pxe-server/SETUP.md

PXE Server Setup Guide

Automated build process for deploying an Ubuntu-based PXE boot server that hosts GE Aerospace Windows PE images. The entire setup is air-gapped — no internet required on the target machine.

Architecture

Client PXE boot
  -> Broadcom signed iPXE (Secure Boot)
  -> wimboot (HTTP from Apache)
  -> WinPE (boot.wim)
  -> startnet.cmd maps Samba shares
  -> GE Aerospace image deployment

Services on the PXE Server

Service	Port	Purpose
dnsmasq	67/udp	DHCP (10.9.100.10–100)
dnsmasq	69/udp	TFTP (serves ipxe.efi)
Apache	80/tcp	HTTP (wimboot, WinPE boot files)
Apache	4433/tcp	iPXE boot script (GetPxeScript.aspx)
Samba	445/tcp	Deployment content shares

Prerequisites

Hardware

• Server or PC with >= 8 GB RAM, >= 250 GB disk, one wired NIC
• USB thumb drive >= 8 GB (32+ GB if bundling WinPE images)

Software (on your workstation)

• Ubuntu Server 24.04 ISO — https://ubuntu.com/download/server
• Docker (for downloading offline packages)
• GE Aerospace Media Creator LITE (for caching WinPE images)

GE Access Packages

• EPM Rufus Exception Request
• EPM DT Functions
• DLP - Encrypted Removable (USB) Long Term Access

Setup Process

Step 1: Download Offline Packages (one-time, requires internet + Docker)

./download-packages.sh

This runs an Ubuntu 24.04 Docker container to download all .deb packages (ansible, dnsmasq, apache2, samba, etc.) into offline-packages/. ~102 MB total.

Step 2: Build the USB

# Basic — server only (import WinPE images later)
sudo ./build-usb.sh /dev/sdX /path/to/ubuntu-24.04-live-server-amd64.iso

# With WinPE images bundled (single USB, larger drive needed)
sudo ./build-usb.sh /dev/sdX /path/to/ubuntu-24.04.iso /path/to/winpe-images

This creates a bootable USB with:

• Partition 1: Ubuntu Server installer
• Partition 2: CIDATA (autoinstall config, offline .debs, Ansible playbook, optional WinPE images)

Step 3: Boot the Target Machine

1. Insert the USB into the target machine
2. Press F12 (or vendor boot key) and select the USB
3. Ubuntu auto-installs — no interaction needed
4. After reboot, the first-boot script installs all .deb packages and runs the Ansible playbook
5. PXE services (dnsmasq, Apache, Samba) are configured automatically

Step 4: Connect to Isolated Network

Move the server's wired NIC to the isolated switch for PXE clients.

Step 5: Import WinPE Content (if not bundled in Step 2)

Insert the Media Creator LITE USB and copy content to the Samba share:

sudo mkdir -p /mnt/usb2
sudo mount /dev/sdb2 /mnt/usb2
sudo cp -r /mnt/usb2/. /srv/samba/winpeapps/standard
sudo umount /mnt/usb2

Verification

1. Connect a test workstation to the isolated switch
2. Set Network Boot (PXE) as first boot in BIOS/UEFI
3. Boot — the client should pull an IP from 10.9.100.x
4. iPXE loads, fetches the boot script from port 4433
5. WinPE boots via wimboot + boot.wim over HTTP
6. WinPE maps Samba shares and begins image deployment

Project Structure

pxe-server/
├── autoinstall/
│   ├── user-data            # Cloud-init autoinstall (Ubuntu config, first-boot script)
│   └── meta-data            # Cloud-init metadata (empty, required)
├── playbook/
│   ├── pxe_server_setup.yml # Ansible: dnsmasq, Apache, Samba, iPXE, firewall, netplan
│   └── inventory.ini        # Ansible inventory
├── unattend/
│   └── FlatUnattendW10.xml  # Windows unattend.xml sample
├── offline-packages/        # .deb files (gitignored, built by download-packages.sh)
├── build-usb.sh             # Builds the installer USB
├── download-packages.sh     # Downloads offline .debs via Docker
└── setup-guide-original.txt # Original manual setup doc (reference)

Image Types

Image Type	Domain
geastandardpbr	geaerospace.com
geaengineerpbr	geaerospace.com
geashopfloorpbr	geaerospace.com
gestandardlegacy	ge.com
geengineerlegacy	ge.com
geshopfloorlegacy	ge.com

Network Configuration

• PXE server static IP: 10.9.100.1/24
• DHCP range: 10.9.100.10 - 10.9.100.100
• Lease time: 12 hours
• DNS: 8.8.8.8 (passed to clients, not used by server)