp_dir }}/blancco"
-        state: directory
-        mode: '0755'
+    # --- Blancco PXE boot via Ubuntu kernel + switch_root ---
+    # Blancco's own kernel freezes on Dell Precision towers. Workaround:
+    # Boot Ubuntu kernel, download Blancco rootfs, overlay mount, switch_root.

-    - name: "Symlink Blancco boot files to TFTP (GRUB loads via TFTP)"
-      file:
-        src: "{{ web_root }}/blancco/{{ item }}"
-        dest: "{{ tftp_dir }}/blancco/{{ item }}"
-        state: link
-        force: yes
-      loop:
-        - vmlinuz-bde-linux
-        - intel-ucode.img
-        - amd-ucode.img
-        - config.img
-        - initramfs-bde-linux.img
+    - name: "Build Blancco PXE initramfs"
+      shell: |
+        set -e
+        WORK=$(mktemp -d)
+        mkdir -p "$WORK"/{bin,lib/modules,lib64,sbin,usr/share/udhcpc}
+
+        # Busybox (static)
+        cp /bin/busybox "$WORK/bin/" 2>/dev/null || apt-get install -y busybox-static >/dev/null && cp /bin/busybox "$WORK/bin/"
+        for cmd in sh awk cat chmod echo grep gunzip ifconfig ip ln losetup ls mkdir mknod mount reboot route sed sleep switch_root tar udhcpc umount wget cpio; do
+            ln -sf busybox "$WORK/bin/$cmd"
+        done
+
+        # NIC drivers (common server NICs)
+        KVER=$(uname -r)
+        KMOD="/lib/modules/$KVER/kernel/drivers/net/ethernet"
+        for drv in intel/e1000e/e1000e.ko.zst intel/igb/igb.ko.zst broadcom/tg3.ko.zst broadcom/bnx2.ko.zst broadcom/bnxt/bnxt_en.ko.zst broadcom/b44.ko.zst; do
+            if [ -f "$KMOD/$drv" ]; then
+                zstd -d "$KMOD/$drv" -o "$WORK/lib/modules/$(basename ${drv%.zst})" 2>/dev/null
+            fi
+        done
+
+        # Overlay module
+        OVMOD="/lib/modules/$KVER/kernel/fs/overlayfs/overlay.ko.zst"
+        if [ -f "$OVMOD" ]; then
+            zstd -d "$OVMOD" -o "$WORK/lib/modules/overlay.ko" 2>/dev/null
+        fi
+
+        # Init script
+        cp "{{ usb_root }}/playbook/blancco-init.sh" "$WORK/init"
+        chmod +x "$WORK/init"
+
+        # Build CPIO
+        cd "$WORK"
+        find . | cpio -o -H newc 2>/dev/null | gzip > "{{ web_root }}/blancco/kexec-initrd.img"
+        rm -rf "$WORK"
+        echo "Built kexec-initrd.img: $(stat -c %s '{{ web_root }}/blancco/kexec-initrd.img') bytes"
+      args:
+        creates: "{{ web_root }}/blancco/kexec-initrd.img"
+
+    - name: "Copy Ubuntu kernel for Blancco PXE boot"
+      copy:
+        src: "/boot/vmlinuz-{{ ansible_kernel }}"
+        dest: "{{ web_root }}/blancco/vmlinuz-ubuntu"
+        remote_src: yes
+        mode: '0644'
+
+    - name: "Build Ubuntu kernel modules tarball for Blancco"
+      shell: |
+        set -e
+        KVER=$(uname -r)
+        tar czf "{{ web_root }}/blancco/kmod.tar.gz" -C / "lib/modules/$KVER"
+        echo "Built kmod.tar.gz: $(du -h '{{ web_root }}/blancco/kmod.tar.gz' | cut -f1)"
+      args:
+        creates: "{{ web_root }}/blancco/kmod.tar.gz"
+
+    - name: "Deploy Blancco config and preferences (null-stripped)"
+      shell: |
+        # Strip null bytes from config.img files and deploy
+        if [ -f "{{ web_root }}/blancco/config.img" ]; then
+            WORK=$(mktemp -d)
+            cd "$WORK"
+            cpio -id < "{{ web_root }}/blancco/config.img" 2>/dev/null
+            tr -d '\000' < config.xml > "{{ web_root }}/blancco/config-clean.xml"
+            rm -rf "$WORK"
+        fi
+        # Deploy preferences from playbook (pre-configured with network share)
+        cp "{{ usb_root }}/playbook/blancco-preferences.xml" "{{ web_root }}/blancco/preferences.xml"
+      args:
+        creates: "{{ web_root }}/blancco/config-clean.xml"
+
+    - name: "Create Samba user for Blancco reports"
+      shell: |
+        id blancco 2>/dev/null || useradd -r -s /usr/sbin/nologin blancco
+        echo -e "blancco\nblancco" | smbpasswd -a -s blancco 2>/dev/null
+      args:
+        creates: /etc/samba/smbpasswd

    - name: "Check for WinPE deployment content on USB"
      stat: