ge-aerospace/pxe-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e7313c2ca307bafa2947956f37f40aa4a12fe481
pxe-server/SETUP.md
cproudlock e7313c2ca3 Add multi-boot PXE menu, Clonezilla backup management, and GE Aerospace branding 
- iPXE boot menu with WinPE, Clonezilla, Blancco Drive Eraser, Memtest86+
- prepare-boot-tools.sh to download/extract boot tool binaries
- Clonezilla backup management in webapp (upload, download, delete)
- Clonezilla Samba share for network backup/restore
- GE Aerospace logo and favicon in webapp
- Updated playbook with boot tool directories and webapp env vars

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-06 16:20:50 -05:00

133 lines
4.7 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# PXE Server Setup Guide
Automated build process for deploying an Ubuntu-based PXE boot server that hosts GE Aerospace Windows PE images. The entire setup is air-gapped — no internet required on the target machine.
## Architecture
```
Client PXE boot
-> Broadcom signed iPXE (Secure Boot)
-> wimboot (HTTP from Apache)
-> WinPE (boot.wim)
-> startnet.cmd maps Samba shares
-> GE Aerospace image deployment
```
### Services on the PXE Server
| Service | Port | Purpose |
|----------|----------|--------------------------------------|
| dnsmasq | 67/udp | DHCP (10.9.100.10100) |
| dnsmasq | 69/udp | TFTP (serves ipxe.efi) |
| Apache | 80/tcp | HTTP (wimboot, WinPE boot files) |
| Apache | 4433/tcp | iPXE boot script (GetPxeScript.aspx) |
| Samba | 445/tcp | Deployment content shares |
## Prerequisites
### Hardware
- Server or PC with >= 8 GB RAM, >= 250 GB disk, one wired NIC
- USB thumb drive >= 8 GB (32+ GB if bundling WinPE images)
### Software (on your workstation)
- Ubuntu Server 24.04 ISO — https://ubuntu.com/download/server
- Docker (for downloading offline packages)
- GE Aerospace Media Creator LITE (for caching WinPE images)
### GE Access Packages
- EPM Rufus Exception Request
- EPM DT Functions
- DLP - Encrypted Removable (USB) Long Term Access
## Setup Process
### Step 1: Download Offline Packages (one-time, requires internet + Docker)
```bash
./download-packages.sh
```
This runs an Ubuntu 24.04 Docker container to download all .deb packages (ansible, dnsmasq, apache2, samba, etc.) into `offline-packages/`. ~102 MB total.
### Step 2: Build the USB
```bash
# Basic — server only (import WinPE images later)
sudo ./build-usb.sh /dev/sdX /path/to/ubuntu-24.04-live-server-amd64.iso
# With WinPE images bundled (single USB, larger drive needed)
sudo ./build-usb.sh /dev/sdX /path/to/ubuntu-24.04.iso /path/to/winpe-images
```
This creates a bootable USB with:
- Partition 1: Ubuntu Server installer
- Partition 2: CIDATA (autoinstall config, offline .debs, Ansible playbook, optional WinPE images)
### Step 3: Boot the Target Machine
1. Insert the USB into the target machine
2. Press F12 (or vendor boot key) and select the USB
3. Ubuntu auto-installs — no interaction needed
4. After reboot, the first-boot script installs all .deb packages and runs the Ansible playbook
5. PXE services (dnsmasq, Apache, Samba) are configured automatically
### Step 4: Connect to Isolated Network
Move the server's wired NIC to the isolated switch for PXE clients.
### Step 5: Import WinPE Content (if not bundled in Step 2)
Insert the Media Creator LITE USB and copy content to the Samba share:
```bash
sudo mkdir -p /mnt/usb2
sudo mount /dev/sdb2 /mnt/usb2
sudo cp -r /mnt/usb2/. /srv/samba/winpeapps/standard
sudo umount /mnt/usb2
```
## Verification
1. Connect a test workstation to the isolated switch
2. Set Network Boot (PXE) as first boot in BIOS/UEFI
3. Boot — the client should pull an IP from 10.9.100.x
4. iPXE loads, fetches the boot script from port 4433
5. WinPE boots via wimboot + boot.wim over HTTP
6. WinPE maps Samba shares and begins image deployment
## Project Structure
```
pxe-server/
├── autoinstall/
│ ├── user-data # Cloud-init autoinstall (Ubuntu config, first-boot script)
│ └── meta-data # Cloud-init metadata (empty, required)
├── playbook/
│ ├── pxe_server_setup.yml # Ansible: dnsmasq, Apache, Samba, iPXE, firewall, netplan
│ └── inventory.ini # Ansible inventory
├── unattend/
│ └── FlatUnattendW10.xml # Windows unattend.xml sample
├── offline-packages/ # .deb files (gitignored, built by download-packages.sh)
├── build-usb.sh # Builds the installer USB
├── download-packages.sh # Downloads offline .debs via Docker
└── setup-guide-original.txt # Original manual setup doc (reference)
```
## Image Types
| Image Type | Domain | Description |
|---------------|-----------------|---------------------|
| gea-standard | geaerospace.com | Standard desktop |
| gea-engineer | geaerospace.com | Engineering desktop |
| gea-shopfloor | geaerospace.com | Shop floor kiosk |
| ge-standard | ge.com | Standard desktop |
| ge-engineer | ge.com | Engineering desktop |
| ge-shopfloor | ge.com | Shop floor kiosk |
## Network Configuration
- PXE server static IP: `10.9.100.1/24`
- DHCP range: `10.9.100.10` - `10.9.100.100`
- Lease time: 12 hours
- DNS: `8.8.8.8` (passed to clients, not used by server)
Reference in New Issue View Git Blame Copy Permalink