pxe-server

ge-aerospace/pxe-server

Fork 0

Commit Graph

Author	SHA1	Message	Date
cproudlock	69a1682a7f	webapp: imaging UX overhaul + image management CRUD Imaging dashboard - services/imaging_log_tail.py: parses dnsmasq leases, Apache access log, Samba per-host log files, and dnsmasq syslog (DHCP/TFTP). Synthesizes inferred sessions keyed by MAC for bays that have only touched the boot chain but not yet pushed to /imaging/status. Active window 90 min. - imaging_status.list_sessions() merges inferred sessions into the dashboard list. Real client-pushed sessions win for the same MAC. - imaging_status: stage_history field tracks every stage transition (capped 30); sidecar .log file per serial records every log_lines push uncapped (read_full_log() caps detail-page response to 1 MB). - delete_session/delete_all_sessions clean up sidecar .log too. - New SSE endpoint /imaging/stream emits a session-list hash every 5s. Client fetches /imaging/tiles (HTML partial) on hash change and swaps #imaging-tiles innerHTML. Polling fallback at 15s if SSE drops. - Tile-swap preserves scroll, filter input, expanded state via localStorage, and any LAPS input the operator is mid-pasting (swap skipped when a laps-input is focused). - imaging.html: removed 15s location.reload(). Added live-status dot in header (gray idle / green SSE connected / red SSE lost). - _imaging_tiles.html: shared partial used by both /imaging full render and /imaging/tiles SSE refresh. Inferred bays render with yellow border + log-inferred badge + no progress bar (stage_index inference is coarse). - imaging_detail.html (new): per-bay forensics page at /imaging/session/ <serial>. Session metadata grid, stage timeline table, full sidecar log with truncation indicator, Copy-support-summary button. Linked from each client-pushed tile. - qr-render.js exposes window.renderAllQRs() so the SSE swap can re-render Intune device-ID QRs in the swapped-in tiles. Image management - services/image_registry.py: JSON registry of image types at {SAMBA_SHARE}/image-registry.json. Bootstraps from baked-in config.IMAGE_TYPES on first run. create/clone/delete/rename_friendly mutate the file then call reload() which rewrites config.IMAGE_TYPES + config.FRIENDLY_NAMES in place. Sidebar reflects on next request. - app.py routes: /images/new, /images/<t>/clone, /images/<t>/delete (with optional content-wipe checkbox), /images/<t>/rename. - dashboard.html: + New image type button + Clone/Delete per row, all in Bootstrap modals with confirmation copy. - Clone copies Deploy/ tree but preserves symlinks to shared dirs (Out-of- box Drivers, Operating Systems, Packages) so disk usage stays low. - Delete with content checked unlinks symlinks (does not follow into shared dirs). Driver / package upload + orphan adoption - services/images.py: upload_driver, adopt_orphan, remove_orphans, upload_package. Filename sanitization blocks path traversal. - app.py routes: /images/<t>/drivers/upload, /images/<t>/drivers/adopt, /images/<t>/drivers/orphans/delete, /images/<t>/packages/upload. - image_config.html: Upload .zip button + modal on Drivers section. Orphan drivers card-footer rebuilt as interactive list with per-row Adopt inline form (family + destinationDir inputs) and bulk select+delete. - Upload .zip on Packages section with optional destinationDir field that appends a packages.json entry. Configuration - config.py: new env vars DNSMASQ_LEASES, APACHE_ACCESS_LOG, SAMBA_LOG_DIR, DNSMASQ_SYSLOG for the log-tailer. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-30 13:21:06 -04:00
cproudlock	ce604adcda	Renumber PXE LAN from 10.9.100.0/24 to 172.16.9.0/24 Single-site bay-stuck issue at WJ: GE Intune Report IP script filters Get-NetIPAddress on StartsWith("10.") and posts everything matching to the GE Tines webhook. Bays at WJ get the PXE LAN 10.9.100.x IP captured and reported -> GE backend tags bays as on a non-corp 10.x subnet -> dynamic group eligibility for SFLD policy never matches. Other GE sites work because their PXE LANs aren't on 10.x at all. Renumber PXE LAN to RFC1918 172.16.9.0/24 so the GE filter naturally skips wired PXE addresses without any disable-NIC dance. Server-side already in flight (netplan dual-bound, dnsmasq scope + boot URL repointed, blancco preferences + grub.cfg + iPXE GetPxeScript all sed'd to 172.16.9.1). This commit is the playbook / scripts / docs side: 109 hits across 35 files sed'd in one shot. After this lands + boot.wim is rebuilt + bays renumber off DHCP, the 10.9.100.1 binding will be dropped from netplan as the final cleanup step. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-14 16:30:32 -04:00

Author

SHA1

Message

Date

cproudlock

69a1682a7f

webapp: imaging UX overhaul + image management CRUD

Imaging dashboard
- services/imaging_log_tail.py: parses dnsmasq leases, Apache access log,
  Samba per-host log files, and dnsmasq syslog (DHCP/TFTP). Synthesizes
  inferred sessions keyed by MAC for bays that have only touched the boot
  chain but not yet pushed to /imaging/status. Active window 90 min.
- imaging_status.list_sessions() merges inferred sessions into the dashboard
  list. Real client-pushed sessions win for the same MAC.
- imaging_status: stage_history field tracks every stage transition (capped
  30); sidecar .log file per serial records every log_lines push uncapped
  (read_full_log() caps detail-page response to 1 MB).
- delete_session/delete_all_sessions clean up sidecar .log too.
- New SSE endpoint /imaging/stream emits a session-list hash every 5s.
  Client fetches /imaging/tiles (HTML partial) on hash change and swaps
  #imaging-tiles innerHTML. Polling fallback at 15s if SSE drops.
- Tile-swap preserves scroll, filter input, expanded state via localStorage,
  and any LAPS input the operator is mid-pasting (swap skipped when a
  laps-input is focused).
- imaging.html: removed 15s location.reload(). Added live-status dot in
  header (gray idle / green SSE connected / red SSE lost).
- _imaging_tiles.html: shared partial used by both /imaging full render and
  /imaging/tiles SSE refresh. Inferred bays render with yellow border +
  log-inferred badge + no progress bar (stage_index inference is coarse).
- imaging_detail.html (new): per-bay forensics page at /imaging/session/
  <serial>. Session metadata grid, stage timeline table, full sidecar log
  with truncation indicator, Copy-support-summary button. Linked from each
  client-pushed tile.
- qr-render.js exposes window.renderAllQRs() so the SSE swap can re-render
  Intune device-ID QRs in the swapped-in tiles.

Image management
- services/image_registry.py: JSON registry of image types at
  {SAMBA_SHARE}/image-registry.json. Bootstraps from baked-in
  config.IMAGE_TYPES on first run. create/clone/delete/rename_friendly
  mutate the file then call reload() which rewrites config.IMAGE_TYPES +
  config.FRIENDLY_NAMES in place. Sidebar reflects on next request.
- app.py routes: /images/new, /images/<t>/clone, /images/<t>/delete (with
  optional content-wipe checkbox), /images/<t>/rename.
- dashboard.html: + New image type button + Clone/Delete per row, all in
  Bootstrap modals with confirmation copy.
- Clone copies Deploy/ tree but preserves symlinks to shared dirs (Out-of-
  box Drivers, Operating Systems, Packages) so disk usage stays low.
- Delete with content checked unlinks symlinks (does not follow into shared
  dirs).

Driver / package upload + orphan adoption
- services/images.py: upload_driver, adopt_orphan, remove_orphans,
  upload_package. Filename sanitization blocks path traversal.
- app.py routes: /images/<t>/drivers/upload, /images/<t>/drivers/adopt,
  /images/<t>/drivers/orphans/delete, /images/<t>/packages/upload.
- image_config.html: Upload .zip button + modal on Drivers section. Orphan
  drivers card-footer rebuilt as interactive list with per-row Adopt inline
  form (family + destinationDir inputs) and bulk select+delete.
- Upload .zip on Packages section with optional destinationDir field that
  appends a packages.json entry.

Configuration
- config.py: new env vars DNSMASQ_LEASES, APACHE_ACCESS_LOG, SAMBA_LOG_DIR,
  DNSMASQ_SYSLOG for the log-tailer.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-30 13:21:06 -04:00

cproudlock

ce604adcda

Renumber PXE LAN from 10.9.100.0/24 to 172.16.9.0/24

Single-site bay-stuck issue at WJ: GE Intune Report IP script filters
Get-NetIPAddress on StartsWith("10.") and posts everything matching
to the GE Tines webhook. Bays at WJ get the PXE LAN 10.9.100.x IP
captured and reported -> GE backend tags bays as on a non-corp 10.x
subnet -> dynamic group eligibility for SFLD policy never matches.
Other GE sites work because their PXE LANs aren't on 10.x at all.

Renumber PXE LAN to RFC1918 172.16.9.0/24 so the GE filter naturally
skips wired PXE addresses without any disable-NIC dance.

Server-side already in flight (netplan dual-bound, dnsmasq scope +
boot URL repointed, blancco preferences + grub.cfg + iPXE GetPxeScript
all sed'd to 172.16.9.1). This commit is the playbook / scripts /
docs side: 109 hits across 35 files sed'd in one shot.

After this lands + boot.wim is rebuilt + bays renumber off DHCP,
the 10.9.100.1 binding will be dropped from netplan as the final
cleanup step.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-14 16:30:32 -04:00

2 Commits