mosigra wiki

• https://ipxe.org/docs#starting_ipxe
• https://networkboot.org/fundamentals/
• http://tdkare.ru/sysadmin/index.php/IPXE
• http://tdkare.ru/sysadmin/index.php/Atftpd
• https://qsetup.ru/mikrotik-pxe-boot-uefi/
• https://wtware.ru/docs5/dhcp.html
• http://wtware.ru/netman/netman1.html#dhcp
• https://serverfault.com/questions/859934/ubuntu-16-04-nfs-kernel-server-wont-start
• https://github.com/canonical/lxd/issues/2703
• https://github.com/canonical/lxd/issues/3989
• https://unix.stackexchange.com/questions/450308/how-to-allow-specific-proxmox-lxc-containers-to-mount-nfs-shares-on-the-network
• https://forum.proxmox.com/threads/nfs-file-system-mount-problem-apparmor.31706/
• https://infdots.blogspot.com/2019/01/nfs-lxc-proxmox-53.html
• https://linuxcontainers.org/lxc/manpages/man5/lxc.container.conf.5.html
• https://forum.proxmox.com/threads/is-it-possible-to-run-a-nfs-server-within-a-lxc.24403/
• https://theorangeone.net/posts/mount-nfs-inside-lxc/
• https://forum.proxmox.com/threads/lxc-security-nesting.44726/
• https://virtualizeeverything.com/2022/06/14/nfs-server-in-proxmox-ct-lxc-container/
• https://linuxhint.com/pxe_boot_ubuntu_server/
• https://www.ipxe.org/cmd
• https://support.kaspersky.ru/krd18/howto/15271#block2
• https://forum.kaspersky.com/topic/rescue-disk-error-cannot-find-device-with-datakerneldat-2948/
• https://linuxize.com/post/how-to-mount-an-nfs-share-in-linux/
• https://ipxe.org/err/3c0920
• https://kvashnik.blogspot.com/2019/08/kaspersky-rescue-disk-2018-ipxe.html
• https://habr.com/ru/articles/140002/
• https://forum.wtware.com/viewtopic.php?t=48362
• https://habr.com/ru/articles/681142/
• https://linuxguideandhints.com/el/pxeboot.html
• https://wiki.debian.org/GRUB2?action=show&redirect=Grub2
• https://gist.github.com/robinsmidsrod/2234639

atftpd в ubuntu 22.04 не принимает файлы (только на чтение), проблема в правах доступа у динамического пользователя, решения два, либо разбираться с правами этого пользователя https://0pointer.net/blog/dynamic-users-with-systemd.html, либо убирать этого динамического пользователя

# DynamicUser=yes

из файла

/lib/systemd/system/atftpd.service

в непривилегированном контейнере nfs server не запустить, контейнер должен быть привилегированным и в настройках например тут /etc/pve/lxc/128.conf должно быть:

lxc.apparmor.profile: unconfined

nano /etc/ssh/sshd_config

PermitRootLogin yes

service ssh restart dpkg-reconfigure tzdata dpkg-reconfigure locales apt update && apt upgrade apt install build-essential liblzma-dev isolinux git tree atftp atftpd nfs-kernel-server mkdir -pv /pxeboot/{config,firmware,os-images} git clone https://github.com/ipxe/ipxe.git cd ipxe/src nano bootconfig.ipxe

#!ipxe

dhcp
chain tftp://192.168.7.4/config/boot.ipxe

make bin/ipxe.pxe bin/undionly.kpxe bin/undionly.kkpxe bin/undionly.kkkpxe bin-x86_64-efi/ipxe.efi EMBED=bootconfig.ipxe cp -v bin/{ipxe.pxe,undionly.kpxe,undionly.kkpxe,undionly.kkkpxe} bin-x86_64-efi/ipxe.efi /pxeboot/firmware/ cd nano /lib/systemd/system/atftpd.service

#DynamicUser=yes

nano /etc/default/atftpd.pcre

(\S*)\\(\S*)||(\S*)||(\S*) $1/$2/$3/$4
(\S*)\\(\S*)\\(\S*)        $1/$2/$3
(\S*)\\(\S*)               $1/$2

nano /etc/default/atftpd

## Options for atftpd:
OPTIONS="--port 69 --tftpd-timeout 300 --retry-timeout 5 --mcast-port 1758 --mcast-addr 239.239.239.0-255 --mcast-ttl 1 --maxthread 100 --verbose=5 --pcre /etc/default/atftpd.pcre /pxeboot"

systemctl daemon-reload systemctl is-enabled atftpd.service systemctl is-enabled atftpd.socket systemctl is-enabled nfs-server.service systemctl start nfs-server.service systemctl status nfs-server.service systemctl status atftpd.socket systemctl status atftpd.service nano /etc/exports

/pxeboot           *(ro,sync,no_wdelay,insecure_locks,no_root_squash,insecure,no_subtree_check)

exportfs -av chown -R root:root /pxeboot/

#!ipxe

set server_ip  192.168.7.4
set root_path  /pxeboot

menu Select an OS to boot
item ubuntu-22.04.2-desktop-amd64           Install Ubuntu Desktop 22.04.2 LTS
item Fedora-Workstation-Live-x86_64-38-1.6  Install Fedora Workstation Live 38-1.6
item krd                                    Start Kaspersky Rescue Disk

choose --default exit --timeout 10000 option && goto ${option}

:ubuntu-22.04.2-desktop-amd64
set os_root os-images/ubuntu-22.04.2-desktop-amd64
kernel tftp://${server_ip}/${os_root}/casper/vmlinuz
initrd tftp://${server_ip}/${os_root}/casper/initrd
imgargs vmlinuz initrd=initrd boot=casper maybe-ubiquity netboot=nfs ip=dhcp nfsroot=${server_ip}:${root_path}/${os_root} quiet splash ---
boot

:Fedora-Workstation-Live-x86_64-38-1.6
set os_root os-images/Fedora-Workstation-Live-x86_64-38-1.6
kernel tftp://${server_ip}/${os_root}/images/pxeboot/vmlinuz
initrd tftp://${server_ip}/${os_root}/images/pxeboot/initrd.img
imgargs vmlinuz initrd=initrd.img ip=dhcp rd.live.image root=live:nfs://${server_ip}${root_path}/${os_root}/LiveOS/squashfs.img
boot

:krd
set os_root os-images/krd
cpuid --ext 29 && set arch _64 || set arch
iseq ${platform} efi && iseq ${buildarch} x86_64 && set arch _64 ||
iseq ${platform} efi && iseq ${buildarch} i386 && set arch ||
#shell
kernel tftp://${server_ip}/${os_root}/boot/grub/k-x86${arch}
initrd tftp://${server_ip}/${os_root}/boot/grub/initrd.xz
imgargs k-x86${arch} initrd=initrd.xz netboot=nfs://${server_ip}:${root_path}/${os_root} net.ifnames=0 lang=en dostartx
boot

</pre>