Automate PXE setup: release bundle + pxe-setup.sh + startup validation
CI / Lint + build + test (push) Has been cancelled
CI / Lint + build + test (push) Has been cancelled
Collapses the LXC side of PXE enablement from a six-step manual dance (build, fetch iPXE, scp, bridge, hand-edit yaml) into: make release # dev box (Linux/WSL) scp bundle.tar.gz lxc:/tmp/ sudo ./install.sh # base install, unchanged sudo ./pxe-setup.sh --interface ... --dhcp-range ... --orchestrator-url ... pxe-setup.sh fetches iPXE from boot.ipxe.org, verifies against pinned SHA256s in deploy/ipxe-shas.txt (fail-closed), places vmlinuz/initrd.img from the bundle, and rewrites only the pxe: block of vetting.yaml. Idempotent; --force gates overwriting a hand-edited block. Adds Supervisor.Validate() — called before dnsmasq spawn — so typo'd configs fail at orchestrator startup with clear errors naming the missing file or yaml key, instead of silently serving broken TFTP until a real host tries to PXE-boot. Nine tests cover missing files, bogus interface, malformed dhcp_range, bad orchestrator_url, and aggregate reporting. Hypervisor bridge creation stays documented (LXC can't do it) but everything downstream of the bridge is now scripted. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -70,6 +70,22 @@ run: orchestrator ## Build and run orchestrator with example config
|
||||
install: orchestrator-linux agent-linux ## Run deploy/install.sh (must be run on the target LXC as root)
|
||||
sudo ./deploy/install.sh --binary ./bin/vetting-linux-amd64 --agent-binary ./bin/vetting-agent.linux-amd64
|
||||
|
||||
.PHONY: release
|
||||
release: orchestrator-linux agent-linux live-image ## Build the scp-and-go release tarball (run from Linux/WSL)
|
||||
ifneq ($(findstring Windows,$(UNAME_S))$(findstring MINGW,$(UNAME_S))$(findstring MSYS,$(UNAME_S)),)
|
||||
@echo "ERROR: make release must be run from Linux/WSL (live-image dep needs mkosi)." && exit 1
|
||||
endif
|
||||
@stamp=vetting-bundle-$(GIT_SHA); \
|
||||
rm -rf build/$$stamp bin/$$stamp.tar.gz; \
|
||||
mkdir -p build/$$stamp/bin build/$$stamp/live-image; \
|
||||
cp bin/vetting-linux-amd64 bin/vetting-agent.linux-amd64 build/$$stamp/bin/; \
|
||||
cp live-image/build/vmlinuz live-image/build/initrd.img build/$$stamp/live-image/; \
|
||||
cp deploy/install.sh deploy/pxe-setup.sh deploy/vetting.service \
|
||||
deploy/vetting.production.yaml deploy/ipxe-shas.txt build/$$stamp/; \
|
||||
echo $(GIT_SHA) > build/$$stamp/VERSION; \
|
||||
tar -C build -czf bin/$$stamp.tar.gz $$stamp; \
|
||||
echo "wrote bin/$$stamp.tar.gz ($$(du -h bin/$$stamp.tar.gz | cut -f1))"
|
||||
|
||||
.PHONY: clean
|
||||
clean: ## Remove build artifacts
|
||||
rm -rf bin out dist tmp
|
||||
rm -rf bin out dist tmp build
|
||||
|
||||
Reference in New Issue
Block a user