Implement experimental PXE boot provisioning server

.gitignore

@@ -1,3 +1,5 @@
 launchSettings.json
 *.csproj.user
-TestResults/
+TestResults/
+UET/Lib/Container/rkm-initrd-builder/static
+UET/Lib/Container/rkm-initrd-builder/storage/

UET/Lib/Container/rkm-initrd-builder/.dockerignore

@@ -0,0 +1,3 @@
+static/
+static-old/
+BuildAndCopy.ps1

UET/Lib/Container/rkm-initrd-builder/BuildAndCopy.ps1

@@ -0,0 +1,45 @@
+param([switch] $SkipDotNet, [switch] $OnlyDotNet)
+
+if (!$SkipDotNet) {
+    Push-Location $PSScriptRoot\..\..\..\uet
+    try {
+        dotnet publish -c Release -r linux-x64
+        if ($LastExitCode -ne 0) { exit $LastExitCode }
+        dotnet publish -c Release -r win-x64
+        if ($LastExitCode -ne 0) { exit $LastExitCode }
+
+        Copy-Item -Force ".\bin\Release\net9.0\linux-x64\publish\uet" "$PSScriptRoot\static"
+        Copy-Item -Force ".\bin\Release\net9.0\win-x64\publish\uet.exe" "$PSScriptRoot\static"
+    } finally {
+        Pop-Location
+    }
+}
+
+if ($OnlyDotNet) {
+    exit 0
+}
+
+Push-Location $PSScriptRoot
+try {
+    docker build . -f .\copy.Dockerfile --tag copy-buildroot
+    if ($LastExitCode -ne 0) { exit $LastExitCode }
+
+    $ContainerId = $(docker run --rm --detach copy-buildroot)
+    $ContainerId = $ContainerId.Trim()
+
+    docker cp "${ContainerId}:/static/vmlinuz" static/vmlinuz
+    if ($LastExitCode -ne 0) { exit $LastExitCode }
+    docker cp "${ContainerId}:/static/initrd" static/initrd
+    if ($LastExitCode -ne 0) { exit $LastExitCode }
+    docker cp "${ContainerId}:/static/ipxe.efi" static/ipxe.efi
+    if ($LastExitCode -ne 0) { exit $LastExitCode }
+    docker cp "${ContainerId}:/static/wimboot" static/wimboot
+    if ($LastExitCode -ne 0) { exit $LastExitCode }
+    docker cp "${ContainerId}:/static/background.png" static/background.png
+    if ($LastExitCode -ne 0) { exit $LastExitCode }
+
+    docker stop -t 0 $ContainerId
+    if ($LastExitCode -ne 0) { exit $LastExitCode }
+} finally {
+    Pop-Location
+}

UET/Lib/Container/rkm-initrd-builder/copy.Dockerfile

@@ -0,0 +1,5 @@
+FROM ghcr.io/redpointgames/uet/buildroot-prebuilt-base:latest AS source
+
+FROM busybox
+COPY --from=source /static /static
+ENTRYPOINT [ "/bin/sleep", "3600" ]

UET/Lib/Container/rkm-initrd-builder/files/usr/lib/systemd/system/display-manager.service

@@ -5,7 +5,8 @@ After=xorg.service
 
 [Service]
 Type=simple
-ExecStart=/usr/bin/evilwm --bw 5 --display :0.0
-ExecStartPost=/bin/bash -c "grep rkm-in-recovery /proc/cmdline && DISPLAY=:0.0 feh --bg-scale /usr/share/background-x11-recovery.png --no-fehbg || DISPLAY=:0.0 feh --bg-scale /usr/share/background-x11.png --no-fehbg || true"
-Restart=always
-RestartSec=1s
+ExecStartPre=/bin/timeout 1s /bin/xset q
+ExecStart=/usr/bin/evilwm --bw 5
+ExecStartPost=/bin/bash -c "grep rkm-in-recovery /proc/cmdline && feh --bg-scale /usr/share/background-x11-recovery.png --no-fehbg || feh --bg-scale /usr/share/background-x11.png --no-fehbg || true"
+RestartSec=1s
+Environment="DISPLAY=:0"

UET/Lib/Container/rkm-initrd-builder/files/usr/lib/systemd/system/rkm-initrd.target

@@ -1,7 +1,7 @@
 [Unit]
 Description=RKM Initrd Target
 Requires=basic.target network.target
-Wants=dbus.service systemd-networkd.service rkm-rescue-shell.service xorg.service display-manager.service rkm-provision-client.service
+Wants=dbus.service systemd-networkd.service rkm-provisioning.target
 Conflicts=multi-user.target rescue.service rescue.target
 After=multi-user.target rescue.service rescue.target systemd-networkd.service
 AllowIsolate=yes

UET/Lib/Container/rkm-initrd-builder/files/usr/lib/systemd/system/rkm-provision-client.service

@@ -1,13 +1,13 @@
 [Unit]
 Description=RKM Provision Client
-Requires=display-manager.service
-After=display-manager.service
+Requires=xorg.service display-manager.service
+After=xorg.service display-manager.service
 
 [Service]
 Type=simple
-ExecStart=/usr/bin/xterm -bg black -fg white -maximized -e /bin/bash -c '/usr/bin/uet-bootstrap internal pxeboot provision-client; systemctl reboot'
-Restart=always
+ExecStartPre=/bin/timeout 1s /bin/xset q
+ExecStart=/usr/bin/xterm -bg black -fg white -maximized -e /bin/bash -c '/usr/bin/uet-bootstrap internal pxeboot provision-client'
 RestartSec=1s
 Environment="DOTNET_BUNDLE_EXTRACT_BASE_DIR=/tmp/dotnet-bundle"
 Environment="GRPC_PIPE_PATH_USER=/tmp/.grpc"
-Environment="DISPLAY=:0.0"
+Environment="DISPLAY=:0"

UET/Lib/Container/rkm-initrd-builder/files/usr/lib/systemd/system/rkm-provisioning.target

@@ -0,0 +1,3 @@
+[Unit]
+Description=RKM Provisioning Services
+Upholds=xorg.service display-manager.service rkm-rescue-shell.service rkm-provision-client.service

UET/Lib/Container/rkm-initrd-builder/files/usr/lib/systemd/system/rkm-rescue-shell.service

@@ -6,6 +6,6 @@ Type=simple
 ExecStart=/bin/bash
 StandardInput=tty
 StandardOutput=tty
-Restart=always
+RestartSec=1s
 TimeoutStopSec=0
 KillSignal=SIGKILL

UET/Lib/Container/rkm-initrd-builder/setup.sh

@@ -6,4 +6,7 @@ set -x
 if [ "$TARGET_DIR" == "" ]; then
   echo "TARGET_DIR not set!"
   exit 1
-fi
+fi
+
+chmod a-x $TARGET_DIR/usr/lib/systemd/system/*.service
+chmod a-x $TARGET_DIR/usr/lib/systemd/system/*.target

UET/Lib/Helm/rkm-crds/templates/rkm.redpoint.games_rkmnode.yaml

@@ -33,6 +33,12 @@ spec:
                 description: If true, the node will forcibly reprovision the operating system even if it's already provisioned.
                 nullable: true
                 type: boolean
+              inactiveBootEntries:
+                description: A list of boot entries that RKM should set to inactive during provisioning. This can be used to disable network boot entries from network adapters that are not attached, speeding up the boot process. Entries not in this list will always be set to active.
+                nullable: true
+                type: array
+                items:
+                  type: string
           status:
             type: object
             properties:
@@ -68,15 +74,70 @@ spec:
               architecture:
                 type: string
                 description: Specifies the CPU architecture of this machine.
+              provisioner:
+                type: object
+                nullable: true
+                description: The current provisioner state for this node.
+                properties:
+                  name:
+                    type: string
+                  hash:
+                    type: string
+                  lastStepCommittedIndex:
+                    type: number
+                  rebootStepIndex:
+                    type: number
+                  rebootNotificationForOnceViaNotifyOccurred:
+                    type: boolean
+                  currentStepIndex:
+                    type: number
+                  currentStepStarted:
+                    type: boolean
+              lastSuccessfulProvision:
+                type: object
+                nullable: true
+                description: Information about the last time this node was successfully provisioned. This is used to automatically detect when the node is out-of-date with the provisioner and trigger a reprovision.
+                properties:
+                  name:
+                    type: string
+                  hash:
+                    type: string
+              registeredIpAddresses:
+                type: array
+                items:
+                  type: object
+                  properties:
+                    address:
+                      type: string
+                    expiresAt:
+                      type: string
+                      format: date-time
+              bootToDisk:
+                type: boolean
+              bootEntries:
+                description: The list of boot entries in the EFI firmware, automatically synchronised whenever the initrd starts up. This can be used to then set inactiveBootEntries if needed.
+                nullable: true
+                type: array
+                items:
+                  type: object
+                  properties:
+                    bootId:
+                      type: string
+                      description: The boot ID; this should be the value set into inactiveBootEntries.
+                    name:
+                      type: string
+                      description: The boot entry name.
+                    path:
+                      type: string
+                      description: The boot entry path.
+                    active:
+                      type: boolean
+                      description: If the entry was active last time the initrd environment ran.
     selectableFields:
     - jsonPath: .spec.nodeName
     - jsonPath: .spec.nodeGroup
     - jsonPath: .spec.authorized
     additionalPrinterColumns:
-    - jsonPath: .status.attestationIdentityKeyFingerprint
-      name: "Fingerprint"
-      description: The fingerprint of the attestation identity key.
-      type: string
     - jsonPath: .spec.nodeName
       name: "Node Name"
       description: The name given to this node if it is authorized. You can't authorize a node without giving it a name.

UET/Lib/Helm/rkm-crds/templates/rkm.redpoint.games_rkmnodegroup.yaml

@@ -20,37 +20,21 @@ spec:
           spec:
             type: object
             properties:
-              platform:
+              provisioner:
                 type: string
                 nullable: true
-                description: Specifies the platform that this machine should be provisioned as. If not set, nodes in this group will provision as the first platform they are capable of running.
-                enum: [Windows, Linux, Mac]
-              activeDirectory:
+                description: Specifies the provisioner to use to provision this machine.
+              provisionerArguments:
                 type: object
+                description: An arbitrary map of parameter values that should be available when provisioning. These will override the default parameter values that the provisioner has set. Each entry here will be cause '{{`{{param:<key>}}`}}' to be substituted, and RKM_PARAM_KEY_NAME_TRANSFORMED as an environment variable. KEY_NAME_TRANSFORMED is the key transformed such that 'keyNameTransformed' is 'KEY_NAME_TRANSFORMED'.
+                x-kubernetes-preserve-unknown-fields: true
                 nullable: true
-                properties:
-                  domain:
-                    type: string
-                    description: The Active Directory domain that this machine will be joined to.
-                  join:
-                    type: boolean
-                    description: If true, this machine will be joined to Active Directory.
-                  computerGroups:
-                    description: The list of groups that the machine's Active Directory account will be a member of.
-                    type: array
-                    items:
-                      type: string
+              clusterControllerIpAddress:
+                type: string
+                nullable: true
+                description: If set, overrides the Kubernetes controller IP address that provisioned machines should join.
     selectableFields: []
     additionalPrinterColumns:
-    - jsonPath: .spec.platform
-      name: "Platform"
-      type: string
-    - jsonPath: .spec.activeDirectory.domain
-      name: "AD Domain"
-      type: string
-    - jsonPath: .spec.activeDirectory.join
-      name: "AD Join"
-      type: string
-    - jsonPath: .spec.activeDirectory.computerGroups[*]
-      name: "AD Computer Groups"
+    - jsonPath: .spec.provisioner
+      name: "Provisioner"
       type: string

UET/Lib/Helm/rkm-crds/templates/rkm.redpoint.games_rkmnodeprovisioner.yaml

@@ -0,0 +1,36 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: rkmnodeprovisioners.rkm.redpoint.games
+spec:
+  group: rkm.redpoint.games
+  scope: Cluster
+  names:
+    plural: rkmnodeprovisioners
+    singular: rkmnodeprovisioner
+    kind: RkmNodeProvisioner
+    shortNames:
+    - rkmprovisioner
+    - rkmprovisioners
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            type: object
+            properties:
+              parameters:
+                type: object
+                description: An arbitrary map of parameters that should be available when provisioning. Each entry here will be cause '{{`{{param:<key>}}`}}' to be substituted, and RKM_PARAM_KEY_NAME_TRANSFORMED as an environment variable. KEY_NAME_TRANSFORMED is the key transformed such that 'keyNameTransformed' is 'KEY_NAME_TRANSFORMED'. The values in this map are the default values for the parameters, which can be overridden by setting an entry inside 'provisionerArguments' on the node group.
+                x-kubernetes-preserve-unknown-fields: true
+                nullable: true
+              steps:
+                type: array
+                items:
+                  type: object
+                  x-kubernetes-preserve-unknown-fields: true
+    selectableFields: []