josh
5ff1cff7d4
iPXE was stuck in a loop: boot iPXE -> DHCP -> get ipxe.0 again -> boot iPXE -> repeat. Add tag:!ipxe to pxe-service directives so iPXE clients get the HTTP script URL via dhcp-boot instead of being served the bootloader again. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
221 lines
4.9 KiB
Go
221 lines
4.9 KiB
Go
package pxe
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"io"
|
|
"log"
|
|
"os"
|
|
"os/exec"
|
|
"path/filepath"
|
|
"strings"
|
|
"text/template"
|
|
|
|
"provisioning/internal/model"
|
|
)
|
|
|
|
type SupervisorConfig struct {
|
|
Enabled bool
|
|
Interface string
|
|
Subnet string
|
|
RuntimeDir string
|
|
TFTPRoot string
|
|
DnsmasqBin string
|
|
PublicURL string
|
|
}
|
|
|
|
type Supervisor struct {
|
|
cfg SupervisorConfig
|
|
cmd *exec.Cmd
|
|
cancel context.CancelFunc
|
|
}
|
|
|
|
func NewSupervisor(cfg SupervisorConfig) *Supervisor {
|
|
return &Supervisor{cfg: cfg}
|
|
}
|
|
|
|
func (s *Supervisor) Start(ctx context.Context, hosts []model.Host) error {
|
|
if !s.cfg.Enabled {
|
|
log.Printf("pxe: dnsmasq disabled")
|
|
return nil
|
|
}
|
|
if err := os.MkdirAll(s.cfg.RuntimeDir, 0o755); err != nil {
|
|
return fmt.Errorf("pxe: create runtime dir: %w", err)
|
|
}
|
|
if err := os.MkdirAll(s.cfg.TFTPRoot, 0o755); err != nil {
|
|
return fmt.Errorf("pxe: create tftp root: %w", err)
|
|
}
|
|
s.seedIPXE()
|
|
if err := s.writeConfig(hosts); err != nil {
|
|
return err
|
|
}
|
|
return s.startProcess(ctx)
|
|
}
|
|
|
|
func (s *Supervisor) Reload(hosts []model.Host) error {
|
|
if !s.cfg.Enabled {
|
|
return nil
|
|
}
|
|
if err := s.writeConfig(hosts); err != nil {
|
|
return err
|
|
}
|
|
if s.cmd != nil && s.cmd.Process != nil {
|
|
return signalReload(s.cmd.Process)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (s *Supervisor) Shutdown() error {
|
|
if s.cancel != nil {
|
|
s.cancel()
|
|
}
|
|
if s.cmd != nil && s.cmd.Process != nil {
|
|
return s.cmd.Process.Kill()
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (s *Supervisor) writeConfig(hosts []model.Host) error {
|
|
confPath := filepath.Join(s.cfg.RuntimeDir, "dnsmasq.conf")
|
|
hostsPath := filepath.Join(s.cfg.RuntimeDir, "dhcp-hostsfile")
|
|
|
|
var lines []string
|
|
for _, h := range hosts {
|
|
lines = append(lines, h.MAC+",set:known")
|
|
}
|
|
if err := os.WriteFile(hostsPath, []byte(strings.Join(lines, "\n")+"\n"), 0o644); err != nil {
|
|
return fmt.Errorf("pxe: write dhcp-hostsfile: %w", err)
|
|
}
|
|
|
|
subnet := s.cfg.Subnet
|
|
if i := strings.Index(subnet, "/"); i != -1 {
|
|
subnet = subnet[:i]
|
|
}
|
|
|
|
conf := dnsmasqConf{
|
|
Interface: s.cfg.Interface,
|
|
Subnet: subnet,
|
|
TFTPRoot: s.cfg.TFTPRoot,
|
|
HostsFile: hostsPath,
|
|
PublicURL: s.cfg.PublicURL,
|
|
RuntimeDir: s.cfg.RuntimeDir,
|
|
}
|
|
f, err := os.Create(confPath)
|
|
if err != nil {
|
|
return fmt.Errorf("pxe: create dnsmasq.conf: %w", err)
|
|
}
|
|
defer f.Close()
|
|
if err := dnsmasqTmpl.Execute(f, conf); err != nil {
|
|
return fmt.Errorf("pxe: render dnsmasq.conf: %w", err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (s *Supervisor) startProcess(ctx context.Context) error {
|
|
confPath := filepath.Join(s.cfg.RuntimeDir, "dnsmasq.conf")
|
|
procCtx, cancel := context.WithCancel(ctx)
|
|
s.cancel = cancel
|
|
s.cmd = exec.CommandContext(procCtx, s.cfg.DnsmasqBin, "--keep-in-foreground", "--conf-file="+confPath)
|
|
s.cmd.Stdout = os.Stdout
|
|
s.cmd.Stderr = os.Stderr
|
|
if err := s.cmd.Start(); err != nil {
|
|
cancel()
|
|
return fmt.Errorf("pxe: start dnsmasq: %w", err)
|
|
}
|
|
go func() {
|
|
if err := s.cmd.Wait(); err != nil {
|
|
select {
|
|
case <-procCtx.Done():
|
|
default:
|
|
log.Printf("pxe: dnsmasq exited: %v", err)
|
|
}
|
|
}
|
|
}()
|
|
log.Printf("pxe: dnsmasq started (pid %d)", s.cmd.Process.Pid)
|
|
return nil
|
|
}
|
|
|
|
var ipxeFiles = []struct{ src, dst string }{
|
|
{"/usr/lib/ipxe/undionly.kpxe", "undionly.kpxe"},
|
|
{"/usr/lib/ipxe/ipxe.efi", "ipxe.efi"},
|
|
}
|
|
|
|
var ipxeSymlinks = []struct{ target, link string }{
|
|
{"undionly.kpxe", "undionly.0"},
|
|
{"ipxe.efi", "ipxe.0"},
|
|
}
|
|
|
|
func (s *Supervisor) seedIPXE() {
|
|
for _, f := range ipxeFiles {
|
|
dst := filepath.Join(s.cfg.TFTPRoot, f.dst)
|
|
if _, err := os.Stat(dst); err == nil {
|
|
continue
|
|
}
|
|
if err := copyFile(f.src, dst); err != nil {
|
|
log.Printf("pxe: copy %s → %s: %v", f.src, dst, err)
|
|
} else {
|
|
log.Printf("pxe: seeded %s", f.dst)
|
|
}
|
|
}
|
|
for _, l := range ipxeSymlinks {
|
|
link := filepath.Join(s.cfg.TFTPRoot, l.link)
|
|
if _, err := os.Lstat(link); err == nil {
|
|
continue
|
|
}
|
|
if err := os.Symlink(l.target, link); err != nil {
|
|
log.Printf("pxe: symlink %s → %s: %v", l.link, l.target, err)
|
|
}
|
|
}
|
|
}
|
|
|
|
func copyFile(src, dst string) error {
|
|
in, err := os.Open(src)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer in.Close()
|
|
out, err := os.Create(dst)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer out.Close()
|
|
_, err = io.Copy(out, in)
|
|
return err
|
|
}
|
|
|
|
type dnsmasqConf struct {
|
|
Interface string
|
|
Subnet string
|
|
TFTPRoot string
|
|
HostsFile string
|
|
PublicURL string
|
|
RuntimeDir string
|
|
}
|
|
|
|
var dnsmasqTmpl = template.Must(template.New("dnsmasq.conf").Parse(`
|
|
port=0
|
|
interface={{.Interface}}
|
|
bind-interfaces
|
|
|
|
dhcp-range={{.Subnet}},proxy
|
|
dhcp-hostsfile={{.HostsFile}}
|
|
dhcp-ignore=tag:!known
|
|
|
|
enable-tftp
|
|
tftp-root={{.TFTPRoot}}
|
|
|
|
# Detect iPXE (user-class "iPXE") to break chainload loop
|
|
dhcp-userclass=set:ipxe,iPXE
|
|
|
|
# Initial PXE firmware: serve iPXE bootloader (skip if already iPXE)
|
|
pxe-prompt="Provisioning",0
|
|
pxe-service=tag:!ipxe,x86PC,"Provisioning",undionly
|
|
pxe-service=tag:!ipxe,X86-64_EFI,"Provisioning",ipxe
|
|
|
|
# iPXE: serve HTTP boot script
|
|
dhcp-boot=tag:ipxe,{{.PublicURL}}/ipxe/${mac:hexhyp}
|
|
|
|
log-dhcp
|
|
log-facility={{.RuntimeDir}}/dnsmasq.log
|
|
`))
|