#!/bin/bash # --- VARIABLES --- # Mise à jour avec votre point de montage USB_PATH="/mnt/pxe-data" PXE_DIR="$USB_PATH/pxe-server" DATA_DIR="$USB_PATH/data" echo "🛡️ Initialisation complète de l'infrastructure PXE (ARM64 - RPi4)..." # 1. Préparation de l'hôte (Raspberry Pi) echo "🔧 Configuration du système hôte..." sudo modprobe nfs nfsd # Arrêt des services NFS locaux pour éviter les conflits sur le port 2049 sudo systemctl stop nfs-server rpcbind 2>/dev/null sudo systemctl disable nfs-server rpcbind 2>/dev/null # 2. Création de l'arborescence echo "📂 Création des répertoires sur $USB_PATH..." sudo mkdir -p $PXE_DIR/{dnsmasq,tftpboot,www/ubuntu-admin,www/ubuntu-ro,www/ubuntu-export} sudo mkdir -p $DATA_DIR/{homes,logs,monitoring,keycloak} # 3. GESTION CRITIQUE DES PERMISSIONS (Fix Keycloak, Loki, Grafana) echo "🔑 Ajustement des permissions pour Docker..." # Keycloak (UID 1000) sudo chown -R 1000:1000 $DATA_DIR/keycloak # Grafana (UID 472) sudo chown -R 472:472 $DATA_DIR/monitoring # Loki (UID 10001) sudo chown -R 10001:10001 $DATA_DIR/logs # NFS et Homes (Lecture/Écriture pour tous) sudo chmod -R 777 $DATA_DIR/homes # 4. Téléchargement des firmwares iPXE (URLs corrigées) echo "📥 Téléchargement des binaires iPXE..." sudo wget -q https://boot.ipxe.org/undionly.kpxe -O $PXE_DIR/tftpboot/undionly.kpxe sudo wget -q https://boot.ipxe.org/x86_64-efi/ipxe.efi -O $PXE_DIR/tftpboot/ipxe.efi sudo wget -q https://boot.ipxe.org/arm64-efi/ipxe.efi -O $PXE_DIR/tftpboot/ipxe-arm64.efi # 5. Configuration LOKI (Fichier de config indispensable) echo "📝 Génération de la configuration Loki..." sudo rm -rf $DATA_DIR/logs/local-config.yaml cat < /dev/null auth_enabled: false server: http_listen_port: 3100 common: path_prefix: /loki storage: filesystem: chunks_directory: /loki/chunks rules_directory: /loki/rules replication_factor: 1 ring: kvstore: store: inmemory schema_config: configs: - from: 2020-10-24 store: boltdb-shipper object_store: filesystem schema: v11 index: prefix: index_ period: 24h EOF # 6. Génération du DOCKER-COMPOSE (ARM64 Natif) echo "🐳 Génération du docker-compose.yml..." cat < /dev/null services: dnsmasq: image: alpine:latest container_name: pxe-dnsmasq network_mode: "host" cap_add: - NET_ADMIN command: /bin/sh -c "apk add --no-cache dnsmasq && dnsmasq -k --log-facility=-" volumes: - ./dnsmasq/dnsmasq.conf:/etc/dnsmasq.conf:ro - ./tftpboot:/var/lib/tftpboot:ro - $DATA_DIR/logs:/var/log/dnsmasq restart: unless-stopped nginx: image: nginx:alpine container_name: pxe-http network_mode: "host" volumes: - ./www:/usr/share/nginx/html:ro restart: unless-stopped keycloak: image: quay.io/keycloak/keycloak:latest container_name: pxe-keycloak command: start-dev environment: - KC_DB=dev-file - KEYCLOAK_ADMIN=admin - KEYCLOAK_ADMIN_PASSWORD=admin_temporaire ports: - "8080:8080" volumes: - $DATA_DIR/keycloak:/opt/keycloak/data restart: unless-stopped nfs: image: alpine:latest container_name: pxe-nfs network_mode: host privileged: true volumes: - $DATA_DIR/homes:/nfsshare - /lib/modules:/lib/modules:ro command: > /bin/sh -c " apk add --no-cache nfs-utils && mkdir -p /var/lib/nfs/v4recovery && echo '/nfsshare *(rw,fsid=0,async,no_subtree_check,no_auth_nlm,insecure,no_root_squash)' > /etc/exports && rpcbind && exportfs -arv && rpc.nfsd 8 && rpc.mountd -F" restart: unless-stopped loki: image: grafana/loki:latest container_name: pxe-loki ports: - "3100:3100" command: -config.file=/etc/loki/local-config.yaml volumes: - $DATA_DIR/logs/local-config.yaml:/etc/loki/local-config.yaml:ro - $DATA_DIR/logs:/loki restart: unless-stopped grafana: image: grafana/grafana:latest container_name: pxe-grafana user: "472" ports: - "3000:3000" volumes: - $DATA_DIR/monitoring:/var/lib/grafana restart: unless-stopped EOF # 7. Configuration DNSMASQ echo "⚙️ Génération de dnsmasq.conf..." cat < /dev/null port=0 log-dhcp dhcp-leasefile=/var/log/dnsmasq/dnsmasq.leases dhcp-range=set:net_eth0,10.0.0.50,10.0.0.150,255.255.255.0,2h dhcp-range=set:net_eth1,10.0.1.50,10.0.1.200,255.255.255.0,2h enable-tftp tftp-root=/var/lib/tftpboot dhcp-match=set:ipxe,175 dhcp-match=set:efi-x86_64,option:client-arch,7 dhcp-match=set:efi-x86_64,option:client-arch,9 dhcp-match=set:efi-arm64,option:client-arch,11 dhcp-boot=tag:!ipxe,tag:efi-x86_64,ipxe.efi dhcp-boot=tag:!ipxe,tag:!efi-x86_64,tag:!efi-arm64,undionly.kpxe dhcp-boot=tag:!ipxe,tag:efi-arm64,ipxe-arm64.efi dhcp-boot=tag:ipxe,tag:net_eth0,http://10.0.0.1/boot-eth0.ipxe dhcp-boot=tag:ipxe,tag:net_eth1,http://10.0.1.1/boot-eth1.ipxe EOF # 8. Script iPXE pour ETH1 (Menu) echo "📜 Génération du menu iPXE..." cat < /dev/null #!ipxe set menu-timeout 5000 set menu-default local :start menu --- RESEAU UTILISATEURS (ETH1) --- item --key l local [L] Demarrer sur le disque dur local (Physique) item --key s standard [S] Ubuntu RAM - Mode Standard (USB Bloque) item --key e export [E] Ubuntu RAM - Mode Import/Export (Cles autorisees) choose --timeout \${menu-timeout} --default \${menu-default} selected || goto local goto \${selected} :local exit :standard kernel http://10.0.1.1/ubuntu-ro/vmlinuz ip=dhcp url=http://10.0.1.1/ubuntu-ro/ubuntu-standard.iso toram apparmor=1 audit=1 initrd http://10.0.1.1/ubuntu-ro/initrd boot :export kernel http://10.0.1.1/ubuntu-export/vmlinuz ip=dhcp url=http://10.0.1.1/ubuntu-export/ubuntu-export.iso toram apparmor=1 audit=1 initrd http://10.0.1.1/ubuntu-export/initrd boot EOF echo "🧹 Nettoyage final de Docker..." sudo docker system prune -f echo "✅ Installation terminée !" echo "🚀 Pour lancer l'infrastructure : cd $PXE_DIR && sudo docker compose up -d"