ge-aerospace/pxe-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0292bc01ad3b10af6f92fd3de716ae26e83ff8ea
pxe-server/docs/SITE-CUSTOMIZATION.md
cproudlock adef507084 Add ARCHITECTURE.md, SITE-CUSTOMIZATION.md, mirror-from-gold.sh 
Two new docs cover what the system is (boot chain, services, shares,
enrollment layout, data flow) and what to change per site (every
hardcoded value, where it lives, secrets handling).

scripts/mirror-from-gold.sh replicates content from an existing PXE
server (Operating Systems, drivers, packages, custom installers, BIOS,
PCDMIS, Blancco custom image, site-config) onto a freshly-installed PXE
server. Translates the legacy flat enrollment layout on the source into
the reorganized taxonomy (ppkgs/, pre-install/installers/, installers-
post/cmm/, blancco/, config/) on the destination. Tolerates rsync
exit 23 (permission-denied subdirs like the OpenText W10shortcuts dir
that is pxe-upload-group-only on legacy servers).
2026-04-14 17:56:46 -04:00

8.2 KiB
Raw Blame History

Site Customization

The PXE server in this repo was built for the GE Aerospace West Jefferson site. To stand it up at another site, several values need to change. This document lists every site-specific value, where it lives today, and the recommended forward state.

Status

The repo has not yet been parameterized. As of 2026-04-14 the site-specific values below are hardcoded in multiple files. The config/ directory at the repo root is a placeholder for the future state where one YAML file drives substitution at build time. Until that exists, customizing for a new site means editing the source files directly.

If you are bringing up the first non-WJ site, expect to do this manually and contribute a config/sites/<sitename>.yaml template back to the repo.

Values to change

Network

Value Default Where it lives
PXE server IP 10.9.100.1 playbook/pxe_server_setup.yml (dnsmasq config, iPXE script, samba conf, webapp env), playbook/startnet.cmd (mount paths), boot-tools/blancco/grub-blancco.cfg (TFTP/HTTP URLs)
PXE subnet 10.9.100.0/24 Same as above, plus playbook/pxe_server_setup.yml (UFW rules)
DHCP range 10.9.100.10-100 playbook/pxe_server_setup.yml (dnsmasq config)
Hostname pxeserver autoinstall/user-data (identity.hostname)

Identity and credentials

Value Default Where it lives
Linux user pxe / pxe autoinstall/user-data (identity.username, password hash)
Samba upload user pxe-upload / pxe playbook/pxe_server_setup.yml (Samba user creation)
Samba blancco user blancco / blancco playbook/pxe_server_setup.yml
Sudo password pxe autoinstall password hash; also referenced in scripts that ssh + sudo

WiFi and BMC (Blancco licensing)

The Blancco custom config.img carries WiFi credentials and BMC cloud credentials in plaintext. These are GE-Aerospace specific.

Value Default Where it lives
WiFi SSID INTERNETACCESS boot-tools/blancco/config.img (inside the cpio archive: preferences.xml)
WiFi password Acc3ssGr@nted22 Same
BMC endpoint classic.eu-west-1.blancco.cloud:443 Same; encrypted credentials inside config.img

To rebuild config.img for a different site, see BLANCCO.md ("Rebuilding config.img").

Image types

The repo defines seven image types (see playbook/pxe_server_setup.yml, image_types). Most sites likely only need a subset. The current set:

  • gea-standard
  • gea-engineer
  • gea-shopfloor
  • ge-standard
  • ge-engineer
  • ge-shopfloor-lockdown
  • ge-shopfloor-mce

Trim or extend this list and the matching shopfloor_types filter as needed.

PC types (shopfloor sub-types)

playbook/shopfloor-setup/ contains per-PC-type install logic. The current types reflect WJ shopfloor needs:

  • CMM (PC-DMIS)
  • WaxAndTrace
  • Keyence
  • Genspect
  • Display (Lobby and Dashboard variants)
  • Standard (Timeclock and Machine variants)
  • Lab

A site without CMMs can drop the CMM type and its installers entirely.

GCCH bulk-enrollment PPKGs

PPKG filenames are baked into playbook/startnet.cmd and startnet-template.cmd. They are tied to the GE Aerospace tenant. Other sites/tenants will have their own PPKGs with different filenames.

PPKG enrollment menu choice Default filename
1 NoOffice GCCH_Prod_SFLD_NoOffice_US_Exp_20260430_v4.10.ppkg
2 StdOffice x86 GCCH_Prod_SFLD_StdOffice-x86_US_Exp_20260430_v4.10.ppkg
3 StdOffice x64 GCCH_Prod_SFLD_StdOffice-x64_US_Exp_20260430_v4.10.ppkg
4 ProPlusOffice x86 GCCH_Prod_SFLD_ProPlusOffice-x86_US_Exp_20260430_v4.10.ppkg
5 ProPlusOffice x64 GCCH_Prod_SFLD_ProPlusOffice-x64_US_Exp_20260430_v4.10.ppkg

When you bump PPKG versions, update the filenames in startnet.cmd, drop the new PPKGs in enrollment/ on the workstation, and rebuild the USB.

Site-specific shopfloor config

playbook/shopfloor-setup/site-config.json has site-specific values like default machine number ranges, share paths for software, and more. Inspect that file for site name strings, share UNC paths, and machine number ranges.

Branding

The Flask webapp uses GE Aerospace branding:

  • Logo: webapp/static/ge-aerospace-logo.svg
  • Favicon: webapp/static/favicon.ico
  • Page titles and templates reference "GE Aerospace" in webapp/templates/*.html
  • iPXE menu title: "GE Aerospace PXE Boot Menu" in playbook/pxe_server_setup.yml

Drivers (Dell)

Driver content is hardware-specific, not strictly site-specific, but the set of driver families to bundle changes by what hardware the site deploys:

  • Dell_11/Pro and Dell_11/ProMax: Dell Pro Micro PCs (most common shopfloor)
  • Dell_11/Optiplex: traditional desktops
  • Dell_11/Precision: workstations
  • Dell_11/Latitude: laptops (large, often excluded if site has none)

The scripts/download-drivers.py and scripts/Download-Drivers.ps1 scripts populate drivers-staging/ from upstream sources. Edit these to target the relevant hardware lists.

BIOS update manifest

playbook/shopfloor-setup/BIOS/models.txt maps Dell model strings to the BIOS .exe to flash. Update this whenever new hardware arrives or Dell publishes a new firmware release for a model already in the fleet.

Intune DSC categories

The post-enrollment Intune DSC delivery (per intune-dsc.md memory) pulls per-category YAML from Azure Blob:

  • main
  • cmm
  • displaypcs
  • waxtrace

Different sites/tenants will need their own categories and their own Azure Blob storage account.

Image-upload paths on Windows

scripts/Upload-Image.ps1 defaults to:

  • \\10.9.100.1\image-upload as the destination
  • C:\ProgramData\GEAerospace\MediaCreator\Cache\ as the source

Update both for a different site.

Recommended forward state

A site config file should drive substitution at build time. Proposed schema:

# config/sites/<sitename>.yaml
site:
  name: westjeff
  pxe_server_ip: 10.9.100.1
  pxe_subnet: 10.9.100.0/24
  dhcp_range_start: 10.9.100.10
  dhcp_range_end: 10.9.100.100
  hostname: pxeserver

credentials:
  pxe_user: pxe
  pxe_password: pxe
  pxe_upload_password: pxe
  blancco_password: blancco

blancco:
  wifi_ssid: INTERNETACCESS
  wifi_password: Acc3ssGr@nted22
  bmc_endpoint: classic.eu-west-1.blancco.cloud:443

ppkg_versions:
  current: v4.10
  expiry: 20260430

intune_dsc_categories: [main, cmm, displaypcs, waxtrace]

image_types: [gea-standard, gea-engineer, gea-shopfloor]
shopfloor_types: [gea-shopfloor]

scripts/build-usb.sh and the playbook would consume this and substitute into the templated config files. Implementing this is a separate piece of work; until then, edit source files directly.

Secrets handling

Some values above are sensitive (WiFi passwords, BMC credentials, Samba passwords). Today these sit in plain text in the repo. For a multi-site deployment, treat them as per-site secrets:

  • Keep config/sites/<sitename>.secrets.yaml out of git (gitignore).
  • Distribute via secure channel (1Password, Vault, etc.) when standing up a new site.
  • The eMxInfo.txt precedent (see feedback_emxinfo_secret.md) is a good template: never commit, document where the canonical copy lives.
Reference in New Issue View Git Blame Copy Permalink