@underpostnet/underpost 2.99.4 → 2.99.6

package/src/cli/cloud-init.js

@@ -122,8 +122,6 @@ ${Underpost.baremetal.stepsRender(
     `cloud-init modules --mode=config`,
     `sleep 3`,
     `cloud-init modules --mode=final`,
-    `sleep 3`,
-    `/underpost/enlistment.sh`,
   ],
   false,
 )}`,
@@ -190,45 +188,6 @@ cat /etc/default/keyboard`,
           logger.info('Build', `${nfsHostToolsPath}/device_scan.sh`);
           fs.copySync(`${underpostRoot}/scripts/device-scan.sh`, `${nfsHostToolsPath}/device_scan.sh`);
 
-          // Build and write the MAAS enlistment script.
-          logger.info('Build', `${nfsHostToolsPath}/enlistment.sh`);
-          fs.writeFileSync(
-            `${nfsHostToolsPath}/enlistment.sh`,
-            `#!/bin/bash
-set -x
-
-# ------------------------------------------------------------
-# Step: Commission a machine in MAAS using OAuth1 authentication
-# ------------------------------------------------------------
-
-MACHINE_ID=$(cat /underpost/system-id)
-CONSUMER_KEY=$(cat /underpost/consumer-key)
-TOKEN_KEY=$(cat /underpost/token-key)
-TOKEN_SECRET=$(cat /underpost/token-secret)
-
-echo ">>> Starting MAAS machine commissioning for system_id: $MACHINE_ID …"
-
-curl -X POST \\
-  --fail --location --verbose --include --raw --trace-ascii /dev/stdout\\
-  --header "Authorization:\\
-  OAuth oauth_version=1.0,\\
-  oauth_signature_method=PLAINTEXT,\\
-  oauth_consumer_key=$CONSUMER_KEY,\\
-  oauth_token=$TOKEN_KEY,\\
-  oauth_signature=&$TOKEN_SECRET,\\
-  oauth_nonce=$(uuidgen),\\
-  oauth_timestamp=$(date +%s)"\\
-  -F "commissioning_scripts=20-maas-01-install-lldpd"\\
-  -F "enable_ssh=1"\\
-  -F "skip_bmc_config=1"\\
-  -F "skip_networking=1"\\
-  -F "skip_storage=1"\\
-  -F "testing_scripts=none"\\
-  http://${callbackMetaData.runnerHost.ip}:5240/MAAS/api/2.0/machines/$MACHINE_ID/op-commission \\
-  2>&1 | tee /underpost/enlistment.log || echo "ERROR: MAAS commissioning returned code $?"`,
-            'utf8',
-          );
-
           // Import SSH keys for root user.
           logger.info('Import ssh keys');
           shellExec(`sudo rm -rf ${nfsHostPath}/root/.ssh`);
@@ -261,6 +220,12 @@ curl -X POST \\
      * @param {boolean} params.ubuntuToolsBuild - Flag to determine if Ubuntu tools should be built.
      * @param {string} [params.bootcmd] - Optional custom commands to run during boot.
      * @param {string} [params.runcmd] - Optional custom commands to run during first boot.
+     * @param {object} [params.write_files] - Optional array of files to write during cloud-init, each with path, permissions, owner, and content.
+     * @param {string} [params.write_files[].path] - The file path where the content will be written on the target machine.
+     * @param {string} [params.write_files[].permissions] - The file permissions to set for the written file (e.g., '0644').
+     * @param {string} [params.write_files[].owner] - The owner of the written file (e.g., 'root:root').
+     * @param {string} [params.write_files[].content] - The content to write into the file.
+     * @param {boolean} [params.write_files[].defer] - Whether to defer writing the file until the 'final' stage of cloud-init.
      * @param {object} [authCredentials={}] - Optional MAAS authentication credentials.
      * @returns {object} The generated cloud-init configuration content.
      * @memberof UnderpostCloudInit
@@ -278,6 +243,15 @@ curl -X POST \\
         ubuntuToolsBuild,
         bootcmd: bootcmdParam,
         runcmd: runcmdParam,
+        write_files = [
+          {
+            path: '',
+            permissions: '',
+            owner: '',
+            content: '',
+            defer: false,
+          },
+        ],
       },
       authCredentials = { consumer_key: '', consumer_secret: '', token_key: '', token_secret: '' },
     ) {
@@ -305,6 +279,7 @@ curl -X POST \\
       let runcmd = [
         'echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"',
         'echo "Init runcmd"',
+        'systemctl enable --now ssh',
         'echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"',
       ];
 
@@ -334,12 +309,14 @@ curl -X POST \\
             name: process.env.MAAS_ADMIN_USERNAME,
             sudo: ['ALL=(ALL) NOPASSWD:ALL'],
             shell: '/bin/bash',
-            lock_passwd: false,
+            lock_passwd: true,
             groups: 'sudo,users,admin,wheel,lxd',
-            plain_text_passwd: process.env.MAAS_ADMIN_USERNAME,
+            // plain_text_passwd: process.env.MAAS_ADMIN_USERNAME,
             ssh_authorized_keys: [fs.readFileSync(`/home/dd/engine/engine-private/deploy/id_rsa.pub`, 'utf8')],
           },
         ],
+        disable_root: true,
+        ssh_pwauth: false,
         timezone,
         ntp: {
           enabled: true,
@@ -360,6 +337,7 @@ curl -X POST \\
           'smartmontools',
           'net-tools',
           'util-linux',
+          'openssh-server',
         ],
         resize_rootfs: false,
         growpart: { mode: 'off' },
@@ -380,7 +358,7 @@ curl -X POST \\
         final_message: '====== Cloud init finished ======',
         bootcmd,
         runcmd,
-        disable_root: true,
+        write_files,
         preserve_hostname: false,
         cloud_init_modules: [
           // minimal for commissioning
@@ -394,37 +372,37 @@ curl -X POST \\
           'ssh', // enable/configure SSH for temporary access
 
           // optional modules (commented out by default)
-          // 'migrator',
-          // 'seed_random',
-          // 'growpart',
-          // 'resizefs',
-          // 'users-groups',
+          'migrator',
+          'seed_random',
+          'growpart',
+          'resizefs',
+          'users-groups',
         ],
         cloud_config_modules: [
           // minimal so MAAS can run commissioning scripts
           'runcmd', // commissioning / final script execution
           'mounts', // mount devices during commissioning if needed
-          // 'ntp',             // optional — enable if you want time sync
+          'ntp', // optional — enable if you want time sync
 
           // typically not required for basic commissioning (commented)
-          // 'emit_upstart',
-          // 'disk_setup',
-          // 'ssh-import-id',
-          // 'locale',
-          // 'set-passwords',
-          // 'grub-dpkg',
-          // 'apt-pipelining',
-          // 'apt-configure',
-          // 'package-update-upgrade-install', // heavy; do NOT enable by default
-          // 'landscape',
-          // 'timezone',
-          // 'puppet',
-          // 'chef',
-          // 'salt-minion',
-          // 'mcollective',
-          // 'disable-ec2-metadata',
-          // 'byobu',
-          // 'ssh-import-id', // duplicate in original list
+          'emit_upstart',
+          'disk_setup',
+          'ssh-import-id',
+          'locale',
+          'set-passwords',
+          'grub-dpkg',
+          'apt-pipelining',
+          'apt-configure',
+          'package-update-upgrade-install', // heavy; do NOT enable by default
+          'landscape',
+          'timezone',
+          'puppet',
+          'chef',
+          'salt-minion',
+          'mcollective',
+          'disable-ec2-metadata',
+          'byobu',
+          'ssh-import-id', // duplicate in original list
         ],
         cloud_final_modules: [
           // minimal suggestions so final scripts run and node reports status
@@ -432,64 +410,19 @@ curl -X POST \\
           'final-message', // useful for logs/reporting
 
           // optional / commented
-          // 'rightscale_userdata',
-          // 'scripts-vendor',
-          // 'scripts-per-once',
-          // 'scripts-user',
-          // 'ssh-authkey-fingerprints',
-          // 'keys-to-console',
-          // 'power-state-change', // use carefully (can poweroff/reboot)
+          'rightscale_userdata',
+          'scripts-vendor',
+          'scripts-per-once',
+          'scripts-user',
+          'ssh-authkey-fingerprints',
+          'keys-to-console',
+          'power-state-change', // use carefully (can poweroff/reboot)
         ],
       });
 
       return { cloudConfigSrc };
     },
 
-    /**
-     * @method authCredentialsFactory
-     * @description Retrieves MAAS API key credentials from the MAAS CLI.
-     * This method parses the output of `maas apikey` to extract the consumer key,
-     * consumer secret, token key, and token secret.
-     * @returns {object} An object containing the MAAS authentication credentials.
-     * @memberof UnderpostCloudInit
-     * @throws {Error} If the MAAS API key format is invalid.
-     */
-    authCredentialsFactory() {
-      // Expected formats:
-      // <consumer_key>:<consumer_token>:<secret> (older format)
-      // <consumer_key>:<consumer_secret>:<token_key>:<token_secret> (newer format)
-      // Commands used to generate API keys:
-      // maas apikey --with-names --username ${process.env.MAAS_ADMIN_USERNAME}
-      // maas ${process.env.MAAS_ADMIN_USERNAME} account create-authorisation-token
-      // maas apikey --generate --username ${process.env.MAAS_ADMIN_USERNAME}
-      // Reference: https://github.com/CanonicalLtd/maas-docs/issues/647
-
-      const parts = shellExec(`maas apikey --with-names --username ${process.env.MAAS_ADMIN_USERNAME}`, {
-        stdout: true,
-      })
-        .trim()
-        .split(`\n`)[0] // Take only the first line of output.
-        .split(':'); // Split by colon to get individual parts.
-
-      let consumer_key, consumer_secret, token_key, token_secret;
-
-      // Determine the format of the API key and assign parts accordingly.
-      if (parts.length === 4) {
-        [consumer_key, consumer_secret, token_key, token_secret] = parts;
-      } else if (parts.length === 3) {
-        // Handle older 3-part format, setting consumer_secret as empty.
-        [consumer_key, token_key, token_secret] = parts;
-        consumer_secret = '""';
-        token_secret = token_secret.split(' MAAS consumer')[0].trim(); // Clean up token secret.
-      } else {
-        // Throw an error if the format is not recognized.
-        throw new Error('Invalid token format');
-      }
-
-      logger.info('Maas api token generated', { consumer_key, consumer_secret, token_key, token_secret });
-      return { consumer_key, consumer_secret, token_key, token_secret };
-    },
-
     /**
      * @method generateCloudConfig
      * @description Generates a generic cloud-init configuration string.
@@ -518,6 +451,7 @@ curl -X POST \\
         growpart,
         network,
         runcmd,
+        write_files,
         final_message,
         bootcmd,
         disable_root,
@@ -645,6 +579,21 @@ curl -X POST \\
         runcmd.forEach((cmd) => yaml.push(`  - ${cmd}`));
       }
 
+      if (write_files) {
+        yaml.push('write_files:');
+        write_files.forEach((file) => {
+          yaml.push(`  - path: ${file.path}`);
+          if (file.encoding) yaml.push(`    encoding: ${file.encoding}`);
+          if (file.owner) yaml.push(`    owner: ${file.owner}`);
+          if (file.permissions) yaml.push(`    permissions: '${file.permissions}'`);
+          if (file.defer) yaml.push(`    defer: ${file.defer}`);
+          if (file.content) {
+            yaml.push(`    content: |`);
+            file.content.split('\n').forEach((line) => yaml.push(`      ${line}`));
+          }
+        });
+      }
+
       if (final_message) yaml.push(`final_message: "${final_message}"`);
 
       if (bootcmd) {
@@ -670,6 +619,57 @@ curl -X POST \\
 
       return yaml.join('\n');
     },
+
+    /**
+     * @method httpServerStaticFactory
+     * @description Writes cloud-init files (user-data, meta-data, vendor-data) to the bootstrap HTTP server path.
+     * @param {object} params
+     * @param {string} params.bootstrapHttpServerPath
+     * @param {string} params.hostname
+     * @param {string} params.cloudConfigSrc
+     * @param {string} [params.vendorData='']
+     * @memberof UnderpostCloudInit
+     * @returns {void}
+     */
+    httpServerStaticFactory({ bootstrapHttpServerPath, hostname, cloudConfigSrc, vendorData = '' }) {
+      if (!cloudConfigSrc) return;
+      const dir = `${bootstrapHttpServerPath}/${hostname}/cloud-init`;
+      shellExec(`mkdir -p ${dir}`);
+      fs.writeFileSync(`${dir}/user-data`, cloudConfigSrc, 'utf8');
+      fs.writeFileSync(`${dir}/meta-data`, `instance-id: ${hostname}\nlocal-hostname: ${hostname}`, 'utf8');
+      fs.writeFileSync(`${dir}/vendor-data`, vendorData, 'utf8');
+      logger.info(`Cloud-init files written to ${dir}`);
+    },
+
+    /**
+     * @method kernelParamsFactory
+     * @description Generates the kernel parameters for the target machine's bootloader configuration,
+     * including the necessary parameters to enable cloud-init with a specific configuration URL and logging settings.
+     * @param {array} cmd - The existing array of kernel parameters to which cloud-init parameters will be appended.
+     * @param {object} options - Options for generating kernel parameters.
+     * @param {string} options.ipDhcpServer - The IP address of the DHCP server.
+     * @param {object} [options.machine] - The machine information, including system_id for constructing the cloud-init configuration URL.
+     * @param {string} [options.machine.system_id] - The unique identifier of the machine, used to fetch the correct cloud-init preseed configuration from MAAS.
+     * @return {array} The modified array of kernel parameters with cloud-init parameters included.
+     * @memberof UnderpostCloudInit
+     */
+    kernelParamsFactory(
+      macAddress,
+      cmd = [],
+      options = {
+        ipDhcpServer: '',
+        bootstrapHttpServerPort: 8888,
+        hostname: '',
+        machine: {
+          system_id: '',
+        },
+        authCredentials: { consumer_key: '', consumer_secret: '', token_key: '', token_secret: '' },
+      },
+    ) {
+      const { ipDhcpServer, bootstrapHttpServerPort, hostname } = options;
+      const cloudConfigUrl = `http://${ipDhcpServer}:${bootstrapHttpServerPort}/${hostname}/cloud-init/user-data`;
+      return cmd.concat([`cloud-config-url=${cloudConfigUrl}`]);
+    },
   };
 }
 

package/src/cli/env.js

@@ -8,6 +8,7 @@ import { getNpmRootPath, writeEnv } from '../server/conf.js';
 import fs from 'fs-extra';
 import { loggerFactory } from '../server/logger.js';
 import dotenv from 'dotenv';
+import { pbcopy } from '../server/process.js';
 
 dotenv.config();
 
@@ -72,9 +73,10 @@ class UnderpostRootEnv {
      * @param {object} options - Options for getting the environment variable.
      * @param {boolean} [options.plain=false] - If true, returns the environment variable value as a string.
      * @param {boolean} [options.disableLog=false] - If true, disables logging of the environment variable value.
+     * @param {boolean} [options.copy=false] - If true, copies the environment variable value to the clipboard.
      * @memberof UnderpostEnv
      */
-    get(key, value, options = { plain: false, disableLog: false }) {
+    get(key, value, options = { plain: false, disableLog: false, copy: false }) {
       const exeRootPath = `${getNpmRootPath()}/underpost`;
       const envPath = `${exeRootPath}/.env`;
       if (!fs.existsSync(envPath)) {
@@ -84,6 +86,7 @@ class UnderpostRootEnv {
       const env = dotenv.parse(fs.readFileSync(envPath, 'utf8'));
       if (!options.disableLog)
         options?.plain === true ? console.log(env[key]) : logger.info(`${key}(${typeof env[key]})`, env[key]);
+      if (options.copy === true) pbcopy(env[key]);
       return env[key];
     },
     /**

package/src/cli/image.js

@@ -79,8 +79,6 @@ class UnderpostImage {
      * @param {boolean} [options.kind=false] - If true, load the image archive into a Kind cluster.
      * @param {boolean} [options.kubeadm=false] - If true, load the image archive into a Kubeadm cluster (uses 'ctr').
      * @param {boolean} [options.k3s=false] - If true, load the image archive into a K3s cluster (uses 'k3s ctr').
-     * @param {boolean} [options.secrets=false] - If true, load secrets from the .env file for the build.
-     * @param {string} [options.secretsPath=''] - Custom path to the .env file for secrets.
      * @param {boolean} [options.reset=false] - If true, perform a no-cache build.
      * @param {boolean} [options.dev=false] - If true, use development mode.
      * @memberof UnderpostImage
@@ -96,27 +94,11 @@ class UnderpostImage {
         kind: false,
         kubeadm: false,
         k3s: false,
-        secrets: false,
-        secretsPath: '',
         reset: false,
         dev: false,
       },
     ) {
-      let {
-        path,
-        imageName,
-        version,
-        imagePath,
-        dockerfileName,
-        podmanSave,
-        secrets,
-        secretsPath,
-        kind,
-        kubeadm,
-        k3s,
-        reset,
-        dev,
-      } = options;
+      let { path, imageName, version, imagePath, dockerfileName, podmanSave, kind, kubeadm, k3s, reset, dev } = options;
       if (!path) path = '.';
       if (!imageName) imageName = `rockylinux9-underpost:${Underpost.version}`;
       if (!imagePath) imagePath = '.';
@@ -126,29 +108,14 @@ class UnderpostImage {
       if (imagePath && typeof imagePath === 'string' && !fs.existsSync(imagePath))
         fs.mkdirSync(imagePath, { recursive: true });
       const tarFile = `${imagePath}/${imageName.replace(':', '_')}.tar`;
-      let secretsInput = ' ';
-      let secretDockerInput = '';
       let cache = '';
-      if (secrets === true) {
-        const envObj = dotenv.parse(
-          fs.readFileSync(
-            secretsPath && typeof secretsPath === 'string' ? secretsPath : `${getNpmRootPath()}/underpost/.env`,
-            'utf8',
-          ),
-        );
-        for (const key of Object.keys(envObj)) {
-          secretsInput += ` && export ${key}="${envObj[key]}" `;
-          secretDockerInput += ` --secret id=${key},env=${key} \ `;
-        }
-      }
       if (reset === true) cache += ' --rm --no-cache';
-      if (path && typeof path === 'string')
+      if (path)
         shellExec(
-          `cd ${path}${secretsInput}&& sudo podman build -f ./${
+          `cd ${path} && sudo podman build -f ./${
             dockerfileName && typeof dockerfileName === 'string' ? dockerfileName : 'Dockerfile'
-          } -t ${imageName} --pull=never --cap-add=CAP_AUDIT_WRITE${cache}${secretDockerInput} --network host`,
+          } -t ${imageName} --pull=never --cap-add=CAP_AUDIT_WRITE${cache} --network host`,
         );
-
       if (podmanSave === true) {
         if (fs.existsSync(tarFile)) fs.removeSync(tarFile);
         shellExec(`podman save -o ${tarFile} ${podManImg}`);

package/src/cli/index.js

@@ -138,9 +138,6 @@ program
   .option('--head-components <paths>', 'Comma-separated SSR head component paths.')
   .option('--body-components <paths>', 'Comma-separated SSR body component paths.')
 
-  .option('--deploy-id <deploy-id>', 'Build static assets for a specific deployment ID.')
-  .option('--build', 'Triggers the static build process for the specified deployment ID.')
-  .option('--build-host <build-host>', 'Sets a custom build host for static documents or assets.')
   .option('--build-path <build-path>', 'Sets a custom build path for static documents or assets.')
   .option('--env <env>', 'Sets the environment for the static build (e.g., "development", "production").')
   .option('--minify', 'Minify HTML output (default: true for production).')
@@ -153,6 +150,11 @@ program
   .option('--dir <dir>', 'HTML dir attribute (default: ltr).')
   .option('--dev', 'Sets the development cli context')
 
+  .option(
+    '--run-sv [port]',
+    'Start a standalone Express static server to preview the static build (default port: 5000).',
+  )
+
   .description(`Manages static build of page, bundles, and documentation with comprehensive customization options.`)
   .action(Underpost.static.callback);
 
@@ -165,6 +167,7 @@ program
   .option('--filter <keyword>', 'Filters the list by matching key or value (only for list operation).')
   .option('--deploy-id <deploy-id>', 'Sets the deployment configuration ID for the operation context.')
   .option('--build', 'Sets the build context for the operation.')
+  .option('--copy', 'Copies the configuration value to the clipboard (only for get operation).')
   .description(`Manages Underpost configurations using various operators.`)
   .action((...args) => Underpost.env[args[0]](args[1], args[2], args[3]));
 
@@ -320,8 +323,6 @@ program
   .option('--kubeadm', 'Set kubeadm cluster env image context management.')
   .option('--k3s', 'Set k3s cluster env image context management.')
   .option('--node-name', 'Set node name for kubeadm or k3s cluster env image context management.')
-  .option('--secrets', 'Includes Dockerfile environment secrets during the build.')
-  .option('--secrets-path [secrets-path]', 'Specifies a custom path for Dockerfile environment secrets.')
   .option('--reset', 'Performs a build without using the cache.')
   .option('--dev', 'Use development mode.')
   .option('--pull-dockerhub <dockerhub-image>', 'Sets a custom Docker Hub image for base image pulls.')
@@ -406,10 +407,26 @@ program
     '[job-list]',
     `A comma-separated list of job IDs. Options: ${Underpost.cron.getJobsIDs()}. Defaults to all available jobs.`,
   )
-  .option('--init-pm2-cronjobs', 'Initializes PM2 cron jobs from configuration for the specified deployment IDs.')
-  .option('--git', 'Uploads cron job configurations to GitHub.')
-  .option('--update-package-scripts', 'Updates package.json start scripts for each deploy-id configuration.')
-  .description('Manages cron jobs, including initialization, execution, and configuration updates.')
+  .option('--generate-k8s-cronjobs', 'Generates Kubernetes CronJob YAML manifests from cron configuration.')
+  .option('--apply', 'Applies generated K8s CronJob manifests to the cluster via kubectl.')
+  .option(
+    '--setup-start [deploy-id]',
+    'Updates deploy-id package.json start script and generates+applies its K8s CronJob manifests.',
+  )
+  .option('--namespace <namespace>', 'Kubernetes namespace for the CronJob resources (default: "default").')
+  .option('--image <image>', 'Custom container image for the CronJob pods.')
+  .option('--git', 'Pass --git flag to cron job execution.')
+  .option('--cmd <cmd>', 'Optional pre-script commands to run before cron execution.')
+  .option('--dev', 'Use local ./ base path instead of global underpost installation.')
+  .option('--k3s', 'Use k3s cluster context (apply directly on host).')
+  .option('--kind', 'Use kind cluster context (apply via kind-worker container).')
+  .option('--kubeadm', 'Use kubeadm cluster context (apply directly on host).')
+  .option('--dry-run', 'Preview cron jobs without executing them.')
+  .option(
+    '--create-job-now',
+    'After applying manifests, immediately create a Job from each CronJob (requires --apply).',
+  )
+  .description('Manages cron jobs: execute jobs directly or generate and apply K8s CronJob manifests.')
   .action(Underpost.cron.callback);
 
 program
@@ -538,7 +555,11 @@ program
   .option('--expose', 'Enables service exposure for the runner execution.')
   .option('--conf-server-path <conf-server-path>', 'Sets a custom configuration server path.')
   .option('--underpost-root <underpost-root>', 'Sets a custom Underpost root path.')
-  .option('--cron-jobs <jobs>', 'Comma-separated list of cron jobs to run before executing the script.')
+  .option('--cmd-cron-jobs <cmd-cron-jobs>', 'Pre-script commands to run before cron job execution.')
+  .option(
+    '--deploy-id-cron-jobs <deploy-id-cron-jobs>',
+    'Specifies deployment IDs to synchronize cron jobs with during execution.',
+  )
   .option('--timezone <timezone>', 'Sets the timezone for the runner execution.')
   .option('--kubeadm', 'Sets the kubeadm cluster context for the runner execution.')
   .option('--k3s', 'Sets the k3s cluster context for the runner execution.')
@@ -571,6 +592,11 @@ program
     '--monitor-status-max-attempts <attempts>',
     'Sets the maximum number of status check attempts (default: 600).',
   )
+  .option('--dry-run', 'Preview operations without executing them.')
+  .option(
+    '--create-job-now',
+    'After applying cron manifests, immediately create a Job from each CronJob (forwarded to cron runner).',
+  )
   .description('Runs specified scripts using various runners.')
   .action(Underpost.run.callback);
 
@@ -629,6 +655,10 @@ program
   )
   .option('--ipxe', 'Chainloads iPXE to normalize identity before commissioning.')
   .option('--ipxe-rebuild', 'Forces rebuild of iPXE binary with embedded boot script.')
+  .option(
+    '--ipxe-build-iso <iso-path>',
+    'Builds a standalone iPXE ISO with embedded script for the specified workflow ID.',
+  )
   .option('--install-packer', 'Installs Packer CLI.')
   .option(
     '--packer-maas-image-template <template-path>',
@@ -650,6 +680,10 @@ program
   .option('--remove-machines <system-ids>', 'Removes baremetal machines by comma-separated system IDs, or use "all"')
   .option('--clear-discovered', 'Clears all discovered baremetal machines from the database.')
   .option('--commission', 'Init workflow for commissioning a physical machine.')
+  .option(
+    '--bootstrap-http-server-run',
+    'Runs a temporary bootstrap HTTP server for generic purposes such as serving iPXE scripts or ISO images during commissioning.',
+  )
   .option(
     '--bootstrap-http-server-path <path>',
     'Sets a custom bootstrap HTTP server path for baremetal commissioning.',
@@ -661,6 +695,7 @@ program
   .option('--iso-url <url>', 'Uses a custom ISO URL for baremetal machine commissioning.')
   .option('--nfs-build', 'Builds an NFS root filesystem for a workflow id config architecture using QEMU emulation.')
   .option('--nfs-mount', 'Mounts the NFS root filesystem for a workflow id config architecture.')
+  .option('--nfs-reset', 'Resets the NFS server completely, closing all connections before reloading exports.')
   .option('--nfs-unmount', 'Unmounts the NFS root filesystem for a workflow id config architecture.')
   .option('--nfs-build-server', 'Builds the NFS server for a workflow id config architecture.')
   .option('--nfs-sh', 'Copies QEMU emulation root entrypoint shell command to the clipboard.')
@@ -672,7 +707,17 @@ program
   .option('--rocky-tools-test', 'Tests rocky linux tools in chroot environment.')
   .option('--bootcmd <bootcmd-list>', 'Comma-separated list of boot commands to execute.')
   .option('--runcmd <runcmd-list>', 'Comma-separated list of run commands to execute.')
-  .option('--logs <log-id>', 'Displays logs for log id: dhcp, cloud, machine, cloud-config.')
+  .option(
+    '--logs <log-id>',
+    `Displays logs for log id: ${[
+      'dhcp',
+      'dhcp-lease',
+      'dhcp-lan',
+      'cloud-init',
+      'cloud-init-machine',
+      'cloud-init-config',
+    ]}`,
+  )
   .option('--dev', 'Sets the development context environment for baremetal operations.')
   .option('--ls', 'Lists available boot resources and machines.')
   .description(