# PXE Server Setup Guide

Automated build process for deploying an Ubuntu-based PXE boot server that hosts GE Aerospace Windows PE images. The entire setup is air-gapped — no internet required on the target machine.

## Architecture

```
Client PXE boot
  -> Broadcom signed iPXE (Secure Boot)
  -> wimboot (HTTP from Apache)
  -> WinPE (boot.wim)
  -> startnet.cmd maps Samba shares
  -> GE Aerospace image deployment
```

### Services on the PXE Server

| Service  | Port     | Purpose                              |
|----------|----------|--------------------------------------|
| dnsmasq  | 67/udp   | DHCP (10.9.100.10–100)               |
| dnsmasq  | 69/udp   | TFTP (serves ipxe.efi)               |
| Apache   | 80/tcp   | HTTP (wimboot, WinPE boot files)     |
| Apache   | 4433/tcp | iPXE boot script (GetPxeScript.aspx) |
| Samba    | 445/tcp  | Deployment content shares            |

## Prerequisites

### Hardware
- Server or PC with >= 8 GB RAM, >= 250 GB disk, one wired NIC
- USB thumb drive >= 8 GB (32+ GB if bundling WinPE images)

### Software (on your workstation)
- Ubuntu Server 24.04 ISO — https://ubuntu.com/download/server
- Docker (for downloading offline packages)
- GE Aerospace Media Creator LITE (for caching WinPE images)

### GE Access Packages
- EPM Rufus Exception Request
- EPM DT Functions
- DLP - Encrypted Removable (USB) Long Term Access

## Setup Process

### Step 1: Download Offline Packages (one-time, requires internet + Docker)

```bash
./download-packages.sh
```

This runs an Ubuntu 24.04 Docker container to download all .deb packages (ansible, dnsmasq, apache2, samba, etc.) into `offline-packages/`. ~102 MB total.

### Step 2: Build the USB

```bash
# Basic — server only (import WinPE images later)
sudo ./build-usb.sh /dev/sdX /path/to/ubuntu-24.04-live-server-amd64.iso

# With WinPE images bundled (single USB, larger drive needed)
sudo ./build-usb.sh /dev/sdX /path/to/ubuntu-24.04.iso /path/to/winpe-images
```

This creates a bootable USB with:
- Partition 1: Ubuntu Server installer
- Partition 2: CIDATA (autoinstall config, offline .debs, Ansible playbook, optional WinPE images)

### Step 3: Boot the Target Machine

1. Insert the USB into the target machine
2. Press F12 (or vendor boot key) and select the USB
3. Ubuntu auto-installs — no interaction needed
4. After reboot, the first-boot script installs all .deb packages and runs the Ansible playbook
5. PXE services (dnsmasq, Apache, Samba) are configured automatically

### Step 4: Connect to Isolated Network

Move the server's wired NIC to the isolated switch for PXE clients.

### Step 5: Import WinPE Content (if not bundled in Step 2)

Insert the Media Creator LITE USB and copy content to the Samba share:

```bash
sudo mkdir -p /mnt/usb2
sudo mount /dev/sdb2 /mnt/usb2
sudo cp -r /mnt/usb2/. /srv/samba/winpeapps/standard
sudo umount /mnt/usb2
```

## Verification

1. Connect a test workstation to the isolated switch
2. Set Network Boot (PXE) as first boot in BIOS/UEFI
3. Boot — the client should pull an IP from 10.9.100.x
4. iPXE loads, fetches the boot script from port 4433
5. WinPE boots via wimboot + boot.wim over HTTP
6. WinPE maps Samba shares and begins image deployment

## Project Structure

```
pxe-server/
├── autoinstall/
│   ├── user-data            # Cloud-init autoinstall (Ubuntu config, first-boot script)
│   └── meta-data            # Cloud-init metadata (empty, required)
├── playbook/
│   ├── pxe_server_setup.yml # Ansible: dnsmasq, Apache, Samba, iPXE, firewall, netplan
│   └── inventory.ini        # Ansible inventory
├── unattend/
│   └── FlatUnattendW10.xml  # Windows unattend.xml sample
├── offline-packages/        # .deb files (gitignored, built by download-packages.sh)
├── build-usb.sh             # Builds the installer USB
├── download-packages.sh     # Downloads offline .debs via Docker
└── setup-guide-original.txt # Original manual setup doc (reference)
```

## Image Types

| Image Type    | Domain          | Description        |
|---------------|-----------------|---------------------|
| gea-standard  | geaerospace.com | Standard desktop    |
| gea-engineer  | geaerospace.com | Engineering desktop |
| gea-shopfloor | geaerospace.com | Shop floor kiosk    |
| ge-standard   | ge.com          | Standard desktop    |
| ge-engineer   | ge.com          | Engineering desktop |
| ge-shopfloor  | ge.com          | Shop floor kiosk    |

## Network Configuration

- PXE server static IP: `10.9.100.1/24`
- DHCP range: `10.9.100.10` - `10.9.100.100`
- Lease time: 12 hours
- DNS: `8.8.8.8` (passed to clients, not used by server)