Working shoelaces for Proxmox PXE boot.

- Working configuration for image server that extracts
   all Ubuntu ISOs automatically, extracts the initrd and
   vmlinuz and symlinks the latest iso.
- Working shoelaces dns resolution of IP addresses.
- Working cloud config for Ubuntu.
- Adds IP block for ubuntu 22.04 machines.

ansible/playbooks/tools.rye.ninja/inventory.yml

@@ -1,6 +1,6 @@
 tools_server:
   hosts:
-    tools.cfssh.rye.ninja:
+    tools.rye.ninja:
       # ansible_host: 10.5.7.10
       ansible_user: automation-user
       #TODO: Pull auth_pass and virtual_router_id from 1Password
@@ -110,13 +110,12 @@ tools_server:
       pihole_web_password: "{{ pihole_web_password_value | default(lookup('ansible.builtin.password', 'tmp/pihole_web_password chars=ascii_letters,digits length=32')) }}"
       pihole_ipv4_address: 10.5.7.2
       shoelaces_network_maps:
-        # - network: 10.5.11.4/29
-        #   script:
-        #     name: ubuntu.ipxe
-        #     params:
-        #       bios_type: bios
-        #       release: 20.04.5
-        #       password_hash: $6$automation-user$KJJd3iL8sCfkc4YTLOqDAQYnmMj/2VPKZxScl8sDeWZ2VcdoXEJHrAo.VGEVSP8h550ma6ok3NTss7i9elMVP/
+        - network: 10.5.12.0/24
+          script:
+            name: ubuntu-pve.ipxe
+            params:
+              release: 22.04
+              password_hash: $6$jR5wMm4n$8soOl/B/Qr.wLq1yRJAsQMWaUb.WUw8OM/LW0hBybWWBXQLpqxxIa15RHR9Wp2PBsMXSmIEOhyn5cXEKMFKiX.
         - network: 10.5.11.0/30
           script:
             name: talos.ipxe

ansible/roles/shoelaces/defaults/main.yml

@@ -4,6 +4,7 @@ shoelaces_system: "{{ ansible_system | lower }}"
 shoelaces_arch: "{% if ansible_architecture == 'x86_64' %}amd64{% else %}arm64{% endif %}"
 shoelaces_release_url: "{{ shoelaces_repo_url }}/releases/download/v{{ shoelaces_version }}/shoelaces_{{ shoelaces_version }}_{{ shoelaces_system }}_{{ shoelaces_arch }}.tar.gz"
 
+dns_server: 10.5.0.1:53
 shoelaces_bind_addr: 0.0.0.0:30083
 shoelaces_domain: pxe.tools.rye.ninja
 shoelaces_template_extension: .slc

ansible/roles/shoelaces/files/cloud-config/cloud-config-ubuntu-packages-pve.slc

@@ -0,0 +1,6 @@
+{{define "cloud-config-ubuntu-packages-pve"}}
+
+  packages:
+    - qemu-guest-agent
+
+{{end}}

ansible/roles/shoelaces/files/cloud-config/cloud-config-ubuntu-pve.slc

@@ -0,0 +1,41 @@
+{{define "cloud-config-ubuntu-pve" -}}
+#cloud-config
+autoinstall:
+  refresh-installer:
+    update: false
+  apt:
+    geoip: false
+    preserve_sources_list: false
+    primary:
+      - arches: [amd64, i386]
+        uri: http://apt.tools.rye.ninja/ubuntu
+      - arches: [default]
+        uri: http://apt.tools.rye.ninja/ubuntu
+  identity:
+    hostname: {{.hostname}}
+    password: {{.password_hash}}
+    realname: Automation User
+    username: automation-user
+  keyboard:
+    layout: us
+    toggle: alt_caps_toggle
+    variant: ''
+  locale: en_US.utf8
+
+  late-commands:
+    - echo 'automation-user ALL=(ALL) NOPASSWD:ALL' > /target/etc/sudoers.d/automation-user
+
+{{template "cloud-config-ubuntu-packages-pve"}}
+{{template "cloud-config-ubuntu-ssh"}}
+
+  storage:
+    config:
+{{template "cloud-config-ubuntu-storage-pve"}}
+{{template "cloud-config-ubuntu-storage"}}
+    swap:
+      swap: 0
+
+  version: 1
+
+{{end}}
+

ansible/roles/shoelaces/files/cloud-config/cloud-config-ubuntu-ssh.slc

@@ -8,6 +8,7 @@
           esten@jumpbox
       - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDLOOcdudgGgvUIsFxIDY6/uq9daQ7kmvSmRydv8KiqOXSUb5NH3YnnYpqcl7Le8T9U5++I71S5kRSxgsq+CY8ZmdrG522Rxy1/ixl0REKSKexZ7h/iue6ve0WxE9tS7Cj9ubug4/d1l6cFEdIp1KyzPdMRJtW9LB650t/mpe17LBic39XOcHfWdpYqCmW4Wrg9D1nO/mO+Gx1LLwfii770aZ6lHIxsaVj1FwmqKdlQswco10KPfB2WvzBxSaUhV4+xUV2uJ9aXshQPUx49flqiPgwQn7jiQxkOdkGb0X63WJjKCImGn9uJ5ms+3MVoLPeRYucKZvDxqJsYieV1Zy8uDODoqrJHPaXnixVVMZFNtKpvHDYgEoURqE2i+T/zclOdmLcSe5oYtD90/MGcKTuScZaqv5UOYfGK/y9Rqhleofznx6QqHPFVmN8HDgJje8EVwWfob3SbzfP3fYa60OJF0nfjxCBGCHZa8ZFZ47/qmpJsgWHgj6tlaYJw532lG4gCToy22PvTLmn7RQ8eB4IDmJWepezElkeH4KuQoM7o1UEPEdMkbeH1lzALj2sgGd3AnYhJxODLhlRULYdsA/dFp+bApB1YXf64fPg2ksPJdSQ7z/DIAHa1W0u6YhqVHRtaPq5s1zHzFKyDv3SClXGskExlFWz73P8l5nJkEqZfVw==
           [email protected]
+      - ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBABRrM38w/r7E5eHrD5eeQ0tU5sNlpseYO3s0kKKf0tbYIOsGW52ofUBzzx2/3PoAANOX/rZIwk6DmmiQxPizKeF6QCZuHrzknDHNHtg2JNWlsh24zNI9OjX8e+bB1oPE8y/PQPXPA8hrf7RZhU0wb3Ld4I6tOpcdiimlOI4sYmPgITmKA== esten@MacBook-Pro
     install-server: true
 
 {{end}}

ansible/roles/shoelaces/files/cloud-config/cloud-config-ubuntu-storage-bm.slc

@@ -0,0 +1,10 @@
+{{define "cloud-config-ubuntu-storage-bm"}}
+      - ptable: msdos
+        path: /dev/sda
+        wipe: superblock
+        preserve: false
+        name: 'ubuntu'
+        grub_device: true
+        type: disk
+        id: disk-ubuntu
+{{end}}

ansible/roles/shoelaces/files/cloud-config/cloud-config-ubuntu-storage-pve.slc

@@ -0,0 +1,10 @@
+{{define "cloud-config-ubuntu-storage-pve"}}
+      - ptable: msdos
+        path: /dev/vda
+        wipe: superblock
+        preserve: false
+        name: 'ubuntu'
+        grub_device: true
+        type: disk
+        id: disk-ubuntu
+{{end}}

ansible/roles/shoelaces/files/cloud-config/cloud-config-ubuntu-storage.slc

@@ -1,16 +1,4 @@
 {{define "cloud-config-ubuntu-storage"}}
-
-  storage:
-    config:
-      - ptable: msdos
-        path: /dev/sda
-        wipe: superblock
-        preserve: false
-        name: 'ubuntu'
-        grub_device: true
-        type: disk
-        id: disk-ubuntu
-
       - device: disk-ubuntu
         size: 1024M
         wipe: superblock
@@ -175,8 +163,4 @@
         path: /boot
         type: mount
         id: mount-0
-
-    swap:
-      swap: 0
-
 {{end}}

ansible/roles/shoelaces/files/cloud-config/cloud-config-ubuntu.slc

@@ -27,7 +27,14 @@ autoinstall:
 
 {{template "cloud-config-ubuntu-packages"}}
 {{template "cloud-config-ubuntu-ssh"}}
+
+  storage:
+    config:
+{{template "cloud-config-ubuntu-storage-bm"}}
 {{template "cloud-config-ubuntu-storage"}}
+    swap:
+      swap: 0
+
 
   version: 1
 

ansible/roles/shoelaces/files/ipxe/ubuntu-pve.ipxe.slc

@@ -0,0 +1,17 @@
+{{define "ubuntu-pve.ipxe" -}}
+#!ipxe
+
+echo This automatically overwrites data!
+echo Ubuntu {{.release}} minimal
+
+set mirror http://{{.baseURL}}/tftp/live/ubuntu/live-server-amd64/{{.release}}
+set ds_url http://{{.baseURL}}/configs/cloud-config-ubuntu-pve?hostname={{.hostname}}&password_hash={{.password_hash}}
+
+chain http://{{.baseURL}}/configs/linux.cfg?hostname={{.hostname}}
+
+imgfree
+
+kernel ${mirror}/vmlinuz initrd=initrd root=/dev/ram0 ramdisk_size=1500000 ip=dhcp url=${mirror}/ubuntu-live-server-amd64.iso autoinstall ds=nocloud-net;s=${ds_url} cloud-config-url=/dev/null ${linuxargs}
+initrd ${mirror}/initrd
+boot
+{{end}}

ansible/roles/shoelaces/files/ipxe/ubuntu.ipxe.slc

@@ -4,15 +4,14 @@
 echo This automatically overwrites data!
 echo Ubuntu {{.release}} minimal
 
-set mirror http://{{.baseURL}}/tftp/boot/{{.bios_type}}
-set iso_url http://{{.baseURL}}/tftp/images/ubuntu/{{.release}}/ubuntu-{{.version}}-live-server-amd64.iso
-set ds_url http://{{.baseURL}}/configs/cloud-config-ubuntu?release={{.release}}&hostname={{.hostname}}&password_hash={{.password_hash}}
+set mirror http://{{.baseURL}}/tftp/live/ubuntu/live-server-amd64/{{.release}}
+set ds_url http://{{.baseURL}}/configs/cloud-config-ubuntu?hostname={{.hostname}}&password_hash={{.password_hash}}
 
 chain http://{{.baseURL}}/configs/linux.cfg?hostname={{.hostname}}
 
 imgfree
 
-kernel ${mirror}/vmlinuz initrd=initrd root=/dev/ram0 ramdisk_size=1500000 ip=dhcp url=${iso_url} autoinstall ds=nocloud-net;s=${ds_url} cloud-config-url=/dev/null ${linuxargs}
+kernel ${mirror}/vmlinuz initrd=initrd root=/dev/ram0 ramdisk_size=1500000 ip=dhcp url=${mirror}/ubuntu-live-server-amd64.iso autoinstall ds=nocloud-net;s=${ds_url} cloud-config-url=/dev/null ${linuxargs}
 initrd ${mirror}/initrd
 boot
 {{end}}

ansible/roles/shoelaces/templates/shoelaces.conf.j2

@@ -1,6 +1,7 @@
 base-url={{ shoelaces_domain }}
 bind-addr={{ shoelaces_bind_addr }}
 data-dir=/etc/shoelaces/data
+dns-addr={{ dns_server }}
 template-extension={{ shoelaces_template_extension }}
 mappings-file=mappings.yaml
 debug={{ shoelaces_debug | bool | lower }}

ansible/roles/shoelaces/templates/shoelaces.service.j2

@@ -15,7 +15,8 @@ ExecStart=/usr/bin/docker run --rm --name %n \
     -e DEBUG="{{shoelaces_debug}}" \
     -v /etc/shoelaces/data:/data \
     -p 30083:8081 \
-    estenrye/shoelaces:{{shoelaces_version}}
+    estenrye/shoelaces:{{shoelaces_version}} \
+    -dns-addr {{dns_server}}
 ExecStopPre=/usr/bin/docker exec %n stop
 ExecStop=//usr/bin/docker rm %n
 

ansible/roles/tftp/tasks/main.yml

@@ -11,6 +11,26 @@
     group: "{{ tftp_group }}"
   become: true
 
+- name: Enable /etc/sudoers.d
+  ansible.builtin.lineinfile:
+    path: /etc/sudoers
+    line: '#includedir /etc/sudoers.d'
+    state: present
+    create: yes
+    validate: 'visudo -cf %s'
+  become: true
+
+- name: Grant sudo permissions to mount isos
+  community.general.sudoers:
+    name: tftp-user-mount
+    user: "{{ tftp_user }}"
+    nopassword: true
+    commands:
+      - /usr/bin/mount -o loop\,ro {{ image_mirror_dir }}/*/*/*.iso {{ image_mirror_dir }}/mnt/iso/*
+      - /usr/bin/umount {{ image_mirror_dir }}/mnt/iso/*
+      - /usr/bin/chown -R {{ tftp_user }}\:{{ tftp_group }} {{ tftp_directory }}/live
+  become: true
+
 - name: create tftp directories
   ansible.builtin.file:
     state: directory
@@ -31,6 +51,7 @@
     - "{{ image_mirror_dir }}"
     - "{{ image_mirror_dir }}/bin"
     - "{{ image_mirror_dir }}/status"
+    - "{{ image_mirror_dir }}/mnt/iso"
 
 - name: create image mirror directories
   ansible.builtin.file:

ansible/roles/tftp/templates/imagemirror.ubuntu.sh.j2

@@ -28,8 +28,8 @@ rsync --verbose --recursive --times --links --safe-links --hard-links \
 
 date -u > ${BASEDIR}/.trace/$(hostname -f)
 
-LIVE_KERNEL_ROOT='{{ image_mirror_dir }}/live/ubuntu/live-server-amd64'
-ISO_MNT_ROOT=/mnt/iso
+LIVE_KERNEL_ROOT='{{ tftp_directory }}/live/ubuntu/live-server-amd64'
+ISO_MNT_ROOT='{{ image_mirror_dir }}/mnt/iso'
 IMAGE_ROOT='{{ image_mirror_dir }}/ubuntu'
 VERSION_PATTERN='[0-9][0-9]\.[0-9][0-9]$'
 ISO_PATTERN='live-server-amd64\.iso$'
@@ -54,11 +54,15 @@ do
   mkdir -p "${ISO_MNT_ROOT}/${VERSION}"
 
   echo "Mounting ${ISOFILE} to directory ${ISO_MNT_ROOT}/${VERSION}"
-  mount -o loop,ro ${ISOFILE} ${ISO_MNT_ROOT}/${VERSION}
+  sudo /usr/bin/mount -o loop,ro ${ISOFILE} ${ISO_MNT_ROOT}/${VERSION}
 
   echo "Copying ${ISO_MNT_ROOT}/${VERSION}/casper to directory ${LIVE_KERNEL_ROOT}/${VERSION}"
-  cp -r ${ISO_MNT_ROOT}/${VERSION}/casper ${LIVE_KERNEL_ROOT}/${VERSION}
+  cp -r ${ISO_MNT_ROOT}/${VERSION}/casper/initrd ${LIVE_KERNEL_ROOT}/${VERSION}/initrd
+  cp -r ${ISO_MNT_ROOT}/${VERSION}/casper/vmlinuz ${LIVE_KERNEL_ROOT}/${VERSION}/vmlinuz
 
   echo "Unmounting ${ISO_MNT_ROOT}/${VERSION}"
-  umount ${ISO_MNT_ROOT}/${VERSION}
+  sudo /usr/bin/umount ${ISO_MNT_ROOT}/${VERSION}
 done
+
+echo "Changing ownership of {{ tftp_directory }}/live to {{tftp_user}}:{{tftp_group}}"
+sudo chown -R {{ tftp_user }}:{{ tftp_group }} {{ tftp_directory }}/live