Single-site bay-stuck issue at WJ: GE Intune Report IP script filters
Get-NetIPAddress on StartsWith("10.") and posts everything matching
to the GE Tines webhook. Bays at WJ get the PXE LAN 10.9.100.x IP
captured and reported -> GE backend tags bays as on a non-corp 10.x
subnet -> dynamic group eligibility for SFLD policy never matches.
Other GE sites work because their PXE LANs aren't on 10.x at all.
Renumber PXE LAN to RFC1918 172.16.9.0/24 so the GE filter naturally
skips wired PXE addresses without any disable-NIC dance.
Server-side already in flight (netplan dual-bound, dnsmasq scope +
boot URL repointed, blancco preferences + grub.cfg + iPXE GetPxeScript
all sed'd to 172.16.9.1). This commit is the playbook / scripts /
docs side: 109 hits across 35 files sed'd in one shot.
After this lands + boot.wim is rebuilt + bays renumber off DHCP,
the 10.9.100.1 binding will be dropped from netplan as the final
cleanup step.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- autoinstall/user-data: move lvextend/growpart/pvresize BEFORE playbook
so 130GB of drivers+PPKGs fits during first-boot copy. Use
tr -d "[:space:]" to avoid breaking outer bash -c single-quote wrap.
- playbook: add executable: /bin/bash to Dell driver deploy (process
substitution) and Blancco initramfs builder (brace expansion).
- playbook: make "Ensure Samba user for Blancco reports" idempotent via
pdbedit check so re-runs don't abort the play.
- download-packages.sh: also download dist-upgrade package set. Explicit
--simulate misses transitive version bumps (e.g. gnupg 17.4 needs
matching gpgv 17.4) causing offline dpkg "dependency problems" when
ISO baseline is older than noble-updates.
- Monitor-IntuneProgress: Display PCs skip DSC phases entirely (no SAS
token, no DSCInstall.log), complete after Phase 1 identity. Renderer
hides Phase 2-5 for Display type.
- Playbook: deploy PPKG files and run-enrollment.ps1 from USB to
enrollment share. Bump dnsmasq restart cron from 15s to 30s.
- build-usb.sh: copy enrollment/ directory (PPKGs) onto USB if present.
- user-data: add dpkg --configure -a after offline .deb install to fix
packages left in unconfigured state (cron, systemd-timesyncd).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add /user:pxe-upload pxe credentials to all net use commands (share requires auth)
- Replace timeout with ping delays (timeout.exe not available in WinPE)
- Restore size: largest disk match in autoinstall (root cause was BIOS RST mode)
- Simplify autoinstall late-commands structure
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Autoinstall user-data now disables cloud-init in multiple stages
(late-commands + runcmd + systemd masks) to prevent post-install
hangs. Also disables networkd-wait-online for air-gapped networks.
build-usb.sh switched from in-place ISO patching to full extract
and rebuild with xorriso mkisofs for reliable UEFI boot.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- build-usb.sh now patches the ISO's grub.cfg with xorriso to add
'autoinstall' kernel param (skips confirmation prompt) and reduces
GRUB timeout from 30s to 5s
- Disable and remove cloud-init on the installed system to prevent
boot delays on air-gapped network
- Fix ISO size calculation to use patched ISO for CIDATA partition offset
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds interactive-sections: [] to avoid the "Continue with autoinstall?" prompt,
and disables cloud-init on the installed system to prevent boot delays.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix pip/distutils incompatibility: install Python wheels directly via
zipfile extraction instead of broken pip3 from Ubuntu 22.04 .debs
(pip3 crashes on Python 3.12 with ModuleNotFoundError: distutils)
- Fix UFW port types: quote loop items so string comparison works
correctly, giving ports 67/69 UDP rules instead of TCP
- Fix autoinstall crash: set refresh-installer to no (can't reach
internet on air-gapped network, was crashing subiquity)
- Remove python3-pip and python3-venv from download-packages.sh
(no longer needed with direct wheel extraction)
- Add ignore_errors to WinPE/iPXE copy tasks (files only present
on real USB media, not test VM)
- Use system python3 instead of venv for webapp service
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add comprehensive README.md with full project documentation
- Update SETUP.md to reflect current state (7 image types, webapp, boot tools, Samba shares)
- Enable SSH in autoinstall user-data for remote access
- Fix ansible_default_ipv4.interface error when no default gateway exists
- Fix Windows CRLF line endings on all shell scripts and YAML files
- Fix test-vm.sh: use --install kernel extraction instead of --location, don't delete source ISO on --destroy
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Reorganized from OneDrive export into a clean project structure:
- autoinstall/: cloud-init user-data and meta-data for Ubuntu 24.04 autoinstall
- playbook/: Ansible playbook for PXE server config (dnsmasq, Apache, Samba, iPXE)
- unattend/: Windows unattend.xml sample for image deployment
- build-usb.sh: builds a bootable USB with Ubuntu installer + CIDATA partition
- download-packages.sh: downloads all offline .deb dependencies via Docker
Key improvements over original:
- Fully air-gapped: all packages bundled offline, no WiFi needed
- Hardware-agnostic network config (wildcard NIC matching)
- Removed plaintext WiFi credentials
- Single USB build process (was 15+ manual steps)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
