Rel v1.1.1

.gitignore

@@ -1,3 +1,4 @@
-debian
-voyage
-netboot
+ansible-venv
+*.retry
+results
+rootfs

README.md

@@ -1,21 +1,123 @@
 pxe-server
 ==========
 
-This repository contains PXE server that should help in installing, testing and
-developing operating systems and firmware for PXE-capable platforms.
+This repository contains PXE server (TFTP+NFS) that should help in installing,
+testing and developing operating systems and firmware for PXE-capable
+platforms.
 
 It was inspired by effort required to test PC Engines apu2 platform.
 
+We use PXE server without DHCP, what may cause problems to BSD systems and is
+subject of our further work on this project.
 
 Usage
 -----
 
+# pxe-server deployment
+
+## Ansible setup
+
+```
+virtualenv ansible-venv
+source ansible-venv/bin/activate
+pip install ansible
+ansible-galaxy install angstwad.docker_ubuntu
+ansible-galaxy install debops.apt_preferences
+ssh-keygen -f ~/.ssh/ansible
+ssh-add ~/.ssh/ansible
+ssh-copy-id -i ~/.ssh/ansible <user>@<target_host>
+```
+
+## Initial deployment
+
+### Rootfs components creation
+
 ```
-git clone https://github.com/3mdeb/pxe-server.git
-cd pxe-server
-NFS_SRV_IP=<host-pc-ip> ./init.sh
+docker run --privileged --rm -v $HOME/.ansible:/root/.ansible  \
+-v $HOME/.ccache:/home/debian/.ccache \ -v $PWD:/home/debian/scripts \
+-t -i 3mdeb/debian-rootfs-builder ansible-playbook -vvv \ -i hosts \
+/home/debian/scripts/create-rootfs-components.yml
 ```
 
+### Rootfs preparation
+
+```
+docker run --privileged --rm -v $HOME/.ansible:/root/.ansible  \
+-v $HOME/.ccache:/home/debian/.ccache \ -v $PWD:/home/debian/scripts \
+-t -i 3mdeb/debian-rootfs-builder ansible-playbook -vvv \ -i hosts \
+/home/debian/scripts/prepare_rootfs.yml
+```
+
+### Deploy
+
+Following procedure assume deployment on clean Debian as target system:
+
+```
+ansible-playbook -i "<target_host>," -b --ask-become-pass pxe-server.yml
+```
+
+### Tests
+
+`v1.0.0` tests results:
+
+| Description | Result |
+| --- | --- |
+| XEN1.2 Verify if IOMMU is enabled | PASS |
+| XEN1.4 Verify if IOMMU is enabled on Xen Linux dev | PASS |
+| XEN1.5 Verify if IOMMU is enabled on Xen dev | PASS |
+| DEB1.1 Debian from iPXE 4.14.y | PASS |
+| DEB1.5 Debian from iPXE 4.9.y | PASS |
+| TCL1.1 Boot to Core 6.4 booted over iPXE | PASS |
+| VOY1.1 Boot into Voyage installer | PASS |
+| PFS1.1 pfSense 2.4.x install test | PASS |
+
+
+### Performance
+
+```
+Tuesday 21 August 2018  17:47:35 +0200 (0:00:00.820)       0:05:09.644 ********
+===============================================================================
+apt ------------------------------------------------------------------- 136.75s
+copy ------------------------------------------------------------------- 63.61s
+docker ----------------------------------------------------------------- 51.06s
+unarchive -------------------------------------------------------------- 36.18s
+get_url ---------------------------------------------------------------- 10.50s
+netboot ----------------------------------------------------------------- 4.56s
+setup ------------------------------------------------------------------- 2.49s
+file -------------------------------------------------------------------- 2.33s
+mount ------------------------------------------------------------------- 0.91s
+command ----------------------------------------------------------------- 0.82s
+debops.apt_preferences -------------------------------------------------- 0.25s
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+total ----------------------------------------------------------------- 309.46s
+Tuesday 21 August 2018  17:47:35 +0200 (0:00:00.820)       0:05:09.633 ********
+===============================================================================
+apt : Install essential packages --------------------------------------- 99.51s
+Copy Debian rootfs ----------------------------------------------------- 59.49s
+docker : Start 3mdeb/pxe-server Docker container ----------------------- 35.68s
+Unarchive Debian rootfs ------------------------------------------------ 31.32s
+apt : Remove cdrom repo ------------------------------------------------ 12.19s
+docker : Install docker ------------------------------------------------ 10.67s
+Get Voyage ------------------------------------------------------------- 10.50s
+apt : Add trffic manager stable deb repo -------------------------------- 8.19s
+apt : Add trffic manager stable deb-src repo ---------------------------- 6.65s
+Unarchive Voyage -------------------------------------------------------- 4.86s
+apt : Add Docker repo --------------------------------------------------- 4.47s
+apt : Add Docker CE key to apt ------------------------------------------ 4.02s
+docker : Install docker-py ---------------------------------------------- 3.88s
+Gathering Facts --------------------------------------------------------- 2.49s
+Copy Linux 4.14.y ------------------------------------------------------- 2.24s
+Copy Linux 4.9.y -------------------------------------------------------- 1.88s
+apt : Install apt-transport-https --------------------------------------- 1.73s
+netboot : deploy menu.ipxe ---------------------------------------------- 1.43s
+netboot : copy preseed.cfg ---------------------------------------------- 1.04s
+Create /var/voyage ------------------------------------------------------ 1.01s
+Playbook run took 0 days, 0 hours, 5 minutes, 9 seconds
+```
+
+====
+
+
 `init.sh` downloads all necessary files, OS images, PXE and extracts them in
 proper directories.
 
@@ -105,4 +207,3 @@ Requesting configuration that many times makes a little mess, so as a temporary
 workaround add a static IP for the `net0/eth0` interface on Your DHCP server.
 The IP address requested will remain the same and so the problems will be gone
 too.
-

ansible.cfg

@@ -0,0 +1,2 @@
+[defaults]
+callback_whitelist = profile_tasks, profile_roles, timer

apt-cacher/Dockerfile

@@ -0,0 +1,17 @@
+#
+# Build: docker build -t apt-cacher .
+# Run: docker run -d -p 3142:3142 --name apt-cacher-run apt-cacher
+#
+# and then you can run containers with:
+#   docker run -t -i --rm -e http_proxy http://dockerhost:3142/ debian bash
+#
+# Here, `dockerhost` is the IP address or FQDN of a host running the Docker daemon
+# which acts as an APT proxy server.
+FROM        ubuntu
+
+VOLUME      ["/var/cache/apt-cacher-ng"]
+RUN     apt-get update && apt-get install -y apt-cacher-ng
+
+RUN     sed -i "s|\# PassThroughPattern: .* \# this would allow CONNECT to everything|PassThroughPattern: .* \# this would allow CONNECT to everything|g" /etc/apt-cacher-ng/acng.conf
+EXPOSE      3142
+CMD     chmod 777 /var/cache/apt-cacher-ng && /etc/init.d/apt-cacher-ng start && tail -f /var/log/apt-cacher-ng/*

create-rootfs-components.yml

@@ -0,0 +1,9 @@
+---
+- name: build rootfs, kernels and prepare chroot
+  hosts: localhost
+  connection: local
+  roles:
+    - { role: 'common', tags: 'rootfs_prepare' }
+    - { role: 'debootstrap', tags: 'rootfs_prepare' }
+    - { role: 'linux-kernel', version: "{{ linux_4_9 }}", config: "{{ apu_config }}", tags: 'rootfs_prepare' }
+    - { role: 'linux-kernel', version: "{{ linux_4_14 }}", config: "{{ apu_config }}", tags: 'rootfs_prepare' }

deploy-meta-virtualization.yml

@@ -0,0 +1,29 @@
+---
+- hosts: all
+  user: debian
+  become: yes
+  become_user: root
+  become_method: su
+  roles:
+    - { role: 'common' }
+    - { role: 'docker' }
+    - { role: 'deploy_xen' }
+
+  tasks:
+    - name: Mount nfsd
+      mount:
+        path: /proc/fs/nfsd
+        src: nfsd
+        fstype: nfsd
+        state: present
+    - name: Mount xen-image-minimal-genericx86-64.ext4
+      mount:
+        path: /var/xen-dev
+        src: /var/xen-image-minimal-genericx86-64.ext4
+        fstype: ext4
+        state: present
+    - name: Restart server
+      command: /sbin/shutdown -r +1
+      async: 0
+      poll: 0
+      ignore_errors: true

docker-compose.yml

@@ -0,0 +1,7 @@
+version: '3'
+services:
+  apt-cacher:
+    image: apt-cacher
+    ports:
+      - "3142:3142"
+    container_name: apt-cacher-run

hosts

@@ -0,0 +1,2 @@
+[rootfs_chroot]
+/home/debian/scripts/rootfs

prepare-rootfs.yml

@@ -0,0 +1,25 @@
+- name: chroot mount
+  hosts: localhost
+  connection: local
+  roles:
+    - { role: 'common', tags: 'rootfs_prepare' }
+    - { role: 'chroot_mount', tags: 'install_in_rootfs' }
+
+- name: intall kernels and all remaining packages
+  hosts: rootfs_chroot
+  connection: chroot
+  roles:
+    - { role: 'common', tags: 'install_in_rootfs' }
+    - { role: 'config', tags: 'install_in_rootfs' }
+    - { role: 'packages', tags: 'install_in_rootfs' }
+    - { role: 'linux-install', version: "{{ linux_4_9 }}", tags: 'install_in_rootfs' }
+    - { role: 'linux-install', version: "{{ linux_4_14 }}", tags: 'install_in_rootfs' }
+    - { role: 'chroot_cleanup', tags: 'install_in_rootfs' }
+
+- name: umount chroot and prepare artifacts
+  hosts: localhost
+  connection: local
+  roles:
+    - { role: 'chroot_umount', tags: 'install_in_rootfs' }
+    - { role: 'common', tags: 'install_in_rootfs' }
+    - { role: 'prepare_artifacts', tags: 'install_in_rootfs' }

pxe-server.yml

@@ -0,0 +1,37 @@
+---
+- hosts: all
+  user: debian
+  become: yes
+  become_user: root
+  become_method: su
+  roles:
+    - { role: 'common' }
+    - { role: 'debops.apt_preferences' }
+    - { role: 'apt' }
+    - { role: 'docker' }
+    - { role: 'netboot' }
+    - { role: 'tinycoreos' }
+    - { role: 'deploy_artifacts' }
+    - { role: 'voyage' }
+
+  tasks:
+
+    - name: copy core.gz to /var/netboot
+      copy:
+        src: /tmp/core.gz
+        dest: /var/netboot/core.gz
+        remote_src: yes
+
+    - name: Mount nfsd
+      mount:
+        path: /proc/fs/nfsd
+        src: nfsd
+        fstype: nfsd
+        state: present
+
+    - name: Restart server
+      command: /sbin/shutdown -r +1
+      async: 0
+      poll: 0
+      ignore_errors: true
+

roles/apt/tasks/main.yml

@@ -0,0 +1,38 @@
+- name: Remove cdrom repo
+  apt_repository:
+    repo: deb cdrom:[Debian GNU/Linux 9.4.0 _Stretch_ - Official amd64 xfce-CD Binary-1 20180310-11:21]/ stretch main
+    state: absent
+
+- name: Add trffic manager stable deb repo
+  apt_repository:
+    repo: deb http://debian-archive.trafficmanager.net/debian/ stable main contrib non-free
+    state: present
+
+- name: Add trffic manager stable deb-src repo
+  apt_repository:
+    repo: deb-src http://debian-archive.trafficmanager.net/debian/ stable main contrib non-free
+    state: present
+
+- name: Install apt-transport-https
+  apt:
+    name: apt-transport-https
+    state: present
+- name: Add Docker CE key to apt
+  apt_key:
+    url: https://download.docker.com/linux/debian/gpg
+    state: present
+
+- name: Add Docker repo
+  apt_repository:
+    repo: deb [arch=amd64] https://download.docker.com/linux/debian stretch stable
+    state: present
+
+- name: Install essential packages
+  apt:
+    name: "{{ item }}"
+    state: present
+    update_cache: yes
+  with_items:
+    - docker-ce
+    - python-pip
+    - gzip

roles/chroot_cleanup/tasks/main.yml

@@ -0,0 +1,2 @@
+- name: clean apt cache
+  command: apt clean

roles/chroot_mount/tasks/main.yml

@@ -0,0 +1,21 @@
+- name: mount /proc
+  mount:
+    path: "{{ rootfs_dir }}/proc"
+    src: /proc
+    opts: bind
+    fstype: proc
+    state: present
+- name: mount /dev
+  mount:
+    path: "{{ rootfs_dir }}/dev"
+    src: /dev
+    opts: bind
+    fstype: devtmpfs
+    state: present
+- name: mount /dev/pts
+  mount:
+    path: "{{ rootfs_dir }}/dev/pts"
+    src: /dev/pts
+    opts: bind
+    fstype: devpts
+    state: present

roles/chroot_umount/tasks/main.yml

@@ -0,0 +1,18 @@
+- name: unmount /dev/pts
+  mount:
+    path: "{{ rootfs_dir }}/dev/pts"
+    src: /dev/pts
+    opts: bind
+    state: absent
+- name: unmount /dev
+  mount:
+    path: "{{ rootfs_dir }}/dev/pts"
+    src: /dev/pts
+    opts: bind
+    state: absent
+- name: unmount /proc
+  mount:
+    path: "{{ rootfs_dir }}/dev/pts"
+    src: /dev/pts
+    opts: bind
+    state: absent

roles/common/vars/main.yml

@@ -0,0 +1,8 @@
+release_version: "v1.1.1"
+linux_4_9: "4.9.128"
+linux_4_14: "4.14.71"
+apu_config: ""
+rootfs_tar_gz: "{{ results_dir }}/rootfs-{{ release_version }}.tar.gz"
+rootfs_dir: "/home/debian/scripts/rootfs"
+results_dir: "/home/debian/scripts/results"
+xen_version: "4.11-amd64"

roles/config/files/fstab

@@ -0,0 +1,2 @@
+/proc    /proc    proc    defaults   0 0
+/sys     /sys     sysfs   defaults   0 0

roles/config/files/issue

@@ -0,0 +1,2 @@
+Debian GNU/Linux 9 \n \l [root:debian]
+

roles/config/tasks/main.yml

@@ -0,0 +1,16 @@
+- name: replace fstab
+  copy:
+    src: files/fstab
+    dest: /etc/fstab
+
+- name: replace issue
+  copy:
+    src: files/issue
+    dest: /etc/issue
+
+- name: change root password
+  shell: echo root:debian|chpasswd
+
+- name: configure hostname
+  hostname:
+    name: rootfs-{{ release_version }}