T0029406/pi_si
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
33fb57b94e
pi_si/setup_pxe.sh
T0029406 33fb57b94e Actualiser setup_pxe.sh
2026-04-03 15:31:49 +00:00

198 lines
6.1 KiB
Bash
Raw Blame History

#!/bin/bash
# --- VARIABLES ---
# Mise à jour avec votre point de montage
USB_PATH="/mnt/pxe-data"
PXE_DIR="$USB_PATH/pxe-server"
DATA_DIR="$USB_PATH/data"
echo "🛡️ Initialisation complète de l'infrastructure PXE (ARM64 - RPi4)..."
# 1. Préparation de l'hôte (Raspberry Pi)
echo "🔧 Configuration du système hôte..."
sudo modprobe nfs nfsd
# Arrêt des services NFS locaux pour éviter les conflits sur le port 2049
sudo systemctl stop nfs-server rpcbind 2>/dev/null
sudo systemctl disable nfs-server rpcbind 2>/dev/null
# 2. Création de l'arborescence
echo "📂 Création des répertoires sur $USB_PATH..."
sudo mkdir -p $PXE_DIR/{dnsmasq,tftpboot,www/ubuntu-admin,www/ubuntu-ro,www/ubuntu-export}
sudo mkdir -p $DATA_DIR/{homes,logs,monitoring,keycloak}
# 3. GESTION CRITIQUE DES PERMISSIONS (Fix Keycloak, Loki, Grafana)
echo "🔑 Ajustement des permissions pour Docker..."
# Keycloak (UID 1000)
sudo chown -R 1000:1000 $DATA_DIR/keycloak
# Grafana (UID 472)
sudo chown -R 472:472 $DATA_DIR/monitoring
# Loki (UID 10001)
sudo chown -R 10001:10001 $DATA_DIR/logs
# NFS et Homes (Lecture/Écriture pour tous)
sudo chmod -R 777 $DATA_DIR/homes
# 4. Téléchargement des firmwares iPXE (URLs corrigées)
echo "📥 Téléchargement des binaires iPXE..."
sudo wget -q https://boot.ipxe.org/undionly.kpxe -O $PXE_DIR/tftpboot/undionly.kpxe
sudo wget -q https://boot.ipxe.org/x86_64-efi/ipxe.efi -O $PXE_DIR/tftpboot/ipxe.efi
sudo wget -q https://boot.ipxe.org/arm64-efi/ipxe.efi -O $PXE_DIR/tftpboot/ipxe-arm64.efi
# 5. Configuration LOKI (Fichier de config indispensable)
echo "📝 Génération de la configuration Loki..."
sudo rm -rf $DATA_DIR/logs/local-config.yaml
cat <<EOF | sudo tee $DATA_DIR/logs/local-config.yaml > /dev/null
auth_enabled: false
server:
http_listen_port: 3100
common:
path_prefix: /loki
storage:
filesystem:
chunks_directory: /loki/chunks
rules_directory: /loki/rules
replication_factor: 1
ring:
kvstore:
store: inmemory
schema_config:
configs:
- from: 2020-10-24
store: boltdb-shipper
object_store: filesystem
schema: v11
index:
prefix: index_
period: 24h
EOF
# 6. Génération du DOCKER-COMPOSE (ARM64 Natif)
echo "🐳 Génération du docker-compose.yml..."
cat <<EOF | sudo tee $PXE_DIR/docker-compose.yml > /dev/null
services:
dnsmasq:
image: alpine:latest
container_name: pxe-dnsmasq
network_mode: "host"
cap_add:
- NET_ADMIN
command: /bin/sh -c "apk add --no-cache dnsmasq && dnsmasq -k --log-facility=-"
volumes:
- ./dnsmasq/dnsmasq.conf:/etc/dnsmasq.conf:ro
- ./tftpboot:/var/lib/tftpboot:ro
- $DATA_DIR/logs:/var/log/dnsmasq
restart: unless-stopped
nginx:
image: nginx:alpine
container_name: pxe-http
network_mode: "host"
volumes:
- ./www:/usr/share/nginx/html:ro
restart: unless-stopped
keycloak:
image: quay.io/keycloak/keycloak:latest
container_name: pxe-keycloak
command: start-dev
environment:
- KC_DB=dev-file
- KEYCLOAK_ADMIN=admin
- KEYCLOAK_ADMIN_PASSWORD=admin_temporaire
ports:
- "8080:8080"
volumes:
- $DATA_DIR/keycloak:/opt/keycloak/data
restart: unless-stopped
nfs:
image: alpine:latest
container_name: pxe-nfs
network_mode: host
privileged: true
volumes:
- $DATA_DIR/homes:/nfsshare
- /lib/modules:/lib/modules:ro
command: >
/bin/sh -c "
apk add --no-cache nfs-utils &&
mkdir -p /var/lib/nfs/v4recovery &&
echo '/nfsshare *(rw,fsid=0,async,no_subtree_check,no_auth_nlm,insecure,no_root_squash)' > /etc/exports &&
rpcbind &&
exportfs -arv &&
rpc.nfsd 8 &&
rpc.mountd -F"
restart: unless-stopped
loki:
image: grafana/loki:latest
container_name: pxe-loki
ports:
- "3100:3100"
command: -config.file=/etc/loki/local-config.yaml
volumes:
- $DATA_DIR/logs/local-config.yaml:/etc/loki/local-config.yaml:ro
- $DATA_DIR/logs:/loki
restart: unless-stopped
grafana:
image: grafana/grafana:latest
container_name: pxe-grafana
user: "472"
ports:
- "3000:3000"
volumes:
- $DATA_DIR/monitoring:/var/lib/grafana
restart: unless-stopped
EOF
# 7. Configuration DNSMASQ
echo "⚙️ Génération de dnsmasq.conf..."
cat <<EOF | sudo tee $PXE_DIR/dnsmasq/dnsmasq.conf > /dev/null
port=0
log-dhcp
dhcp-leasefile=/var/log/dnsmasq/dnsmasq.leases
dhcp-range=set:net_eth0,10.0.0.50,10.0.0.150,255.255.255.0,2h
dhcp-range=set:net_eth1,10.0.1.50,10.0.1.200,255.255.255.0,2h
enable-tftp
tftp-root=/var/lib/tftpboot
dhcp-match=set:ipxe,175
dhcp-match=set:efi-x86_64,option:client-arch,7
dhcp-match=set:efi-x86_64,option:client-arch,9
dhcp-match=set:efi-arm64,option:client-arch,11
dhcp-boot=tag:!ipxe,tag:efi-x86_64,ipxe.efi
dhcp-boot=tag:!ipxe,tag:!efi-x86_64,tag:!efi-arm64,undionly.kpxe
dhcp-boot=tag:!ipxe,tag:efi-arm64,ipxe-arm64.efi
dhcp-boot=tag:ipxe,tag:net_eth0,http://10.0.0.1/boot-eth0.ipxe
dhcp-boot=tag:ipxe,tag:net_eth1,http://10.0.1.1/boot-eth1.ipxe
EOF
# 8. Script iPXE pour ETH1 (Menu)
echo "📜 Génération du menu iPXE..."
cat <<EOF | sudo tee $PXE_DIR/www/boot-eth1.ipxe > /dev/null
#!ipxe
set menu-timeout 5000
set menu-default local
:start
menu --- RESEAU UTILISATEURS (ETH1) ---
item --key l local [L] Demarrer sur le disque dur local (Physique)
item --key s standard [S] Ubuntu RAM - Mode Standard (USB Bloque)
item --key e export [E] Ubuntu RAM - Mode Import/Export (Cles autorisees)
choose --timeout \${menu-timeout} --default \${menu-default} selected || goto local
goto \${selected}
:local
exit
:standard
kernel http://10.0.1.1/ubuntu-ro/vmlinuz ip=dhcp url=http://10.0.1.1/ubuntu-ro/ubuntu-standard.iso toram apparmor=1 audit=1
initrd http://10.0.1.1/ubuntu-ro/initrd
boot
:export
kernel http://10.0.1.1/ubuntu-export/vmlinuz ip=dhcp url=http://10.0.1.1/ubuntu-export/ubuntu-export.iso toram apparmor=1 audit=1
initrd http://10.0.1.1/ubuntu-export/initrd
boot
EOF
echo "🧹 Nettoyage final de Docker..."
sudo docker system prune -f
echo "✅ Installation terminée !"
echo "🚀 Pour lancer l'infrastructure : cd $PXE_DIR && sudo docker compose up -d"
Reference in New Issue View Git Blame Copy Permalink