PXE boot config files

andyshinn · andyshinn · commit f069168bda5a · 2017-10-28T16:37:15.000-05:00
diff --git a/config/README.md b/config/README.md
@@ -0,0 +1,25 @@
+# Config Files
+
+## embed.ipxe
+
+The `embed.ipxe` file is used to build the iPXE `undionly.kpxe` binary with the `embed.ipxe` embedded inside. This PXE booter will chainload to `tftp://192.168.88.1/preseed.ipxe`. This makes it easier for us to make edits to the iPXE script without having to rebuild the iPXE binary. See http://ipxe.org/embed for information on building the binary with the embedded script.
+
+## preseed.cfg
+
+This is the main Ubuntu preseed file. It automates the installation of Ubuntu for us so we don't need a keyboard or monitor. This gets passed to the `url` parameter as a kernel command line option at boot. See the `preseed.ipxe` script for the command line that gets passed.
+
+## preseed.ipxe
+
+This is the chainloaded iPXE script. We use this to pull down a remote Ubuntu installer image and boot using our `preseed.cfg` file. The installation procdes automatically and shuts down the node when done (so we can disable the TFTP options before we next power on).
+
+## preseed.kpxe
+
+This is the `undionly.kpxe` file with our embedded `embed.ipxe` script. It was generated using instructions at http://ipxe.org/embed and then renamed from `undionly.kpxe` to `preseed.kpxe`.
+
+## ros_default.rsc
+
+This is the default configuration of the MikroTik hEX before any of our edits. It is just here for reference.
+
+## ros_kuberdoo.rsc
+
+This is the MikroTik hEX configuration with our edits. It can be applied on top of the default MikroTik configuration. You will likely want to change the DHCP lease MAC addresses of the boards and the global password at top (which is used for VPN and admin functions).
diff --git a/config/default_vpn.rsc b/config/default_vpn.rsc
diff --git a/config/embed.ipxe b/config/embed.ipxe
@@ -0,0 +1,3 @@
+#!ipxe
+dhcp
+chain tftp://192.168.88.1/preseed.ipxe
diff --git a/config/preseed.cfg b/config/preseed.cfg
@@ -0,0 +1,61 @@
+# See https://help.ubuntu.com/16.04/installation-guide/amd64/apb.html for preseeding documentation
+# See https://help.ubuntu.com/16.04/installation-guide/amd64/apbs04.html for all preseed options
+
+d-i debian-installer/locale string en_US
+d-i debian-installer/locale string en_US.UTF-8
+d-i console-setup/ask_detect boolean false
+d-i keyboard-configuration/xkb-keymap select us
+d-i keyboard-configuration/layout select English (US)
+d-i keyboard-configuration/modelcode string pc105
+
+d-i netcfg/choose_interface select auto
+d-i netcfg/get_hostname string pixiecore
+d-i netcfg/get_domain string kuberdoo
+d-i netcfg/wireless_wep string
+
+d-i mirror/country string manual
+d-i mirror/http/hostname string mirror.us.leaseweb.net
+d-i mirror/http/directory string /ubuntu
+d-i mirror/http/proxy string
+#d-i mirror/http/mirror select us.archive.ubuntu.com
+
+d-i passwd/user-fullname string Kuberdoo User
+d-i passwd/username string ubuntu
+d-i passwd/user-password password kub3rd00
+d-i passwd/user-password-again password kub3rd00
+d-i user-setup/encrypt-home boolean false
+
+d-i clock-setup/utc boolean true
+d-i time/zone string America/Chicago
+d-i clock-setup/ntp boolean true
+
+d-i partman-auto/method string lvm
+d-i partman-lvm/device_remove_lvm boolean true
+d-i partman-md/device_remove_md boolean true
+d-i partman-lvm/confirm boolean true
+d-i partman-lvm/confirm_nooverwrite boolean true
+d-i partman-auto-lvm/guided_size string max
+d-i partman-auto/choose_recipe select atomic
+d-i partman-partitioning/confirm_write_new_label boolean true
+d-i partman/choose_partition select finish
+d-i partman/confirm boolean true
+d-i partman/confirm_nooverwrite boolean true
+d-i partman-md/confirm boolean true
+d-i partman-partitioning/confirm_write_new_label boolean true
+d-i partman/choose_partition select finish
+d-i partman/confirm boolean true
+d-i partman/confirm_nooverwrite boolean true
+
+# Setup passwordless sudo for ubuntu user
+d-i preseed/late_command string echo "ubuntu   ALL=(ALL:ALL) NOPASSWD:ALL" > /target/etc/sudoers.d/ubuntu
+
+tasksel tasksel/first multiselect none
+d-i base-installer/kernel/image string linux-generic-hwe-16.04
+d-i pkgsel/include string openssh-server
+d-i pkgsel/update-policy select none
+popularity-contest popularity-contest/participate boolean false
+d-i pkgsel/updatedb boolean false
+d-i grub-installer/only_debian boolean true
+d-i grub-installer/with_other_os boolean true
+d-i finish-install/reboot_in_progress note
+d-i debian-installer/exit/poweroff boolean true
diff --git a/config/preseed.ipxe b/config/preseed.ipxe
@@ -0,0 +1,4 @@
+#!ipxe
+kernel --name kernel http://mirror.leaseweb.net/ubuntu/dists/xenial/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64/linux
+initrd --name initrd http://mirror.leaseweb.net/ubuntu/dists/xenial/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64/initrd.gz
+boot kernel initrd=initrd auto=true hostname=preseed domain=kuberdoo keymap=us url=tftp://192.168.88.1/preseed.cfg
diff --git a/config/preseed.kpxe b/config/preseed.kpxe
diff --git a/config/ros_default.rsc b/config/ros_default.rsc
@@ -0,0 +1,59 @@
+# oct/27/2017 14:55:31 by RouterOS 6.40.4
+# software id = 8K0S-Z4TM
+#
+# model = RouterBOARD 750G r3
+# serial number = 6F39078102EC
+/interface ethernet
+set [ find default-name=ether2 ] name=ether2-master
+set [ find default-name=ether3 ] master-port=ether2-master
+set [ find default-name=ether4 ] master-port=ether2-master
+set [ find default-name=ether5 ] master-port=ether2-master
+/ip neighbor discovery
+set ether1 discover=no
+/interface list
+add comment=defconf name=WAN
+add comment=defconf name=LAN
+/interface wireless security-profiles
+set [ find default=yes ] supplicant-identity=MikroTik
+/ip hotspot profile
+set [ find default=yes ] html-directory=flash/hotspot
+/ip pool
+add name=default-dhcp ranges=192.168.88.10-192.168.88.254
+/ip dhcp-server
+add address-pool=default-dhcp disabled=no interface=ether2-master name=defconf
+/interface list member
+add comment=defconf interface=ether2-master list=LAN
+add comment=defconf interface=ether1 list=WAN
+/ip address
+add address=192.168.88.1/24 comment=defconf interface=ether2-master network=192.168.88.0
+/ip dhcp-client
+add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
+/ip dhcp-server network
+add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
+/ip dns
+set allow-remote-requests=yes
+/ip dns static
+add address=192.168.88.1 name=router.lan
+/ip firewall filter
+add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
+add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
+add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
+add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
+add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
+add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
+add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
+add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
+add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
+add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
+/ip firewall nat
+add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
+/system clock
+set time-zone-name=America/Chicago
+/system routerboard mode-button
+set enabled=no on-event=""
+/tool mac-server
+set [ find default=yes ] disabled=yes
+add interface=ether2-master
+/tool mac-server mac-winbox
+set [ find default=yes ] disabled=yes
+add interface=ether2-master
diff --git a/config/ros_kuberdoo.rsc b/config/ros_kuberdoo.rsc
@@ -0,0 +1,56 @@
+:global password "kub3rd00"
+/ip pool
+set [ find name=default-dhcp ] ranges=192.168.88.50-192.168.88.254
+add name=vpn ranges=192.168.89.2-192.168.89.254
+/ip dhcp-server
+set [ find name=defconf ] address-pool=default-dhcp authoritative=after-2sec-delay disabled=no interface=ether2-master name=kuberdoo
+/ip dhcp-server option
+add code=12 name=hostname-udoo1 value="'udoo1'"
+add code=12 name=hostname-udoo2 value="'udoo2'"
+add code=12 name=hostname-udoo3 value="'udoo3'"
+add code=12 name=hostname-udoo4 value="'udoo4'"
+add code=12 name=hostname-udoo5 value="'udoo5'"
+add code=12 name=hostname-udoo6 value="'udoo6'"
+add code=66 name=tftp-server value="'192.168.88.1'"
+add code=67 name=file-netboot value="'netboot.xyz.kpxe'"
+add code=67 name=file-preseed value="'preseed.kpxe'"
+/ip dhcp-server option sets
+add name=boot-netboot options=file-netboot,tftp-server
+add name=boot-preseed options=file-preseed,tftp-server
+/ip dhcp-server lease
+add address=192.168.88.11 always-broadcast=yes dhcp-option=hostname-udoo1 mac-address=00:C0:08:90:58:5A server=kuberdoo
+add address=192.168.88.12 always-broadcast=yes dhcp-option=hostname-udoo2 mac-address=00:C0:08:90:38:0B server=kuberdoo
+add address=192.168.88.13 always-broadcast=yes dhcp-option=hostname-udoo3 mac-address=00:C0:08:90:38:C5 server=kuberdoo
+add address=192.168.88.14 always-broadcast=yes dhcp-option=hostname-udoo4 mac-address=00:C0:08:90:58:6B server=kuberdoo
+add address=192.168.88.15 always-broadcast=yes dhcp-option=hostname-udoo5 mac-address=00:C0:08:90:57:AF server=kuberdoo
+add address=192.168.88.16 always-broadcast=yes dhcp-option=hostname-udoo6 mac-address=00:C0:08:90:58:59 server=kuberdoo
+/ip dhcp-server network
+set [ find address="192.168.88.0/24" ] next-server=192.168.88.1 boot-file-name=netboot.xyz.kpxe
+/ppp profile
+set *FFFFFFFE dns-server=192.168.89.1 local-address=192.168.89.1 remote-address=vpn
+/interface l2tp-server server
+set enabled=yes ipsec-secret="$password" use-ipsec=yes
+/ip firewall filter
+add place-before=[ find comment="defconf: drop all not coming from LAN" ] action=accept chain=input comment="kuberdoo: allow l2tp" dst-port=1701,500,4500 protocol=udp
+add place-before=[ find comment="defconf: drop all not coming from LAN" ] action=accept chain=input comment="kuberdoo: allow l2tp ipsec" protocol=ipsec-esp
+add place-before=[ find comment="defconf: drop all not coming from LAN" ] action=accept chain=input comment="kuberdoo: external management" dst-port=80,22 protocol=tcp
+/ip firewall nat
+add action=masquerade chain=srcnat comment="kuberdoo: vpn traffic" src-address=0.89.168.192-255.89.168.192
+/ip tftp
+add real-filename=flash/netboot.xyz.kpxe req-filename=netboot.xyz.kpxe
+add real-filename=flash/preseed.cfg req-filename=preseed.cfg
+add real-filename=flash/preseed.kpxe req-filename=preseed.kpxe
+add real-filename=flash/preseed.ipxe req-filename=preseed.ipxe
+/ppp secret
+add name=vpn password="$password"
+/interface l2tp-server
+add name=l2tp-in1 user=""
+/system identity
+set name=kuberdoo
+/tool
+fetch https://boot.netboot.xyz/ipxe/netboot.xyz.kpxe dst-path=flash
+fetch https://github.com/andyshinn/kuberdoo/blob/master/config/preseed.cfg dst-path=flash
+fetch https://github.com/andyshinn/kuberdoo/blob/master/config/preseed.ipxe dst-path=flash
+fetch https://github.com/andyshinn/kuberdoo/blob/master/config/preseed.kpxe dst-path=flash
+/user
+set [ find name=admin ] password="$password

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+#!ipxe`
	`2`	`+dhcp`
	`3`	`+chain tftp://192.168.88.1/preseed.ipxe`