feat(watchguard): debut d'automation, structure tftp
This commit is contained in:
parent
411e3ce8cd
commit
231b1cca9f
18
watchguard/ansible/ansible-api-test.sh
Executable file
18
watchguard/ansible/ansible-api-test.sh
Executable file
@ -0,0 +1,18 @@
|
||||
#!/bin/bash
|
||||
|
||||
# You first need to do a few things on opnsense web interface:
|
||||
# - enable ssh
|
||||
# - create a nationtech user (member of admin) with an API key (system / access /users)
|
||||
# - get an API key / secret
|
||||
|
||||
#ansible-galaxy collection install ansible.posix
|
||||
#ansible-galaxy collection install ansibleguy.opnsense
|
||||
|
||||
export API_KEY="wQTI+b1VcI2ox3NdB86dySN28TVYusaWUdimFNSMweOeyr++pp6xccPXBBxGoSy9arNhzlTprx5+28IL"
|
||||
export API_SECRET="eOLbAqZkTKMRXEdqjXUdlWLssd7q0bKBt5vNMgPutsc+V2qO4Yh/C9Z1OmBezcuxZdbVCLAjeru1c6zr"
|
||||
|
||||
ansible-playbook apiCallTest.yml \
|
||||
-e API_URL="https://192.168.1.1/api" \
|
||||
-e API_KEY="${API_KEY}" \
|
||||
-e API_SECRET="${API_SECRET}"
|
||||
|
26
watchguard/ansible/apiCallTest.yml
Normal file
26
watchguard/ansible/apiCallTest.yml
Normal file
@ -0,0 +1,26 @@
|
||||
---
|
||||
- name: Make an HTTPS API call with basic auth
|
||||
hosts: localhost
|
||||
gather_facts: no
|
||||
|
||||
tasks:
|
||||
- name: Make API call
|
||||
uri:
|
||||
#url: "https://192.168.1.1/api/dhcpv4/leases/searchLease/"
|
||||
#url: "{{ API_URL }}/dhcpv4/leases/searchLease/"
|
||||
#url: "{{ API_URL }}/core/system/status"
|
||||
#url: "{{ API_URL }}/core/menu/search/?=1725020077211"
|
||||
url: "{{ API_URL }}/dhcpv4/service/status/"
|
||||
#https://192.168.1.1/api/core/menu/search/?_=1725020077211
|
||||
method: GET
|
||||
user: "{{ API_KEY }}"
|
||||
password: "{{ API_SECRET }}"
|
||||
force_basic_auth: yes
|
||||
validate_certs: no
|
||||
return_content: yes
|
||||
register: api_response
|
||||
|
||||
- name: Print API response
|
||||
debug:
|
||||
var: api_response.content
|
||||
|
18
watchguard/ansible/configure_dhcp.sh
Executable file
18
watchguard/ansible/configure_dhcp.sh
Executable file
@ -0,0 +1,18 @@
|
||||
#!/bin/bash
|
||||
|
||||
# You first need to do a few things on opnsense web interface:
|
||||
# - enable ssh
|
||||
# - create a nationtech user (member of admin) with an API key (system / access /users)
|
||||
# - get an API key
|
||||
# zJhbadKcWsdY2HM47s1yLp5givIiTln0nf5CTw81igYxvFnvq8n67Ba5/MaLMSZ4EP13wphZTfHh0Nz8
|
||||
|
||||
API_KEY="zJhbadKcWsdY2HM47s1yLp5givIiTln0nf5CTw81igYxvFnvq8n67Ba5/MaLMSZ4EP13wphZTfHh0Nz8"
|
||||
|
||||
#ansible-galaxy collection install ansible.posix
|
||||
ansible-galaxy collection install ansibleguy.opnsense
|
||||
|
||||
ansible-playbook network-boot.yml -i 192.168.1.1, \
|
||||
-e opnsense_url="https://192.168.1.1/api" \
|
||||
-e api_key="${API_KEY}" \
|
||||
--connection=ssh
|
||||
|
21
watchguard/ansible/configure_netboot.sh
Executable file
21
watchguard/ansible/configure_netboot.sh
Executable file
@ -0,0 +1,21 @@
|
||||
#!/bin/bash
|
||||
|
||||
# You first need to do a few things on opnsense web interface:
|
||||
# - enable ssh
|
||||
# - create a nationtech user (member of admin) with an API key (system / access /users)
|
||||
# - get an API key / secret
|
||||
|
||||
#ansible-galaxy collection install ansible.posix
|
||||
#ansible-galaxy collection install ansibleguy.opnsense
|
||||
|
||||
export API_KEY="wQTI+b1VcI2ox3NdB86dySN28TVYusaWUdimFNSMweOeyr++pp6xccPXBBxGoSy9arNhzlTprx5+28IL"
|
||||
export API_SECRET="eOLbAqZkTKMRXEdqjXUdlWLssd7q0bKBt5vNMgPutsc+V2qO4Yh/C9Z1OmBezcuxZdbVCLAjeru1c6zr"
|
||||
|
||||
ansible-playbook network-boot.yml.startExample \
|
||||
-e API_URL="https://192.168.1.1/api" \
|
||||
-e API_KEY="${API_KEY}" \
|
||||
-e API_SECRET="${API_SECRET}" \
|
||||
-e WEBUI_USERNAME="nationtech" \
|
||||
-e WEBUI_PASSWORD="opnsense"
|
||||
|
||||
|
11
watchguard/ansible/configure_tftp.sh
Executable file
11
watchguard/ansible/configure_tftp.sh
Executable file
@ -0,0 +1,11 @@
|
||||
#!/bin/bash
|
||||
|
||||
# You first need to do a few things on opnsense web interface:
|
||||
# - enable ssh
|
||||
# - create a nationtech user (member of admin) with an API key (system / access /users)
|
||||
# - get an API key
|
||||
|
||||
ansible-galaxy collection install ansible.posix
|
||||
|
||||
ansible-playbook tftp.yml -i 192.168.1.1, -e ansible_user=root -e ansible_password=opnsense --connection=ssh
|
||||
|
7
watchguard/ansible/curl-api-test.sh
Executable file
7
watchguard/ansible/curl-api-test.sh
Executable file
@ -0,0 +1,7 @@
|
||||
## POST example
|
||||
#curl -XPOST -k -u "wQTI+b1VcI2ox3NdB86dySN28TVYusaWUdimFNSMweOeyr++pp6xccPXBBxGoSy9arNhzlTprx5+28IL":"eOLbAqZkTKMRXEdqjXUdlWLssd7q0bKBt5vNMgPutsc+V2qO4Yh/C9Z1OmBezcuxZdbVCLAjeru1c6zr" https://192.168.1.1/api/core/firmware/update
|
||||
|
||||
## GET Examples
|
||||
#curl -k -u "wQTI+b1VcI2ox3NdB86dySN28TVYusaWUdimFNSMweOeyr++pp6xccPXBBxGoSy9arNhzlTprx5+28IL":"eOLbAqZkTKMRXEdqjXUdlWLssd7q0bKBt5vNMgPutsc+V2qO4Yh/C9Z1OmBezcuxZdbVCLAjeru1c6zr" https://192.168.1.1/api/core/firmware/status
|
||||
|
||||
curl -k -u "wQTI+b1VcI2ox3NdB86dySN28TVYusaWUdimFNSMweOeyr++pp6xccPXBBxGoSy9arNhzlTprx5+28IL":"eOLbAqZkTKMRXEdqjXUdlWLssd7q0bKBt5vNMgPutsc+V2qO4Yh/C9Z1OmBezcuxZdbVCLAjeru1c6zr" https://192.168.1.1/api/dhcpv4/leases/searchLease/
|
35
watchguard/ansible/dhcp-network-boot.yml
Normal file
35
watchguard/ansible/dhcp-network-boot.yml
Normal file
@ -0,0 +1,35 @@
|
||||
---
|
||||
#- hosts: all
|
||||
# connection: local # execute modules on controller
|
||||
# gather_facts: no
|
||||
# module_defaults:
|
||||
# - name: Example
|
||||
# ansibleguy.opnsense.alias:
|
||||
# firewall: "{{ ansible_host }}"
|
||||
# api_credential_file: "./opnsense.key"
|
||||
#
|
||||
# tasks:
|
||||
# - name: Example
|
||||
# ansibleguy.opnsense.alias:
|
||||
# name: 'ANSIBLE_TEST1'
|
||||
# content: ['1.1.1.1']
|
||||
|
||||
- name: Get list of users from OPNsense
|
||||
hosts: localhost
|
||||
gather_facts: no
|
||||
|
||||
tasks:
|
||||
- name: Retrieve users
|
||||
uri:
|
||||
url: "{{ opnsense_url }}/api/system/user"
|
||||
method: GET
|
||||
headers:
|
||||
Authorization: "Bearer {{ api_key }}"
|
||||
Content-Type: "application/json"
|
||||
validate_certs: no
|
||||
register: users_response
|
||||
|
||||
- name: Display list of users
|
||||
debug:
|
||||
msg: "{{ users_response.json }}"
|
||||
|
2
watchguard/ansible/nationtech-apikey.txt
Normal file
2
watchguard/ansible/nationtech-apikey.txt
Normal file
@ -0,0 +1,2 @@
|
||||
key=wQTI+b1VcI2ox3NdB86dySN28TVYusaWUdimFNSMweOeyr++pp6xccPXBBxGoSy9arNhzlTprx5+28IL
|
||||
secret=eOLbAqZkTKMRXEdqjXUdlWLssd7q0bKBt5vNMgPutsc+V2qO4Yh/C9Z1OmBezcuxZdbVCLAjeru1c6zr
|
101
watchguard/ansible/network-boot.yml
Normal file
101
watchguard/ansible/network-boot.yml
Normal file
@ -0,0 +1,101 @@
|
||||
---
|
||||
- name: Log in to OPNsense and obtain PHPSESSID and CSRF token
|
||||
hosts: localhost
|
||||
gather_facts: no
|
||||
vars:
|
||||
api_username: "your_username"
|
||||
api_password: "your_password"
|
||||
|
||||
tasks:
|
||||
- name: Perform GET request to initiate session and retrieve PHPSESSID
|
||||
uri:
|
||||
url: "https://192.168.1.1/"
|
||||
method: GET
|
||||
user: "{{ WEBUI_USERNAME }}"
|
||||
password: "{{ WEBUI_PASSWORD }}"
|
||||
headers:
|
||||
Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7'
|
||||
validate_certs: no
|
||||
return_content: yes
|
||||
register: login_page
|
||||
|
||||
- name: Extract PHPSESSID from response cookies
|
||||
set_fact:
|
||||
phpsessid: "{{ login_page.cookies.PHPSESSID }}"
|
||||
|
||||
- name: Extract CSRF token name and value from the page content
|
||||
set_fact:
|
||||
csrf_tokens: "{{ login_page.content | regex_findall('<input[^>]*type=\"hidden\"[^>]*name=\"([^\"]+)\"[^>]*value=\"([^\"]+)\"') }}"
|
||||
|
||||
- name: Set CSRF token name and value
|
||||
set_fact:
|
||||
csrf_token_name: "{{ csrf_tokens[0][0] if csrf_tokens | length > 0 else 'Not found' }}"
|
||||
csrf_token_value: "{{ csrf_tokens[0][1] if csrf_tokens | length > 0 else 'Not found' }}"
|
||||
|
||||
- name: Display the PHPSESSID and CSRF token details
|
||||
debug:
|
||||
msg: "PHPSESSID is {{ phpsessid }}, CSRF token name is {{ csrf_token_name }}, CSRF token value is {{ csrf_token_value }}"
|
||||
|
||||
- name: Construct body
|
||||
set_fact:
|
||||
request_body: |
|
||||
{{ csrf_token_name}}={{ csrf_token_value }}&range_from=192.168.1.10&range_to=192.168.1.245&wins1=&wins2=&dns1=&dns2=&gateway=&domain=&domainsearchlist=&defaultleasetime=&maxleasetime=&minsecs=&interface_mtu=&failover_peerip=&failover_split=&ddnsdomain=&ddnsdomainprimary=&ddnsdomainkeyname=&ddnsdomainkey=&ddnsdomainalgorithm=hmac-md5&mac_allow=&mac_deny=&ntp1=&ntp2=&tftp=&bootfilename=&ldap=&nextserver=192.168.1.1&filename=&filename32=&filename64=bootx64.efi&filename32arm=&filename64arm=&filenameipxe=&rootpath=&omapiport=&omapialgorithm=&omapikey=&numberoptions_number%5B%5D=&numberoptions_type%5B%5D=text&numberoptions_value%5B%5D=&if=lan&submit=Save'
|
||||
|
||||
- name: Post data to services_dhcp.php
|
||||
uri:
|
||||
url: "https://192.168.1.1/services_dhcp.php?if=lan"
|
||||
method: POST
|
||||
headers:
|
||||
Accept: "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"
|
||||
Accept-Language: "en,fr;q=0.9,en-GB;q=0.8,en-US;q=0.7"
|
||||
Cache-Control: "no-cache"
|
||||
Content-Type: "application/x-www-form-urlencoded"
|
||||
Cookie: "PHPSESSID={{ phpsessid }}"
|
||||
Origin: "https://192.168.1.1"
|
||||
Pragma: "no-cache"
|
||||
Priority: "u=0, i"
|
||||
Referer: "https://192.168.1.1/services_dhcp.php?if=lan"
|
||||
Sec-Ch-Ua: '"Google Chrome";v="125", "Chromium";v="125", "Not.A/Brand";v="24"'
|
||||
Sec-Ch-Ua-Mobile: "?0"
|
||||
Sec-Ch-Ua-Platform: '"Linux"'
|
||||
Sec-Fetch-Dest: "document"
|
||||
Sec-Fetch-Mode: "navigate"
|
||||
Sec-Fetch-Site: "same-origin"
|
||||
Sec-Fetch-User: "?1"
|
||||
Upgrade-Insecure-Requests: "1"
|
||||
User-Agent: "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"
|
||||
body: |
|
||||
{{ csrf_token_name }}={{ csrf_token_value }}&range_from=192.168.1.10&range_to=192.168.1.245&wins1=&wins2=&dns1=&dns2=&gateway=&domain=&domainsearchlist=&defaultleasetime=&maxleasetime=&minsecs=&interface_mtu=&failover_peerip=&failover_split=&ddnsdomain=&ddnsdomainprimary=&ddnsdomainkeyname=&ddnsdomainkey=&ddnsdomainalgorithm=hmac-md5&mac_allow=&mac_deny=&ntp1=&ntp2=&tftp=&bootfilename=&ldap=&nextserver=192.168.1.1&filename=&filename32=&filename64=bootx64.efi&filename32arm=&filename64arm=&filenameipxe=&rootpath=&omapiport=&omapialgorithm=&omapikey=&numberoptions_number%5B%5D=&numberoptions_type%5B%5D=text&numberoptions_value%5B%5D=&if=lan&submit=Save
|
||||
body_format: raw
|
||||
validate_certs: no
|
||||
register: response
|
||||
|
||||
# - name: Send POST request to update DHCP settings
|
||||
# uri:
|
||||
# url: "https://192.168.1.1/services_dhcp.php?if=lan"
|
||||
# method: POST
|
||||
# headers:
|
||||
# Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7'
|
||||
# Content-Type: 'application/x-www-form-urlencoded'
|
||||
# Cookie: "PHPSESSID={{ phpsessid }}"
|
||||
# Origin: "https://192.168.1.1"
|
||||
# Referer: "https://192.168.1.1/services_dhcp.php?if=lan"
|
||||
# X-CSRFToken: "{{ csrf_token_value }}"
|
||||
# body_format: form-urlencoded
|
||||
# body: "{{ request_body }}"
|
||||
# validate_certs: no
|
||||
# return_content: yes
|
||||
# register: response
|
||||
|
||||
- name: Display the response from the DHCP update request
|
||||
debug:
|
||||
#msg: "{{ response.content }}"
|
||||
msg: "{{ response }}"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
# request_body: |
|
||||
# {{ csrf_token_name }}={{ csrf_token_value }}&range_from=192.168.1.10&range_to=192.168.1.245&wins1=&wins2=&dns1=&dns2=&gateway=&domain=&domainsearchlist=&defaultleasetime=&maxleasetime=&minsecs=&interface_mtu=&failover_peerip=&failover_split=&ddnsdomain=&ddnsdomainprimary=&ddnsdomainkeyname=&ddnsdomainkey=&ddnsdomainalgorithm=hmac-md5&mac_allow=&mac_deny=&ntp1=&ntp2=&tftp=&bootfilename=&ldap=&nextserver=192.168.1.1&filename=&filename32=&filename64=bootx64.efi&filename32arm=&filename64arm=&filenameipxe=&rootpath=&omapiport=&omapialgorithm=&omapikey=&numberoptions_number%5B%5D=&numberoptions_type%5B%5D=text&numberoptions_value%5B%5D=&if=lan&submit=Save
|
||||
|
71
watchguard/ansible/network-boot.yml.bakMarchePas
Normal file
71
watchguard/ansible/network-boot.yml.bakMarchePas
Normal file
@ -0,0 +1,71 @@
|
||||
---
|
||||
- name: Log in to OPNsense and obtain PHPSESSID and CSRF token
|
||||
hosts: localhost
|
||||
gather_facts: no
|
||||
vars:
|
||||
api_username: "your_username"
|
||||
api_password: "your_password"
|
||||
|
||||
tasks:
|
||||
- name: Perform GET request to initiate session and retrieve PHPSESSID
|
||||
uri:
|
||||
url: "https://192.168.1.1/"
|
||||
method: GET
|
||||
user: "{{ WEBUI_USERNAME }}"
|
||||
password: "{{ WEBUI_PASSWORD }}"
|
||||
headers:
|
||||
Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7'
|
||||
validate_certs: no
|
||||
return_content: yes
|
||||
register: login_page
|
||||
|
||||
- name: Extract PHPSESSID from response cookies
|
||||
set_fact:
|
||||
phpsessid: "{{ login_page.cookies.PHPSESSID }}"
|
||||
|
||||
- name: Extract CSRF token name and value from the page content
|
||||
set_fact:
|
||||
csrf_tokens: "{{ login_page.content | regex_findall('<input[^>]*type=\"hidden\"[^>]*name=\"([^\"]+)\"[^>]*value=\"([^\"]+)\"') }}"
|
||||
|
||||
- name: Set CSRF token name and value
|
||||
set_fact:
|
||||
csrf_token_name: "{{ csrf_tokens[0][0] if csrf_tokens | length > 0 else 'Not found' }}"
|
||||
csrf_token_value: "{{ csrf_tokens[0][1] if csrf_tokens | length > 0 else 'Not found' }}"
|
||||
|
||||
- name: Display the PHPSESSID and CSRF token details
|
||||
debug:
|
||||
msg: "PHPSESSID is {{ phpsessid }}, CSRF token name is {{ csrf_token_name }}, CSRF token value is {{ csrf_token_value }}"
|
||||
|
||||
- name: Construct body
|
||||
set_fact:
|
||||
request_body: |
|
||||
{{ csrf_token_name}}={{ csrf_token_value }}&range_from=192.168.1.10&range_to=192.168.1.245&wins1=&wins2=&dns1=&dns2=&gateway=&domain=&domainsearchlist=&defaultleasetime=&maxleasetime=&minsecs=&interface_mtu=&failover_peerip=&failover_split=&ddnsdomain=&ddnsdomainprimary=&ddnsdomainkeyname=&ddnsdomainkey=&ddnsdomainalgorithm=hmac-md5&mac_allow=&mac_deny=&ntp1=&ntp2=&tftp=&bootfilename=&ldap=&nextserver=192.168.1.1&filename=&filename32=&filename64=bootx64.efi&filename32arm=&filename64arm=&filenameipxe=&rootpath=&omapiport=&omapialgorithm=&omapikey=&numberoptions_number%5B%5D=&numberoptions_type%5B%5D=text&numberoptions_value%5B%5D=&if=lan&submit=Save'
|
||||
|
||||
- name: Send POST request to update DHCP settings
|
||||
uri:
|
||||
url: "https://192.168.1.1/services_dhcp.php?if=lan"
|
||||
method: POST
|
||||
headers:
|
||||
Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7'
|
||||
Content-Type: 'application/x-www-form-urlencoded'
|
||||
Cookie: "PHPSESSID={{ phpsessid }}"
|
||||
Origin: "https://192.168.1.1"
|
||||
Referer: "https://192.168.1.1/services_dhcp.php?if=lan"
|
||||
X-CSRFToken: "{{ csrf_token_value }}"
|
||||
body_format: form-urlencoded
|
||||
body: "{{ request_body }}"
|
||||
validate_certs: no
|
||||
return_content: yes
|
||||
register: dhcp_update_response
|
||||
|
||||
- name: Display the response from the DHCP update request
|
||||
debug:
|
||||
msg: "{{ dhcp_update_response.content }}"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
# request_body: |
|
||||
# {{ csrf_token_name }}={{ csrf_token_value }}&range_from=192.168.1.10&range_to=192.168.1.245&wins1=&wins2=&dns1=&dns2=&gateway=&domain=&domainsearchlist=&defaultleasetime=&maxleasetime=&minsecs=&interface_mtu=&failover_peerip=&failover_split=&ddnsdomain=&ddnsdomainprimary=&ddnsdomainkeyname=&ddnsdomainkey=&ddnsdomainalgorithm=hmac-md5&mac_allow=&mac_deny=&ntp1=&ntp2=&tftp=&bootfilename=&ldap=&nextserver=192.168.1.1&filename=&filename32=&filename64=bootx64.efi&filename32arm=&filename64arm=&filenameipxe=&rootpath=&omapiport=&omapialgorithm=&omapikey=&numberoptions_number%5B%5D=&numberoptions_type%5B%5D=text&numberoptions_value%5B%5D=&if=lan&submit=Save
|
||||
|
47
watchguard/ansible/network-boot.yml.startExample
Normal file
47
watchguard/ansible/network-boot.yml.startExample
Normal file
@ -0,0 +1,47 @@
|
||||
---
|
||||
- name: Make an HTTPS API call with basic auth
|
||||
hosts: localhost
|
||||
gather_facts: no
|
||||
|
||||
tasks:
|
||||
- name: Enable network booting via API
|
||||
uri:
|
||||
#url: "{{ API_URL }}/dhcpv4/service/reconfigure?if=lan"
|
||||
#url: "{{ API_URL }}/dhcpv4/service/start"
|
||||
url: "{{ API_URL }}/dhcpv4/service/reconfigure"
|
||||
method: POST
|
||||
user: "{{ API_KEY }}"
|
||||
password: "{{ API_SECRET }}"
|
||||
force_basic_auth: yes
|
||||
headers:
|
||||
Content-Type: "application/json"
|
||||
body: >
|
||||
{
|
||||
"enable": "no",
|
||||
"submit": "Save",
|
||||
"if": "lan"
|
||||
}
|
||||
body_format: json
|
||||
validate_certs: no
|
||||
return_content: yes
|
||||
register: api_response
|
||||
|
||||
- name: Print API response
|
||||
debug:
|
||||
var: api_response.content
|
||||
|
||||
# {
|
||||
# "interface": "lan",
|
||||
# "next-server": "{{ tftp_server_ip }}",
|
||||
# "filename": "{{ bootfile }}",
|
||||
# "root-path": "{{ root_path }}"
|
||||
# }
|
||||
#
|
||||
# body: >
|
||||
# {
|
||||
# "lan": {
|
||||
# "enable": "yes",
|
||||
# "submit": "Save",
|
||||
# "if": "lan"
|
||||
# }
|
||||
# }
|
1
watchguard/ansible/opnsense.key
Normal file
1
watchguard/ansible/opnsense.key
Normal file
@ -0,0 +1 @@
|
||||
zJhbadKcWsdY2HM47s1yLp5givIiTln0nf5CTw81igYxvFnvq8n67Ba5/MaLMSZ4EP13wphZTfHh0Nz8
|
39
watchguard/ansible/tftp.yml
Normal file
39
watchguard/ansible/tftp.yml
Normal file
@ -0,0 +1,39 @@
|
||||
---
|
||||
- name: Configure inetd service and uncomment tftp lines
|
||||
hosts: all
|
||||
gather_facts: no
|
||||
tasks:
|
||||
- name: Enable inetd in /etc/rc.conf
|
||||
lineinfile:
|
||||
path: /etc/rc.conf
|
||||
line: 'inetd_enable="YES"'
|
||||
create: yes
|
||||
state: present
|
||||
become: yes
|
||||
|
||||
- name: Uncomment tftp lines in /etc/inetd.conf
|
||||
lineinfile:
|
||||
path: /etc/inetd.conf
|
||||
regexp: '^#\s*(tftp.*)'
|
||||
line: '\1'
|
||||
backrefs: yes
|
||||
state: present
|
||||
become: yes
|
||||
with_items: # I don't like that but it works...
|
||||
- 'tftp'
|
||||
- 'tftp'
|
||||
|
||||
- name: Create /tftpboot directory
|
||||
file:
|
||||
path: /tftpboot
|
||||
state: directory
|
||||
owner: root
|
||||
group: wheel
|
||||
mode: '0755'
|
||||
become: yes
|
||||
|
||||
- name: Restart inetd service
|
||||
service:
|
||||
name: inetd
|
||||
state: restarted
|
||||
become: yes
|
5
watchguard/tftpboot/boot/grub/grub.cfg
Normal file
5
watchguard/tftpboot/boot/grub/grub.cfg
Normal file
@ -0,0 +1,5 @@
|
||||
menuentry "Install Ubuntu Server" {
|
||||
set gfxpayload=keep
|
||||
linux linux iso-url=https://releases.ubuntu.com/23.04/ubuntu-23.04-live-server-amd64.iso ip=dhcp ---
|
||||
initrd initrd
|
||||
}
|
BIN
watchguard/tftpboot/bootx64.efi
(Stored with Git LFS)
Normal file
BIN
watchguard/tftpboot/bootx64.efi
(Stored with Git LFS)
Normal file
Binary file not shown.
5
watchguard/tftpboot/grub.cfg
Normal file
5
watchguard/tftpboot/grub.cfg
Normal file
@ -0,0 +1,5 @@
|
||||
menuentry "Install Ubuntu Server" {
|
||||
set gfxpayload=keep
|
||||
linux linux iso-url=https://releases.ubuntu.com/23.04/ubuntu-23.04-live-server-amd64.iso ip=dhcp ---
|
||||
initrd initrd
|
||||
}
|
48
watchguard/tftpboot/grub/grub.cfg
Normal file
48
watchguard/tftpboot/grub/grub.cfg
Normal file
@ -0,0 +1,48 @@
|
||||
menuentry "Install Ubuntu Server" {
|
||||
set gfxpayload=keep
|
||||
linux linux iso-url=https://releases.ubuntu.com/23.04/ubuntu-23.04-live-server-amd64.iso ip=dhcp ---
|
||||
initrd initrd
|
||||
}
|
||||
|
||||
menuentry 'RHCOS PXE Bootstrap' {
|
||||
set http_server="http://192.168.1.1"
|
||||
set version="4.7.0"
|
||||
set architecture="x86_64"
|
||||
|
||||
#linux ${http_server}/rhcos-${version}-live-kernel-${architecture} coreos.live.rootfs_url=${http_server}/rhcos-${version}-live-rootfs.${architecture}.img coreos.inst.install_dev=/dev/sda coreos.inst.ignition_url=${http_server}/bootstrap.ign
|
||||
linux okd/fedora-coreos-38.20231002.3.1-live-kernel-x86_64 coreos.live.rootfs_url=http://192.168.3.102:/ks/okd/fedora-coreos-38.20231002.3.1-live-rootfs.x86_64.img coreos.inst.install_dev=/dev/sda coreos.inst.ignition_url=http://192.168.3.102:/ks/okd/bootstrap.ign
|
||||
initrd okd/fedora-coreos-38.20231002.3.1-live-initramfs.x86_64.img
|
||||
}
|
||||
|
||||
menuentry 'RHCOS PXE Master' {
|
||||
set http_server="http://192.168.1.1"
|
||||
set version="4.7.0"
|
||||
set architecture="x86_64"
|
||||
|
||||
#linux ${http_server}/rhcos-${version}-live-kernel-${architecture} coreos.live.rootfs_url=${http_server}/rhcos-${version}-live-rootfs.${architecture}.img coreos.inst.install_dev=/dev/sda coreos.inst.ignition_url=${http_server}/master.ign
|
||||
linux okd/fedora-coreos-38.20231002.3.1-live-kernel-x86_64 coreos.live.rootfs_url=http://192.168.3.102:/ks/okd/fedora-coreos-38.20231002.3.1-live-rootfs.x86_64.img coreos.inst.install_dev=/dev/sda coreos.inst.ignition_url=http://192.168.3.102:/ks/okd/master.ign
|
||||
initrd okd/fedora-coreos-38.20231002.3.1-live-initramfs.x86_64.img
|
||||
#initrd https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/38.20231002.3.1/x86_64/fedora-coreos-38.20231002.3.1-live-initramfs.x86_64.img
|
||||
}
|
||||
|
||||
menuentry 'RHCOS PXE Worker sda' {
|
||||
set http_server="http://192.168.1.1"
|
||||
set version="4.7.0"
|
||||
set architecture="x86_64"
|
||||
|
||||
#linux ${http_server}/rhcos-${version}-live-kernel-${architecture} coreos.live.rootfs_url=${http_server}/rhcos-${version}-live-rootfs.${architecture}.img coreos.inst.install_dev=/dev/sda coreos.inst.ignition_url=${http_server}/worker.ign
|
||||
linux okd/fedora-coreos-38.20231002.3.1-live-kernel-x86_64 coreos.live.rootfs_url=http://192.168.3.102:/ks/okd/fedora-coreos-38.20231002.3.1-live-rootfs.x86_64.img coreos.inst.install_dev=/dev/sda coreos.inst.ignition_url=http://192.168.3.102:/ks/okd/worker.ign
|
||||
initrd okd/fedora-coreos-38.20231002.3.1-live-initramfs.x86_64.img
|
||||
#initrd https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/38.20231002.3.1/x86_64/fedora-coreos-38.20231002.3.1-live-initramfs.x86_64.img
|
||||
}
|
||||
|
||||
menuentry 'RHCOS PXE Worker sdh' {
|
||||
set http_server="http://192.168.1.1"
|
||||
set version="4.7.0"
|
||||
set architecture="x86_64"
|
||||
|
||||
#linux ${http_server}/rhcos-${version}-live-kernel-${architecture} coreos.live.rootfs_url=${http_server}/rhcos-${version}-live-rootfs.${architecture}.img coreos.inst.install_dev=/dev/sda coreos.inst.ignition_url=${http_server}/worker.ign
|
||||
linux okd/fedora-coreos-38.20231002.3.1-live-kernel-x86_64 coreos.live.rootfs_url=http://192.168.3.102:/ks/okd/fedora-coreos-38.20231002.3.1-live-rootfs.x86_64.img coreos.inst.install_dev=/dev/sdh coreos.inst.ignition_url=http://192.168.3.102:/ks/okd/worker.ign
|
||||
initrd okd/fedora-coreos-38.20231002.3.1-live-initramfs.x86_64.img
|
||||
#initrd https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/38.20231002.3.1/x86_64/fedora-coreos-38.20231002.3.1-live-initramfs.x86_64.img
|
||||
}
|
BIN
watchguard/tftpboot/grubx64.efi
(Stored with Git LFS)
Normal file
BIN
watchguard/tftpboot/grubx64.efi
(Stored with Git LFS)
Normal file
Binary file not shown.
BIN
watchguard/tftpboot/initrd
(Stored with Git LFS)
Normal file
BIN
watchguard/tftpboot/initrd
(Stored with Git LFS)
Normal file
Binary file not shown.
BIN
watchguard/tftpboot/ldlinux.c32
Normal file
BIN
watchguard/tftpboot/ldlinux.c32
Normal file
Binary file not shown.
BIN
watchguard/tftpboot/linux
(Stored with Git LFS)
Normal file
BIN
watchguard/tftpboot/linux
(Stored with Git LFS)
Normal file
Binary file not shown.
BIN
watchguard/tftpboot/memtest/memtest86+
Normal file
BIN
watchguard/tftpboot/memtest/memtest86+
Normal file
Binary file not shown.
@ -0,0 +1 @@
|
||||
../../images-nogit/fedora-coreos-38.20231002.3.1-live-initramfs.x86_64.img
|
@ -0,0 +1 @@
|
||||
../../images-nogit/fedora-coreos-38.20231002.3.1-live-kernel-x86_64
|
@ -0,0 +1 @@
|
||||
../../images-nogit/fedora-coreos-38.20231002.3.1-live-rootfs.x86_64.img
|
BIN
watchguard/tftpboot/pxelinux.0
Normal file
BIN
watchguard/tftpboot/pxelinux.0
Normal file
Binary file not shown.
5
watchguard/tftpboot/pxelinux.cfg/default
Normal file
5
watchguard/tftpboot/pxelinux.cfg/default
Normal file
@ -0,0 +1,5 @@
|
||||
DEFAULT install
|
||||
LABEL install
|
||||
KERNEL linux
|
||||
INITRD initrd
|
||||
APPEND root=/dev/ram0 ramdisk_size=1500000 ip=dhcp iso-url=https://releases.ubuntu.com/23.04/ubuntu-23.04-live-server-amd64.iso ---
|
Loading…
Reference in New Issue
Block a user