npm - @underpostnet/underpost - Versions diffs - 2.99.5 → 2.99.7 - Mend

@underpostnet/underpost 2.99.5 → 2.99.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (37) hide show

package/.github/workflows/ghpkg.ci.yml +10 -25
package/.github/workflows/npmpkg.ci.yml +13 -2
package/CHANGELOG.md +496 -0
package/README.md +4 -4
package/baremetal/commission-workflows.json +43 -6
package/bin/deploy.js +13 -0
package/cli.md +84 -42
package/examples/static-page/README.md +80 -13
package/jsdoc.json +26 -5
package/manifests/cronjobs/dd-cron/dd-cron-backup.yaml +47 -0
package/manifests/cronjobs/dd-cron/dd-cron-dns.yaml +47 -0
package/manifests/deployment/dd-default-development/deployment.yaml +2 -2
package/manifests/deployment/dd-test-development/deployment.yaml +2 -2
package/package.json +2 -4
package/scripts/maas-setup.sh +13 -9
package/scripts/rocky-kickstart.sh +294 -0
package/src/cli/baremetal.js +237 -555
package/src/cli/cloud-init.js +27 -45
package/src/cli/index.js +52 -6
package/src/cli/kickstart.js +149 -0
package/src/cli/repository.js +166 -13
package/src/cli/run.js +26 -19
package/src/cli/ssh.js +1 -1
package/src/cli/static.js +27 -1
package/src/cli/system.js +332 -0
package/src/client/components/core/Docs.js +22 -3
package/src/db/DataBaseProvider.js +3 -3
package/src/db/mariadb/MariaDB.js +3 -3
package/src/db/mongo/MongooseDB.js +3 -3
package/src/index.js +28 -5
package/src/mailer/EmailRender.js +3 -3
package/src/mailer/MailerProvider.js +4 -4
package/src/server/backup.js +23 -5
package/src/server/client-build-docs.js +29 -3
package/src/server/conf.js +6 -27
package/src/server/cron.js +354 -135
package/src/server/dns.js +2 -0

package/src/cli/baremetal.js CHANGED Viewed

@@ -6,7 +6,7 @@
 import { fileURLToPath } from 'url';
 import { getNpmRootPath, getUnderpostRootPath } from '../server/conf.js';
-import { openTerminal, pbcopy, shellExec } from '../server/process.js';
+import { pbcopy, shellExec } from '../server/process.js';
 import dotenv from 'dotenv';
 import { loggerFactory, loggerMiddleware } from '../server/logger.js';
 import fs from 'fs-extra';
@@ -65,6 +65,7 @@ class UnderpostBaremetal {
      * @param {boolean} [options.commission=false] - Flag to commission the baremetal machine.
      * @param {number} [options.bootstrapHttpServerPort=8888] - Port for the bootstrap HTTP server.
      * @param {string} [options.bootstrapHttpServerPath='./public/localhost'] - Path for the bootstrap HTTP server files.
+     * @param {boolean} [options.bootstrapHttpServerRun=false] - Flag to start the bootstrap HTTP server.
      * @param {string} [options.isoUrl=''] - Uses a custom ISO URL for baremetal machine commissioning.
      * @param {boolean} [options.ubuntuToolsBuild=false] - Builds ubuntu tools for chroot environment.
      * @param {boolean} [options.ubuntuToolsTest=false] - Tests ubuntu tools in chroot environment.
@@ -75,6 +76,7 @@ class UnderpostBaremetal {
      * @param {boolean} [options.nfsBuild=false] - Flag to build the NFS root filesystem.
      * @param {boolean} [options.nfsBuildServer=false] - Flag to build the NFS server components.
      * @param {boolean} [options.nfsMount=false] - Flag to mount the NFS root filesystem.
+     * @param {boolean} [options.nfsReset=false] - Flag to reset the NFS environment by unmounting and cleaning the host path.
      * @param {boolean} [options.nfsUnmount=false] - Flag to unmount the NFS root filesystem.
      * @param {boolean} [options.nfsSh=false] - Flag to chroot into the NFS environment for shell access.
      * @param {string} [options.logs=''] - Specifies which logs to display ('dhcp', 'cloud', 'machine', 'cloud-config').
@@ -114,6 +116,7 @@ class UnderpostBaremetal {
         commission: false,
         bootstrapHttpServerPort: 8888,
         bootstrapHttpServerPath: './public/localhost',
+        bootstrapHttpServerRun: false,
         isoUrl: '',
         ubuntuToolsBuild: false,
         ubuntuToolsTest: false,
@@ -124,6 +127,7 @@ class UnderpostBaremetal {
         nfsBuild: false,
         nfsBuildServer: false,
         nfsMount: false,
+        nfsReset: false,
         nfsUnmount: false,
         nfsSh: false,
         logs: '',
@@ -184,47 +188,6 @@ class UnderpostBaremetal {
       // Define the TFTP root prefix path based
       const tftpRootPath = `${process.env.TFTP_ROOT}/${tftpPrefix}`;
-      if (options.ipxeBuildIso) {
-        let machine = null;
-        if (options.cloudInit) {
-          // Search for an existing machine by hostname to extract system_id for cloud-init
-          const [searchMachine] = Underpost.baremetal.maasCliExec(`machines read hostname=${hostname}`);
-          if (searchMachine) {
-            logger.info(`Found existing machine ${hostname} with system_id ${searchMachine.system_id}`);
-            machine = searchMachine;
-          } else {
-            // Machine does not exist, create it to obtain a system_id
-            logger.info(`Machine ${hostname} not found, creating new machine for cloud-init system_id...`);
-            machine = Underpost.baremetal.machineFactory({
-              hostname,
-              ipAddress,
-              macAddress,
-              architecture: workflowsConfig[workflowId].architecture,
-            }).machine;
-            logger.info(`✓ Machine created with system_id ${machine.system_id}`);
-          }
-        }
-        await Underpost.baremetal.ipxeBuildIso({
-          workflowId,
-          isoOutputPath: options.ipxeBuildIso,
-          tftpPrefix,
-          ipFileServer,
-          ipAddress,
-          ipConfig,
-          netmask,
-          dnsServer,
-          macAddress,
-          cloudInit: options.cloudInit,
-          machine,
-          dev: options.dev,
-          bootstrapHttpServerPort: options.bootstrapHttpServerPort,
-        });
-        return;
-      }
       // Define the iPXE cache directory to preserve builds across tftproot cleanups
       const ipxeCacheDir = `/tmp/ipxe-cache/${tftpPrefix}`;
@@ -296,6 +259,27 @@ class UnderpostBaremetal {
         }
       }
+      if (options.ipxeBuildIso)
+        return await Underpost.baremetal.ipxeBuildIso({
+          workflowId,
+          isoOutputPath: options.ipxeBuildIso,
+          tftpPrefix,
+          ipFileServer,
+          ipAddress,
+          ipConfig,
+          netmask,
+          dnsServer,
+          macAddress,
+          cloudInit: options.cloudInit,
+          dev: options.dev,
+          forceRebuild: options.ipxeRebuild,
+          bootstrapHttpServerPort: Underpost.baremetal.bootstrapHttpServerPortFactory({
+            port: options.bootstrapHttpServerPort,
+            workflowId,
+            workflowsConfig,
+          }),
+        });
       if (options.installPacker) {
         await Underpost.baremetal.installPacker(underpostRoot);
         return;
@@ -438,29 +422,9 @@ rm -rf ${artifacts.join(' ')}`);
         logger.info(`Uploading image to MAAS...`);
-        // Detect MAAS profile from 'maas list' output
-        let maasProfile = process.env.MAAS_ADMIN_USERNAME;
-        if (!maasProfile) {
-          const profileList = shellExec('maas list', { silent: true, stdout: true });
-          if (profileList) {
-            const firstLine = profileList.trim().split('\n')[0];
-            const match = firstLine.match(/^(\S+)\s+http/);
-            if (match) {
-              maasProfile = match[1];
-              logger.info(`Detected MAAS profile: ${maasProfile}`);
-            }
-          }
-        }
-        if (!maasProfile) {
-          throw new Error(
-            'MAAS profile not found. Please run "maas login" first or set MAAS_ADMIN_USERNAME environment variable.',
-          );
-        }
         // Use the upload script to avoid MAAS CLI bugs
         const uploadScript = `${underpostRoot}/scripts/maas-upload-boot-resource.sh`;
-        const uploadCmd = `${uploadScript} ${maasProfile} "${workflow.maas.name}" "${workflow.maas.title}" "${workflow.maas.architecture}" "${workflow.maas.base_image}" "${workflow.maas.filetype}" "${tarballPath}"`;
+        const uploadCmd = `${uploadScript} ${process.env.MAAS_ADMIN_USERNAME} "${workflow.maas.name}" "${workflow.maas.title}" "${workflow.maas.architecture}" "${workflow.maas.base_image}" "${workflow.maas.filetype}" "${tarballPath}"`;
         logger.info(`Uploading to MAAS using: ${uploadScript}`);
         const uploadResult = shellExec(uploadCmd);
@@ -703,7 +667,11 @@ rm -rf ${artifacts.join(' ')}`);
             bootstrapArch,
             callbackMetaData,
             steps: [
-              `dnf install -y --allowerasing ${allPackages.join(' ')} 2>/dev/null || yum install -y --allowerasing ${allPackages.join(' ')} 2>/dev/null || echo "Package install completed"`,
+              `dnf install -y --allowerasing ${allPackages.join(
+                ' ',
+              )} 2>/dev/null || yum install -y --allowerasing ${allPackages.join(
+                ' ',
+              )} 2>/dev/null || echo "Package install completed"`,
               `dnf clean all`,
               `echo "=== Installed packages verification ==="`,
               `rpm -qa | grep -E "dracut|kernel|nfs" | sort`,
@@ -805,13 +773,13 @@ rm -rf ${artifacts.join(' ')}`);
             bootstrapArch,
             callbackMetaData,
             steps: [
-              ...Underpost.baremetal.systemProvisioningFactory[systemProvisioning].base(),
-              ...Underpost.baremetal.systemProvisioningFactory[systemProvisioning].user(),
-              ...Underpost.baremetal.systemProvisioningFactory[systemProvisioning].timezone({
+              ...Underpost.system.factory[systemProvisioning].base(),
+              ...Underpost.system.factory[systemProvisioning].user(),
+              ...Underpost.system.factory[systemProvisioning].timezone({
                 timezone,
                 chronyConfPath,
               }),
-              ...Underpost.baremetal.systemProvisioningFactory[systemProvisioning].keyboard(keyboard.layout),
+              ...Underpost.system.factory[systemProvisioning].keyboard(keyboard.layout),
             ],
           });
         }
@@ -833,7 +801,6 @@ rm -rf ${artifacts.join(' ')}`);
               `chmod +x /underpost/shutdown.sh`,
               `chmod +x /underpost/device_scan.sh`,
               `chmod +x /underpost/mac.sh`,
-              `chmod +x /underpost/enlistment.sh`,
               `sudo chmod 700 ~/.ssh/`, // Set secure permissions for .ssh directory.
               `sudo chmod 600 ~/.ssh/authorized_keys`, // Set secure permissions for authorized_keys.
               `sudo chmod 644 ~/.ssh/known_hosts`, // Set permissions for known_hosts.
@@ -859,13 +826,13 @@ rm -rf ${artifacts.join(' ')}`);
             bootstrapArch,
             callbackMetaData,
             steps: [
-              ...Underpost.baremetal.systemProvisioningFactory[systemProvisioning].base(),
-              ...Underpost.baremetal.systemProvisioningFactory[systemProvisioning].user(),
-              ...Underpost.baremetal.systemProvisioningFactory[systemProvisioning].timezone({
+              ...Underpost.system.factory[systemProvisioning].base(),
+              ...Underpost.system.factory[systemProvisioning].user(),
+              ...Underpost.system.factory[systemProvisioning].timezone({
                 timezone,
                 chronyConfPath: chronyc.chronyConfPath,
               }),
-              ...Underpost.baremetal.systemProvisioningFactory[systemProvisioning].keyboard(keyboard.layout),
+              ...Underpost.system.factory[systemProvisioning].keyboard(keyboard.layout),
             ],
           });
         }
@@ -889,11 +856,14 @@ rm -rf ${artifacts.join(' ')}`);
           });
       }
+      // Generate MAAS authentication credentials
       const authCredentials =
         options.commission || options.cloudInit || options.cloudInitUpdate
           ? Underpost.baremetal.maasAuthCredentialsFactory()
           : { consumer_key: '', consumer_secret: '', token_key: '', token_secret: '' };
+      // Generate cloud-init configuration if needed for commissioning or cloud-init update workflows.
+      let cloudConfigSrc = '';
       if (options.cloudInit || options.cloudInitUpdate) {
         const { chronyc, networkInterfaceName } = workflowsConfig[workflowId];
         const { timezone, chronyConfPath } = chronyc;
@@ -910,7 +880,7 @@ rm -rf ${artifacts.join(' ')}`);
           runcmd = '/usr/local/bin/underpost-enlist.sh';
         }
-        const { cloudConfigSrc } = Underpost.cloudInit.configFactory(
+        cloudConfigSrc = Underpost.cloudInit.configFactory(
           {
             controlServerIp: callbackMetaData.runnerHost.ip,
             hostname,
@@ -926,13 +896,45 @@ rm -rf ${artifacts.join(' ')}`);
             write_files,
           },
           authCredentials,
-        );
+        ).cloudConfigSrc;
+      }
+      // Rocky/RHEL Kickstart generation
+      let kickstartSrc = '';
+      if (Underpost.baremetal.getFamilyBaseOs(workflowsConfig[workflowId].osIdLike).isRhelBased) {
+        kickstartSrc = Underpost.kickstart.kickstartFactory({
+          lang: 'en_US.UTF-8',
+          keyboard: workflowsConfig[workflowId].keyboard?.layout,
+          timezone: workflowsConfig[workflowId].chronyc?.timezone,
+          rootPassword: process.env.MAAS_ADMIN_PASS,
+          authorizedKeys: fs.readFileSync('/home/dd/engine/engine-private/deploy/id_rsa.pub', 'utf8').trim(),
+        });
+      }
+      // Build and optionally run the HTTP bootstrap server to serve cloud-init, kickstart, and ISO resources for commissioning and provisioning.
+      if (cloudConfigSrc || kickstartSrc || workflowsConfig[workflowId].isoUrl)
         Underpost.baremetal.httpBootstrapServerStaticFactory({
           bootstrapHttpServerPath,
           hostname,
           cloudConfigSrc,
+          kickstartSrc,
           isoUrl: workflowsConfig[workflowId].isoUrl,
         });
+      // Set up iptables rules for NAT and port forwarding to enable network connectivity for the baremetal machines.
+      shellExec(`${underpostRoot}/scripts/nat-iptables.sh`, { silent: true });
+      // Start HTTP bootstrap server if commissioning or if ISO URL is used (for ISO-based workflows).
+      if (options.bootstrapHttpServerRun || options.commission) {
+        Underpost.baremetal.httpBootstrapServerRunnerFactory({
+          hostname,
+          bootstrapHttpServerPath,
+          bootstrapHttpServerPort: Underpost.baremetal.bootstrapHttpServerPortFactory({
+            port: options.bootstrapHttpServerPort,
+            workflowId,
+            workflowsConfig,
+          }),
+        });
       }
       // Rebuild NFS server configuration.
@@ -941,12 +943,12 @@ rm -rf ${artifacts.join(' ')}`);
         (workflowsConfig[workflowId].type === 'iso-nfs' ||
           workflowsConfig[workflowId].type === 'chroot-debootstrap' ||
           workflowsConfig[workflowId].type === 'chroot-container')
-      ) {
-        shellExec(`${underpostRoot}/scripts/nat-iptables.sh`);
+      )
         Underpost.baremetal.rebuildNfsServer({
           nfsHostPath,
+          nfsReset: options.nfsReset,
         });
-      }
       // Handle commissioning tasks
       if (options.commission === true) {
         let { firmwares, networkInterfaceName, maas, menuentryStr, type } = workflowsConfig[workflowId];
@@ -961,9 +963,11 @@ rm -rf ${artifacts.join(' ')}`);
         );
         logger.info('Commissioning resource', resource);
-        if (type === 'iso-nfs') {
+        if (
+          Underpost.baremetal.getFamilyBaseOs(workflowsConfig[workflowId].osIdLike).isDebianBased &&
+          (type === 'iso-nfs' || type === 'chroot-debootstrap' || type === 'chroot-container')
+        ) {
           // Prepare NFS casper path if using NFS boot.
-          shellExec(`sudo rm -rf ${nfsHostPath}`);
           shellExec(`mkdir -p ${nfsHostPath}/casper`);
         }
@@ -1038,7 +1042,11 @@ rm -rf ${artifacts.join(' ')}`);
             networkInterfaceName,
             fileSystemUrl:
               type === 'iso-ram'
-                ? `http://${callbackMetaData.runnerHost.ip}:${Underpost.baremetal.bootstrapHttpServerPortFactory({ port: options.bootstrapHttpServerPort, workflowId, workflowsConfig })}/${hostname}/${kernelFilesPaths.isoUrl.split('/').pop()}`
+                ? `http://${callbackMetaData.runnerHost.ip}:${Underpost.baremetal.bootstrapHttpServerPortFactory({
+                    port: options.bootstrapHttpServerPort,
+                    workflowId,
+                    workflowsConfig,
+                  })}/${hostname}/${kernelFilesPaths.isoUrl.split('/').pop()}`
                 : kernelFilesPaths.isoUrl,
             bootstrapHttpServerPort: Underpost.baremetal.bootstrapHttpServerPortFactory({
               port: options.bootstrapHttpServerPort,
@@ -1048,10 +1056,10 @@ rm -rf ${artifacts.join(' ')}`);
             type,
             macAddress,
             cloudInit: options.cloudInit,
-            machine,
             dev: options.dev,
             osIdLike: workflowsConfig[workflowId].osIdLike || '',
             authCredentials,
+            architecture: workflowsConfig[workflowId].architecture,
           });
           // Check if iPXE mode is enabled AND the iPXE EFI binary exists
@@ -1122,16 +1130,6 @@ rm -rf ${artifacts.join(' ')}`);
         shellExec(`sudo chown -R $(whoami):$(whoami) ${process.env.TFTP_ROOT}`);
         shellExec(`sudo sudo chmod 755 ${process.env.TFTP_ROOT}`);
-        Underpost.baremetal.httpBootstrapServerRunnerFactory({
-          hostname,
-          bootstrapHttpServerPath,
-          bootstrapHttpServerPort: Underpost.baremetal.bootstrapHttpServerPortFactory({
-            port: options.bootstrapHttpServerPort,
-            workflowId,
-            workflowsConfig,
-          }),
-        });
         if (type === 'chroot-debootstrap' || type === 'chroot-container')
           await Underpost.baremetal.nfsMountCallback({
             hostname,
@@ -1155,49 +1153,6 @@ rm -rf ${artifacts.join(' ')}`);
         const { discovery, machine: discoveredMachine } =
           await Underpost.baremetal.commissionMonitor(commissionMonitorPayload);
         if (discoveredMachine) machine = discoveredMachine;
-        if (machine) {
-          const write_files = Underpost.baremetal.commissioningWriteFilesFactory({
-            machine,
-            authCredentials,
-            runnerHostIp: callbackMetaData.runnerHost.ip,
-          });
-          const { cloudConfigSrc } = Underpost.cloudInit.configFactory(
-            {
-              controlServerIp: callbackMetaData.runnerHost.ip,
-              hostname,
-              commissioningDeviceIp: ipAddress,
-              gatewayip: callbackMetaData.runnerHost.ip,
-              mac: macAddress,
-              timezone: workflowsConfig[workflowId].chronyc.timezone,
-              chronyConfPath: workflowsConfig[workflowId].chronyc.chronyConfPath,
-              networkInterfaceName: workflowsConfig[workflowId].networkInterfaceName,
-              ubuntuToolsBuild: options.ubuntuToolsBuild,
-              bootcmd: options.bootcmd,
-              runcmd: '/usr/local/bin/underpost-enlist.sh',
-              write_files,
-            },
-            authCredentials,
-          );
-          Underpost.baremetal.httpBootstrapServerStaticFactory({
-            bootstrapHttpServerPath,
-            hostname,
-            cloudConfigSrc,
-            isoUrl: workflowsConfig[workflowId].isoUrl,
-          });
-        }
-        if ((type === 'chroot-debootstrap' || type === 'chroot-container') && options.cloudInit === true) {
-          openTerminal(`node ${underpostRoot}/bin baremetal ${workflowId} ${ipAddress} ${hostname} --logs cloud-init`);
-          openTerminal(
-            `node ${underpostRoot}/bin baremetal ${workflowId} ${ipAddress} ${hostname} --logs cloud-init-machine`,
-          );
-          shellExec(
-            `node ${underpostRoot}/bin baremetal ${workflowId} ${ipAddress} ${hostname} --logs cloud-init-config`,
-          );
-        }
       }
     },
@@ -1228,8 +1183,8 @@ rm -rf ${artifacts.join(' ')}`);
      * @param {string} [params.dnsServer='8.8.8.8'] - The DNS server address.
      * @param {string} [params.macAddress=''] - The MAC address of the client machine.
      * @param {boolean} [params.cloudInit=false] - Flag to enable cloud-init.
-     * @param {object} [params.machine=null] - The machine object containing system_id for cloud-init.
      * @param {boolean} [params.dev=false] - Development mode flag to determine paths.
+     * @param {boolean} [params.forceRebuild=false] - Force a complete iPXE rebuild. Without this, reuses existing ISO.
      * @param {number} [params.bootstrapHttpServerPort=8888] - Port for the bootstrap HTTP server used in ISO RAM workflows.
      * @memberof UnderpostBaremetal
      * @returns {Promise<void>}
@@ -1245,12 +1200,11 @@ rm -rf ${artifacts.join(' ')}`);
       dnsServer,
       macAddress,
       cloudInit,
-      machine,
       dev,
+      forceRebuild = false,
       bootstrapHttpServerPort,
     }) {
       const outputPath = !isoOutputPath || isoOutputPath === '.' ? `./ipxe-${workflowId}.iso` : isoOutputPath;
-      if (fs.existsSync(outputPath)) fs.removeSync(outputPath);
       shellExec(`mkdir -p $(dirname ${outputPath})`);
       const workflowsConfig = Underpost.baremetal.loadWorkflowsConfig();
@@ -1272,12 +1226,16 @@ rm -rf ${artifacts.join(' ')}`);
         dnsServer,
         fileSystemUrl:
           dev && workflowsConfig[workflowId].type === 'iso-ram'
-            ? `http://${ipFileServer}:${Underpost.baremetal.bootstrapHttpServerPortFactory({ port: bootstrapHttpServerPort, workflowId, workflowsConfig })}/${workflowId}/${workflowsConfig[workflowId].isoUrl.split('/').pop()}`
+            ? `http://${ipFileServer}:${Underpost.baremetal.bootstrapHttpServerPortFactory({
+                port: bootstrapHttpServerPort,
+                workflowId,
+                workflowsConfig,
+              })}/${workflowId}/${workflowsConfig[workflowId].isoUrl.split('/').pop()}`
             : workflowsConfig[workflowId].isoUrl,
         type: workflowsConfig[workflowId].type,
+        architecture: workflowsConfig[workflowId].architecture,
         macAddress,
         cloudInit,
-        machine,
         osIdLike: workflowsConfig[workflowId].osIdLike,
         networkInterfaceName: workflowsConfig[workflowId].networkInterfaceName,
         authCredentials,
@@ -1293,20 +1251,18 @@ rm -rf ${artifacts.join(' ')}`);
       const embedScriptName = `embed_${workflowId}.ipxe`;
       const embedScriptPath = path.join(ipxeSrcDir, embedScriptName);
-      const embedScriptContent = `#!ipxe
-dhcp
-set server_ip ${ipFileServer}
-set tftp_prefix ${tftpPrefix}
-kernel tftp://\${server_ip}/\${tftp_prefix}/pxe/vmlinuz-efi ${cmd}
-initrd tftp://\${server_ip}/\${tftp_prefix}/pxe/initrd.img
-boot || shell
-`;
+      const embedScriptContent = Underpost.baremetal.ipxeScriptFactory({
+        maasIp: ipFileServer,
+        tftpPrefix,
+        kernelCmd: cmd,
+        minimal: true,
+      });
       fs.writeFileSync(embedScriptPath, embedScriptContent);
       logger.info(`Created embedded script at ${embedScriptPath}`);
       // Determine target architecture
-      let targetArch = 'x86_64'; // Default to x86_64
+      let targetArch = 'x86_64';
       if (
         workflowsConfig[workflowId].architecture === 'arm64' ||
         workflowsConfig[workflowId].architecture === 'aarch64'
@@ -1314,32 +1270,38 @@ boot || shell
         targetArch = 'arm64';
       }
-      // Determine host architecture
-      const hostArch = process.arch === 'arm64' ? 'arm64' : 'x86_64';
-      let crossCompile = '';
-      if (hostArch === 'x86_64' && targetArch === 'arm64') {
-        crossCompile = 'CROSS_COMPILE=aarch64-linux-gnu-';
-      } else if (hostArch === 'arm64' && targetArch === 'x86_64') {
-        crossCompile = 'CROSS_COMPILE=x86_64-linux-gnu-';
-      }
       const platformDir = targetArch === 'arm64' ? 'bin-arm64-efi' : 'bin-x86_64-efi';
       const makeTarget = `${platformDir}/ipxe.iso`;
-      logger.info(
-        `Building iPXE ISO for ${targetArch} on ${hostArch}: make ${makeTarget} ${crossCompile} EMBED=${embedScriptName}`,
-      );
-      const buildCmd = `cd ${ipxeSrcDir} && make ${makeTarget} ${crossCompile} EMBED=${embedScriptName}`;
-      shellExec(buildCmd);
       const builtIsoPath = path.join(ipxeSrcDir, makeTarget);
-      if (fs.existsSync(builtIsoPath)) {
+      if (!forceRebuild && fs.existsSync(builtIsoPath)) {
         fs.copySync(builtIsoPath, outputPath);
-        logger.info(`ISO successfully built and copied to ${outputPath}`);
+        logger.info(`Reusing existing iPXE ISO: ${builtIsoPath} -> ${outputPath}`);
       } else {
-        logger.error(`Failed to build ISO at ${builtIsoPath}`);
+        logger.info(`Rebuild: cleaning iPXE build artifacts...`);
+        shellExec(`cd ${ipxeSrcDir} && make clean`);
+        const hostArch = process.arch === 'arm64' ? 'arm64' : 'x86_64';
+        let crossCompile = '';
+        if (hostArch === 'x86_64' && targetArch === 'arm64') {
+          crossCompile = 'CROSS_COMPILE=aarch64-linux-gnu-';
+        } else if (hostArch === 'arm64' && targetArch === 'x86_64') {
+          crossCompile = 'CROSS_COMPILE=x86_64-linux-gnu-';
+        }
+        logger.info(
+          `Building iPXE ISO for ${targetArch} on ${hostArch}: make ${makeTarget} ${crossCompile} EMBED=${embedScriptName}`,
+        );
+        const buildCmd = `cd ${ipxeSrcDir} && make ${makeTarget} ${crossCompile} EMBED=${embedScriptName}`;
+        shellExec(buildCmd);
+        if (fs.existsSync(builtIsoPath)) {
+          fs.copySync(builtIsoPath, outputPath);
+          logger.info(`ISO successfully built and copied to ${outputPath}`);
+        } else {
+          logger.error(`Failed to build ISO at ${builtIsoPath}`);
+        }
       }
     },
@@ -1410,8 +1372,7 @@ boot || shell
       const isoFilename = isoUrl.split('/').pop();
       // Determine OS family from osIdLike
-      const isDebianBased = osIdLike && osIdLike.match(/debian|ubuntu/i);
-      const isRhelBased = osIdLike && osIdLike.match(/rhel|centos|fedora|alma|rocky/i);
+      const { isDebianBased, isRhelBased } = Underpost.baremetal.getFamilyBaseOs(osIdLike);
       // Set extraction directory based on OS family
       const extractDirName = isDebianBased ? 'casper' : 'iso-extract';
@@ -1437,7 +1398,7 @@ boot || shell
         logger.info(`Downloaded ISO to ${isoPath} (${(stats.size / 1024 / 1024 / 1024).toFixed(2)} GB)`);
       }
-      // Mount ISO and extract boot files
+      // ISO Logic
       const mountPoint = `${nfsHostPath}/mnt-iso-${arch}`;
       shellExec(`mkdir -p ${mountPoint}`);
@@ -1446,7 +1407,7 @@ boot || shell
       try {
         // Mount the ISO
-        shellExec(`sudo mount -o loop,ro ${isoPath} ${mountPoint}`, { silent: false });
+        shellExec(`sudo mount -o loop,ro ${isoPath} ${mountPoint}`);
         logger.info(`Mounted ISO at ${mountPoint}`);
         // Distribution-specific extraction logic
@@ -1458,6 +1419,15 @@ boot || shell
           logger.info(`Checking casper directory contents...`);
           shellExec(`ls -la ${mountPoint}/casper/ 2>/dev/null || echo "casper directory not found"`);
           shellExec(`sudo cp -a ${mountPoint}/casper/* ${extractDir}/`);
+        } else if (isRhelBased) {
+          // RHEL/Rocky: Extract from images/pxeboot directory
+          const pxebootDir = `${mountPoint}/images/pxeboot`;
+          if (!fs.existsSync(pxebootDir)) {
+            throw new Error(`Failed to mount ISO or images/pxeboot directory not found: ${isoPath}`);
+          }
+          logger.info(`Extracting kernel and initrd from ${pxebootDir}...`);
+          shellExec(`sudo cp -a ${pxebootDir}/vmlinuz ${extractDir}/vmlinuz`);
+          shellExec(`sudo cp -a ${pxebootDir}/initrd.img ${extractDir}/initrd`);
         }
       } finally {
         shellExec(`ls -la ${mountPoint}/`);
@@ -1522,6 +1492,20 @@ boot || shell
       }
     },
+    /**
+     * @method getFamilyBaseOs
+     * @description Determines if the OS belongs to Debian-based or RHEL-based family based on osIdLike string.
+     * @param {string} osIdLike - The os_id_like string from MAAS boot resource or workflow configuration.
+     * @returns {object} An object with boolean properties isDebianBased and isRhelBased indicating the OS family.
+     * @memberof UnderpostBaremetal
+     */
+    getFamilyBaseOs(osIdLike = '') {
+      return {
+        isDebianBased: osIdLike.match(/debian|ubuntu/i),
+        isRhelBased: osIdLike.match(/rhel|centos|fedora|alma|rocky/i),
+      };
+    },
     /**
      * @method kernelFactory
      * @description Retrieves kernel, initrd, and root filesystem paths from a MAAS boot resource.
@@ -1538,8 +1522,10 @@ boot || shell
       // For disk-based commissioning (casper/iso), use live ISO files
       if (type === 'iso-ram' || type === 'iso-nfs') {
         logger.info('Using live ISO for boot (disk-based commissioning)');
-        const arch = resource.architecture.split('/')[0];
         const workflowsConfig = Underpost.baremetal.loadWorkflowsConfig();
+        const arch = resource?.architecture
+          ? resource.architecture.split('/')[0]
+          : workflowsConfig[workflowId].architecture;
         const kernelFilesPaths = Underpost.baremetal.downloadISO({
           resource,
           architecture: arch,
@@ -1877,16 +1863,28 @@ shell
      * @method ipxeScriptFactory
      * @description Generates the iPXE script content for stable identity.
      * This iPXE script uses directly boots kernel/initrd via TFTP.
+     * When minimal mode is enabled, generates a simple dhcp+kernel+initrd+boot script.
      * @param {object} params - The parameters for generating the script.
-     * @param {string} params.maasIp - The IP address of the MAAS server.
+     * @param {string} params.maasIp - The IP address of the MAAS/file server.
      * @param {string} [params.macAddress] - The MAC address registered in MAAS (for display only).
-     * @param {string} params.architecture - The architecture (arm64/amd64).
+     * @param {string} [params.architecture] - The architecture (arm64/amd64).
      * @param {string} params.tftpPrefix - The TFTP prefix path (e.g., 'rpi4mb').
      * @param {string} params.kernelCmd - The kernel command line parameters.
+     * @param {boolean} [params.minimal=false] - Generate a minimal embedded script for ISO builds.
      * @returns {string} The iPXE script content.
      * @memberof UnderpostBaremetal
      */
-    ipxeScriptFactory({ maasIp, macAddress, architecture, tftpPrefix, kernelCmd }) {
+    ipxeScriptFactory({ maasIp, macAddress, architecture, tftpPrefix, kernelCmd, minimal = false }) {
+      if (minimal) {
+        return `#!ipxe
+dhcp
+set server_ip ${maasIp}
+set tftp_prefix ${tftpPrefix}
+kernel tftp://\${server_ip}/\${tftp_prefix}/pxe/vmlinuz-efi ${kernelCmd}
+initrd tftp://\${server_ip}/\${tftp_prefix}/pxe/initrd.img
+boot || shell
+`;
+      }
       const macInfo =
         macAddress && macAddress !== '00:00:00:00:00:00'
           ? `echo Registered MAC: ${macAddress}`
@@ -1924,7 +1922,11 @@ echo ========================================
 echo Loading kernel and initrd via TFTP...
 echo Kernel: tftp://${maasIp}/${kernelPath}
 echo Initrd: tftp://${maasIp}/${initrdPath}
-${macAddress && macAddress !== '00:00:00:00:00:00' ? `echo Kernel will use MAC: ${macAddress} (via ifname parameter)` : 'echo Kernel will use hardware MAC'}
+${
+  macAddress && macAddress !== '00:00:00:00:00:00'
+    ? `echo Kernel will use MAC: ${macAddress} (via ifname parameter)`
+    : 'echo Kernel will use hardware MAC'
+}
 echo ========================================
 # Load kernel via TFTP
@@ -1955,7 +1957,9 @@ echo ========================================
 # Fallback: Try MAAS HTTP bootloader (may have certificate issues)
 set boot-url http://${maasIp}:5248/images/bootloader
 echo Boot URL: \${boot-url}
-chain \${boot-url}/uefi/${architecture}/${grubBootloader === 'grubaa64.efi' ? 'bootaa64.efi' : 'bootx64.efi'} || goto error
+chain \${boot-url}/uefi/${architecture}/${
+        grubBootloader === 'grubaa64.efi' ? 'bootaa64.efi' : 'bootx64.efi'
+      } || goto error
 :error
 echo ========================================
@@ -1991,22 +1995,12 @@ shell
      * @memberof UnderpostBaremetal
      */
     ipxeEfiFactory({ tftpRootPath, ipxeCacheDir, arch, underpostRoot, embeddedScriptPath, forceRebuild = false }) {
-      const shouldRebuild =
-        forceRebuild || (!fs.existsSync(`${tftpRootPath}/ipxe.efi`) && !fs.existsSync(`${ipxeCacheDir}/ipxe.efi`));
+      const embedArg =
+        embeddedScriptPath && fs.existsSync(embeddedScriptPath) ? ` --embed-script ${embeddedScriptPath}` : '';
+      const rebuildArg = forceRebuild ? ' --rebuild' : '';
-      if (!shouldRebuild) return;
-      if (embeddedScriptPath && fs.existsSync(embeddedScriptPath)) {
-        logger.info('Rebuilding iPXE with embedded boot script...', {
-          embeddedScriptPath,
-          forced: forceRebuild,
-        });
-        shellExec(
-          `${underpostRoot}/scripts/ipxe-setup.sh ${tftpRootPath} --target-arch ${arch} --embed-script ${embeddedScriptPath} --rebuild`,
-        );
-      } else if (shouldRebuild) {
-        shellExec(`${underpostRoot}/scripts/ipxe-setup.sh ${tftpRootPath} --target-arch ${arch}`);
-      }
+      logger.info('Building iPXE EFI binary...', { embeddedScriptPath, forced: forceRebuild });
+      shellExec(`${underpostRoot}/scripts/ipxe-setup.sh ${tftpRootPath} --target-arch ${arch}${embedArg}${rebuildArg}`);
       shellExec(`mkdir -p ${ipxeCacheDir}`);
       shellExec(`cp ${tftpRootPath}/ipxe.efi ${ipxeCacheDir}/ipxe.efi`);
@@ -2060,7 +2054,11 @@ shell
       echo "${menuentryStr}"
       echo " ${Underpost.version}"
       echo "Date: ${new Date().toISOString()}"
-      ${cmd.match('/MAAS/metadata/by-id/') ? `echo "System ID: ${cmd.split('/MAAS/metadata/by-id/')[1].split('/')[0]}"` : ''}
+      ${
+        cmd.match('/MAAS/metadata/by-id/')
+          ? `echo "System ID: ${cmd.split('/MAAS/metadata/by-id/')[1].split('/')[0]}"`
+          : ''
+      }
       echo "TFTP server: ${tftpIp}"
       echo "Kernel path: ${kernelPath}"
       echo "Initrd path: ${initrdPath}"
@@ -2132,8 +2130,7 @@ echo "Response Body:" | tee -a "$LOG_FILE"
 cat "$RESPONSE_FILE" | tee -a "$LOG_FILE"
 if [ "$HTTP_STATUS" -eq 200 ]; then
-  echo "Commissioning requested successfully. Rebooting to start commissioning..." | tee -a "$LOG_FILE"
-  reboot
+  echo "Commissioning requested successfully." | tee -a "$LOG_FILE"
 else
   echo "ERROR: MAAS commissioning failed with status $HTTP_STATUS" | tee -a "$LOG_FILE"
   exit 0
@@ -2150,34 +2147,24 @@ fi
      * @param {string} params.bootstrapHttpServerPath - The path where static files will be created.
      * @param {string} params.hostname - The hostname of the client machine.
      * @param {string} params.cloudConfigSrc - The cloud-init configuration YAML source.
-     * @param {object} [params.metadata] - Optional metadata to include in meta-data file.
-     * @param {string} [params.vendorData] - Optional vendor-data content (default: empty string).
-     * @param {string} [params.isoUrl] - Optional ISO URL to cache and serve.
+     * @param {string} params.kickstartSrc - The kickstart configuration content.
+     * @param {string} params.vendorData - The cloud-init vendor-data content.
+     * @param {string} params.isoUrl - Optional ISO URL to cache and serve.
      * @memberof UnderpostBaremetal
      * @returns {void}
      */
     httpBootstrapServerStaticFactory({
-      bootstrapHttpServerPath,
-      hostname,
-      cloudConfigSrc,
-      metadata = {},
+      bootstrapHttpServerPath = '',
+      hostname = '',
+      cloudConfigSrc = '',
+      kickstartSrc = '',
       vendorData = '',
       isoUrl = '',
     }) {
-      // Create directory structure
-      shellExec(`mkdir -p ${bootstrapHttpServerPath}/${hostname}/cloud-init`);
-      // Write user-data file
-      fs.writeFileSync(`${bootstrapHttpServerPath}/${hostname}/cloud-init/user-data`, cloudConfigSrc, 'utf8');
-      // Write meta-data file
-      const metaDataContent = `instance-id: ${metadata.instanceId || hostname}\nlocal-hostname: ${metadata.localHostname || hostname}`;
-      fs.writeFileSync(`${bootstrapHttpServerPath}/${hostname}/cloud-init/meta-data`, metaDataContent, 'utf8');
-      // Write vendor-data file
-      fs.writeFileSync(`${bootstrapHttpServerPath}/${hostname}/cloud-init/vendor-data`, vendorData, 'utf8');
+      shellExec(`mkdir -p ${bootstrapHttpServerPath}/${hostname}`);
-      logger.info(`Cloud-init files written to ${bootstrapHttpServerPath}/${hostname}/cloud-init`);
+      Underpost.cloudInit.httpServerStaticFactory({ bootstrapHttpServerPath, hostname, cloudConfigSrc, vendorData });
+      Underpost.kickstart.httpServerStaticFactory({ bootstrapHttpServerPath, hostname, kickstartSrc });
       if (isoUrl) {
         const isoFilename = isoUrl.split('/').pop();
@@ -2213,8 +2200,7 @@ fi
       const bootstrapHttpServerPath = options.bootstrapHttpServerPath || './public/localhost';
       const hostname = options.hostname || 'localhost';
-      shellExec(`mkdir -p ${bootstrapHttpServerPath}/${hostname}/cloud-init`);
-      shellExec(`node bin run kill ${port}`);
+      shellExec(`node bin run kill ${port}`, { silent: true });
       const app = express();
@@ -2253,9 +2239,10 @@ fi
      */
     updateKernelFiles({ commissioningImage, resourcesPath, tftpRootPath, kernelFilesPaths }) {
       // Copy EFI bootloaders to TFTP path.
-      const efiFiles = commissioningImage.architecture.match('arm64')
-        ? ['bootaa64.efi', 'grubaa64.efi']
-        : ['bootx64.efi', 'grubx64.efi'];
+      const arch = resourcesPath.split('/').pop();
+      const efiFiles =
+        arch === 'arm64' || arch === 'aarch64' ? ['bootaa64.efi', 'grubaa64.efi'] : ['bootx64.efi', 'grubx64.efi'];
       for (const file of efiFiles) {
         shellExec(`sudo cp -a ${resourcesPath}/${file} ${tftpRootPath}/pxe/${file}`);
       }
@@ -2305,7 +2292,6 @@ fi
      * @param {string} options.macAddress - The MAC address of the client.
      * @param {boolean} options.cloudInit - Whether to include cloud-init parameters.
      * @param {object} options.machine - The machine object containing system_id.
-     * @param {string} options.machine.system_id - The system ID of the machine (for MAAS metadata).
      * @param {boolean} [options.dev=false] - Whether to enable dev mode with dracut debugging parameters.
      * @param {string} [options.osIdLike=''] - OS family identifier (e.g., 'rhel centos fedora' or 'debian ubuntu').
      * @param {object} options.authCredentials - Authentication credentials for fetching files (if needed).
@@ -2313,6 +2299,7 @@ fi
      * @param {string} options.authCredentials.consumer_secret - Consumer secret for authentication.
      * @param {string} options.authCredentials.token_key - Token key for authentication.
      * @param {string} options.authCredentials.token_secret - Token secret for authentication.
+     * @param {string} options.architecture - The architecture of the machine (e.g., 'amd64', 'arm64').
      * @returns {object} An object containing the constructed command line string.
      * @memberof UnderpostBaremetal
      */
@@ -2331,10 +2318,10 @@ fi
         type: '',
         macAddress: '',
         cloudInit: false,
-        machine: { system_id: '' },
         dev: false,
         osIdLike: '',
         authCredentials: { consumer_key: '', consumer_secret: '', token_key: '', token_secret: '' },
+        architecture,
       },
     ) {
       // Construct kernel command line arguments for NFS boot.
@@ -2353,8 +2340,12 @@ fi
         macAddress,
         cloudInit,
         osIdLike,
+        architecture,
       } = options;
+      // Determine OS family from osIdLike
+      const { isDebianBased, isRhelBased } = Underpost.baremetal.getFamilyBaseOs(options.osIdLike);
       const ipParam =
         `ip=${ipClient}:${ipFileServer}:${ipDhcpServer}:${netmask}:${hostname}` +
         `:${networkInterfaceName ? networkInterfaceName : 'eth0'}:${ipConfig}:${dnsServer}`;
@@ -2384,7 +2375,9 @@ fi
           : []
       }`;
-      const nfsRootParam = `nfsroot=${ipFileServer}:${process.env.NFS_EXPORT_PATH}/${hostname}${nfsOptions ? `,${nfsOptions}` : ''}`;
+      const nfsRootParam = `nfsroot=${ipFileServer}:${process.env.NFS_EXPORT_PATH}/${hostname}${
+        nfsOptions ? `,${nfsOptions}` : ''
+      }`;
       const permissionsParams = [
         `rw`,
@@ -2402,8 +2395,8 @@ fi
         // `layerfs-path=filesystem.squashfs`,
         // `root=/dev/ram0`,
         // `toram`,
-        'nomodeset',
-        `editable_rootfs=tmpfs`,
+        // 'nomodeset',
+        // `editable_rootfs=tmpfs`, // all writes to rootfs go to RAM, keeping underlying storage pristine
         // `ramdisk_size=3550000`,
         // `root=/dev/sda1`, // rpi4 usb port unit
         'apparmor=0', // Disable AppArmor security
@@ -2446,22 +2439,22 @@ fi
       let cmd = [];
       if (type === 'iso-ram') {
-        const netBootParams = [`netboot=url`];
-        if (fileSystemUrl) netBootParams.push(`url=${fileSystemUrl.replace('https', 'http')}`);
-        cmd = [ipParam, `boot=casper`, 'toram', ...netBootParams, ...kernelParams, ...performanceParams];
+        if (isRhelBased) {
+          cmd = Underpost.kickstart.kernelParamsFactory(macAddress, [ipParam, ...kernelParams], options);
+        } else {
+          // ISO-RAM (Debian/Ubuntu): full live ISO downloaded into RAM via casper toram.
+          const netBootParams = [`netboot=url`];
+          if (fileSystemUrl) netBootParams.push(`url=${fileSystemUrl.replace('https', 'http')}`);
+          cmd = [ipParam, `boot=casper`, 'toram', ...netBootParams, ...kernelParams, ...performanceParams];
+        }
       } else if (type === 'chroot-debootstrap' || type === 'chroot-container') {
         let qemuNfsRootParams = [`root=/dev/nfs`, `rootfstype=nfs`];
         cmd = [ipParam, ...qemuNfsRootParams, nfsRootParam, ...kernelParams];
       } else {
-        // 'iso-nfs'
+        // 'iso-nfs' — Debian/Ubuntu NFS root boot: kernel/initrd from ISO, root filesystem served via NFS.
         cmd = [ipParam, `netboot=nfs`, nfsRootParam, ...kernelParams, ...performanceParams];
-        // cmd.push(`ifname=${networkInterfaceName}:${macAddress}`);
       }
-      // Determine OS family from osIdLike configuration
-      const isRhelBased = osIdLike && osIdLike.match(/rhel|centos|fedora|alma|rocky/i);
-      const isDebianBased = osIdLike && osIdLike.match(/debian|ubuntu/i);
       // Add RHEL/Rocky/Fedora based images specific parameters
       if (isRhelBased) {
         cmd = cmd.concat([`rd.neednet=1`, `rd.timeout=180`, `selinux=0`, `enforcing=0`]);
@@ -2968,320 +2961,6 @@ EOF`);
       throw new Error(`Unsupported host architecture: ${machine}`);
     },
-    /**
-     * @property {object} systemProvisioningFactory
-     * @description A factory object containing functions for system provisioning based on OS type.
-     * Each OS type (e.g., 'ubuntu') provides methods for base system setup, user creation,
-     * timezone configuration, and keyboard layout settings.     *
-     * @memberof UnderpostBaremetal
-     * @namespace UnderpostBaremetal.systemProvisioningFactory
-     */
-    systemProvisioningFactory: {
-      /**
-       * @property {object} ubuntu
-       * @description Provisioning steps for Ubuntu-based systems.
-       * @memberof UnderpostBaremetal.systemProvisioningFactory
-       * @namespace UnderpostBaremetal.systemProvisioningFactory.ubuntu
-       */
-      ubuntu: {
-        /**
-         * @method base
-         * @description Generates shell commands for basic Ubuntu system provisioning.
-         * This includes updating package lists, installing essential build tools,
-         * kernel modules, cloud-init, SSH server, and other core utilities.
-         * @param {object} params - The parameters for the function.
-         * @memberof UnderpostBaremetal.systemProvisioningFactory.ubuntu
-         * @returns {string[]} An array of shell commands.
-         */
-        base: () => [
-          // Configure APT sources for Ubuntu ports
-          `cat <<SOURCES | tee /etc/apt/sources.list
-deb http://ports.ubuntu.com/ubuntu-ports noble main restricted universe multiverse
-deb http://ports.ubuntu.com/ubuntu-ports noble-updates main restricted universe multiverse
-deb http://ports.ubuntu.com/ubuntu-ports noble-security main restricted universe multiverse
-SOURCES`,
-          // Update package lists and perform a full system upgrade
-          `apt update -qq`,
-          `apt -y full-upgrade`,
-          // Install all essential packages in one consolidated step
-          `DEBIAN_FRONTEND=noninteractive apt install -y build-essential xinput x11-xkb-utils usbutils uuid-runtime linux-image-generic systemd-sysv openssh-server sudo locales udev util-linux iproute2 netplan.io ca-certificates curl wget chrony apt-utils tzdata kmod keyboard-configuration console-setup iputils-ping`,
-          // Ensure systemd is the init system
-          `ln -sf /lib/systemd/systemd /sbin/init`,
-          // Clean up
-          `apt-get clean`,
-        ],
-        /**
-         * @method user
-         * @description Generates shell commands for creating a root user and configuring SSH access.
-         * This is a critical security step for initial access to the provisioned system.
-         * @memberof UnderpostBaremetal.systemProvisioningFactory.ubuntu
-         * @returns {string[]} An array of shell commands.
-         */
-        user: () => [
-          `useradd -m -s /bin/bash -G sudo root`, // Create a root user with bash shell and sudo privileges.
-          `echo 'root:root' | chpasswd`, // Set a default password for the root user (consider more secure methods for production).
-          `mkdir -p /home/root/.ssh`, // Create .ssh directory for authorized keys.
-          // Add the public SSH key to authorized_keys for passwordless login.
-          `echo '${fs.readFileSync(
-            `/home/dd/engine/engine-private/deploy/id_rsa.pub`,
-            'utf8',
-          )}' > /home/root/.ssh/authorized_keys`,
-          `chown -R root /home/root/.ssh`, // Set ownership for security.
-          `chmod 700 /home/root/.ssh`, // Set permissions for the .ssh directory.
-          `chmod 600 /home/root/.ssh/authorized_keys`, // Set permissions for authorized_keys.
-        ],
-        /**
-         * @method timezone
-         * @description Generates shell commands for configuring the system timezone and Chrony (NTP client).
-         * Accurate time synchronization is essential for logging, security, and distributed systems.
-         * @param {object} params - The parameters for the function.
-         * @param {string} params.timezone - The timezone string (e.g., 'America/New_York').
-         * @param {string} params.chronyConfPath - The path to the Chrony configuration file.
-         * @param {string} [alias='chrony'] - The alias for the chrony service.
-         * @memberof UnderpostBaremetal.systemProvisioningFactory.ubuntu
-         * @returns {string[]} An array of shell commands.
-         */
-        timezone: ({ timezone, chronyConfPath }, alias = 'chrony') => [
-          `export DEBIAN_FRONTEND=noninteractive`, // Set non-interactive mode for Debian packages.
-          `ln -fs /usr/share/zoneinfo/${timezone} /etc/localtime`, // Symlink timezone.
-          `sudo dpkg-reconfigure --frontend noninteractive tzdata`, // Reconfigure timezone data.
-          `sudo timedatectl set-timezone ${timezone}`, // Set timezone using timedatectl.
-          `sudo timedatectl set-ntp true`, // Enable NTP synchronization.
-          // Write the Chrony configuration file.
-          `echo '
-# Use public servers from the pool.ntp.org project.
-# Please consider joining the pool (http://www.pool.ntp.org/join.html).
-# pool 2.pool.ntp.org iburst
-server ${process.env.MAAS_NTP_SERVER} iburst
-# Record the rate at which the system clock gains/losses time.
-driftfile /var/lib/chrony/drift
-# Allow the system clock to be stepped in the first three updates
-# if its offset is larger than 1 second.
-makestep 1.0 3
-# Enable kernel synchronization of the real-time clock (RTC).
-rtcsync
-# Enable hardware timestamping on all interfaces that support it.
-#hwtimestamp *
-# Increase the minimum number of selectable sources required to adjust
-# the system clock.
-#minsources 2
-# Allow NTP client access from local network.
-#allow 192.168.0.0/16
-# Serve time even if not synchronized to a time source.
-#local stratum 10
-# Specify file containing keys for NTP authentication.
-keyfile /etc/chrony.keys
-# Get TAI-UTC offset and leap seconds from the system tz database.
-leapsectz right/UTC
-# Specify directory for log files.
-logdir /var/log/chrony
-# Select which information is logged.
-#log measurements statistics tracking
-' > ${chronyConfPath}`,
-          `systemctl stop ${alias}`, // Stop Chrony service before reconfiguring.
-          // Enable, restart, and check status of Chrony service.
-          `sudo systemctl enable --now ${alias}`,
-          `sudo systemctl restart ${alias}`,
-          // Wait for chrony to synchronize
-          `echo "Waiting for chrony to synchronize..."`,
-          `for i in {1..30}; do chronyc tracking | grep -q "Leap status     : Normal" && break || sleep 2; done`,
-          `sudo systemctl status ${alias}`,
-          // Verify Chrony synchronization.
-          `chronyc sources`,
-          `chronyc tracking`,
-          `chronyc sourcestats -v`, // Display source statistics.
-          `timedatectl status`, // Display current time and date settings.
-        ],
-        /**
-         * @method keyboard
-         * @description Generates shell commands for configuring the keyboard layout.
-         * This ensures correct input behavior on the provisioned system.
-         * @param {string} [keyCode='en'] - The keyboard layout code (e.g., 'en', 'es').
-         * @memberof UnderpostBaremetal.systemProvisioningFactory.ubuntu
-         * @returns {string[]} An array of shell commands.
-         */
-        keyboard: (keyCode = 'en') => [
-          `sudo locale-gen en_US.UTF-8`,
-          `sudo update-locale LANG=en_US.UTF-8`,
-          `sudo sed -i 's/XKBLAYOUT="us"/XKBLAYOUT="${keyCode}"/' /etc/default/keyboard`,
-          `sudo dpkg-reconfigure --frontend noninteractive keyboard-configuration`,
-          `sudo systemctl restart keyboard-setup.service`,
-        ],
-      },
-      /**
-       * @property {object} rocky
-       * @description Provisioning steps for Rocky Linux-based systems.
-       * @memberof UnderpostBaremetal.systemProvisioningFactory
-       * @namespace UnderpostBaremetal.systemProvisioningFactory.rocky
-       */
-      rocky: {
-        /**
-         * @method base
-         * @description Generates shell commands for basic Rocky Linux system provisioning.
-         * This includes installing Node.js, npm, and underpost CLI tools.
-         * @param {object} params - The parameters for the function.
-         * @memberof UnderpostBaremetal.systemProvisioningFactory.rocky
-         * @returns {string[]} An array of shell commands.
-         */
-        base: () => [
-          // Update system and install EPEL repository
-          `dnf -y update`,
-          `dnf -y install epel-release`,
-          // Install essential system tools (avoiding duplicates from container packages)
-          `dnf -y install --allowerasing bzip2 openssh-server nano vim-enhanced less openssl-devel git gnupg2 libnsl perl`,
-          `dnf clean all`,
-          // Install Node.js
-          `curl -fsSL https://rpm.nodesource.com/setup_24.x | bash -`,
-          `dnf install -y nodejs`,
-          `dnf clean all`,
-          // Verify Node.js and npm versions
-          `node --version`,
-          `npm --version`,
-          // Install underpost ci/cd cli
-          `npm install -g underpost`,
-          `underpost --version`,
-        ],
-        /**
-         * @method user
-         * @description Generates shell commands for creating a root user and configuring SSH access on Rocky Linux.
-         * This is a critical security step for initial access to the provisioned system.
-         * @memberof UnderpostBaremetal.systemProvisioningFactory.rocky
-         * @returns {string[]} An array of shell commands.
-         */
-        user: () => [
-          `useradd -m -s /bin/bash -G wheel root`, // Create a root user with bash shell and wheel group (sudo on RHEL)
-          `echo 'root:root' | chpasswd`, // Set a default password for the root user
-          `mkdir -p /home/root/.ssh`, // Create .ssh directory for authorized keys
-          // Add the public SSH key to authorized_keys for passwordless login
-          `echo '${fs.readFileSync(
-            `/home/dd/engine/engine-private/deploy/id_rsa.pub`,
-            'utf8',
-          )}' > /home/root/.ssh/authorized_keys`,
-          `chown -R root:root /home/root/.ssh`, // Set ownership for security
-          `chmod 700 /home/root/.ssh`, // Set permissions for the .ssh directory
-          `chmod 600 /home/root/.ssh/authorized_keys`, // Set permissions for authorized_keys
-        ],
-        /**
-         * @method timezone
-         * @description Generates shell commands for configuring the system timezone on Rocky Linux.
-         * @param {object} params - The parameters for the function.
-         * @param {string} params.timezone - The timezone string (e.g., 'America/Santiago').
-         * @param {string} params.chronyConfPath - The path to the Chrony configuration file (optional).
-         * @memberof UnderpostBaremetal.systemProvisioningFactory.rocky
-         * @returns {string[]} An array of shell commands.
-         */
-        timezone: ({ timezone, chronyConfPath = '/etc/chrony.conf' }) => [
-          // Set system timezone using both methods (for chroot and running system)
-          `ln -sf /usr/share/zoneinfo/${timezone} /etc/localtime`,
-          `echo '${timezone}' > /etc/timezone`,
-          `timedatectl set-timezone ${timezone} 2>/dev/null`,
-          // Configure chrony with local NTP server and common NTP pools
-          `echo '# Local NTP server' > ${chronyConfPath}`,
-          `echo 'server 192.168.1.1 iburst prefer' >> ${chronyConfPath}`,
-          `echo '' >> ${chronyConfPath}`,
-          `echo '# Fallback public NTP servers' >> ${chronyConfPath}`,
-          `echo 'server 0.pool.ntp.org iburst' >> ${chronyConfPath}`,
-          `echo 'server 1.pool.ntp.org iburst' >> ${chronyConfPath}`,
-          `echo 'server 2.pool.ntp.org iburst' >> ${chronyConfPath}`,
-          `echo 'server 3.pool.ntp.org iburst' >> ${chronyConfPath}`,
-          `echo '' >> ${chronyConfPath}`,
-          `echo '# Configuration' >> ${chronyConfPath}`,
-          `echo 'driftfile /var/lib/chrony/drift' >> ${chronyConfPath}`,
-          `echo 'makestep 1.0 3' >> ${chronyConfPath}`,
-          `echo 'rtcsync' >> ${chronyConfPath}`,
-          `echo 'logdir /var/log/chrony' >> ${chronyConfPath}`,
-          // Enable chronyd to start on boot
-          `systemctl enable chronyd 2>/dev/null`,
-          // Create systemd link for boot (works in chroot)
-          `mkdir -p /etc/systemd/system/multi-user.target.wants`,
-          `ln -sf /usr/lib/systemd/system/chronyd.service /etc/systemd/system/multi-user.target.wants/chronyd.service 2>/dev/null`,
-          // Start chronyd if systemd is running
-          `systemctl start chronyd 2>/dev/null`,
-          // Restart chronyd to apply configuration
-          `systemctl restart chronyd 2>/dev/null`,
-          // Force immediate time synchronization (only if chronyd is running)
-          `chronyc makestep 2>/dev/null`,
-          // Verify timezone configuration
-          `ls -l /etc/localtime`,
-          `cat /etc/timezone || echo 'No /etc/timezone file'`,
-          `timedatectl status 2>/dev/null || echo 'Timezone set to ${timezone} (timedatectl not available in chroot)'`,
-          `chronyc tracking 2>/dev/null || echo 'Chrony configured but not running (will start on boot)'`,
-        ],
-        /**
-         * @method keyboard
-         * @description Generates shell commands for configuring the keyboard layout on Rocky Linux.
-         * This uses localectl to set the keyboard layout for both console and X11.
-         * @param {string} [keyCode='us'] - The keyboard layout code (e.g., 'us', 'es').
-         * @memberof UnderpostBaremetal.systemProvisioningFactory.rocky
-         * @returns {string[]} An array of shell commands.
-         */
-        keyboard: (keyCode = 'us') => [
-          // Configure vconsole.conf for console keyboard layout (persistent)
-          `echo 'KEYMAP=${keyCode}' > /etc/vconsole.conf`,
-          `echo 'FONT=latarcyrheb-sun16' >> /etc/vconsole.conf`,
-          // Configure locale.conf for system locale
-          `echo 'LANG=en_US.UTF-8' > /etc/locale.conf`,
-          `echo 'LC_ALL=en_US.UTF-8' >> /etc/locale.conf`,
-          // Set keyboard layout using localectl (works if systemd is running)
-          `localectl set-locale LANG=en_US.UTF-8 2>/dev/null`,
-          `localectl set-keymap ${keyCode} 2>/dev/null`,
-          `localectl set-x11-keymap ${keyCode} 2>/dev/null`,
-          // Configure X11 keyboard layout file directly
-          `mkdir -p /etc/X11/xorg.conf.d`,
-          `echo 'Section "InputClass"' > /etc/X11/xorg.conf.d/00-keyboard.conf`,
-          `echo '    Identifier "system-keyboard"' >> /etc/X11/xorg.conf.d/00-keyboard.conf`,
-          `echo '    MatchIsKeyboard "on"' >> /etc/X11/xorg.conf.d/00-keyboard.conf`,
-          `echo '    Option "XkbLayout" "${keyCode}"' >> /etc/X11/xorg.conf.d/00-keyboard.conf`,
-          `echo 'EndSection' >> /etc/X11/xorg.conf.d/00-keyboard.conf`,
-          // Load the keymap immediately (if not in chroot)
-          `loadkeys ${keyCode} 2>/dev/null || echo 'Keymap ${keyCode} configured (loadkeys not available in chroot)'`,
-          // Verify configuration
-          `echo 'Keyboard configuration files:'`,
-          `cat /etc/vconsole.conf`,
-          `cat /etc/locale.conf`,
-          `cat /etc/X11/xorg.conf.d/00-keyboard.conf 2>/dev/null || echo 'X11 config created'`,
-          `localectl status 2>/dev/null || echo 'Keyboard layout set to ${keyCode} (localectl not available in chroot)'`,
-        ],
-      },
-    },
     /**
      * @method rebuildNfsServer
      * @description Configures and restarts the NFS server to export the specified path.
@@ -3290,9 +2969,10 @@ logdir /var/log/chrony
      * @param {string} params.nfsHostPath - The path to the NFS server export.
      * @memberof UnderpostBaremetal
      * @param {string} [params.subnet='192.168.1.0/24'] - The subnet allowed to access the NFS export.
+     * @param {boolean} [params.nfsReset=false] - Flag to completely reset the NFS server (restart service).
      * @returns {void}
      */
-    rebuildNfsServer({ nfsHostPath, subnet }) {
+    rebuildNfsServer({ nfsHostPath, subnet, nfsReset }) {
       if (!subnet) subnet = '192.168.1.0/24'; // Default subnet if not provided.
       // Write the NFS exports configuration to /etc/exports.
       fs.writeFileSync(
@@ -3341,9 +3021,11 @@ udp-port = 32766
       // Restart the nfs-server service to apply all configuration changes,
       // including port settings from /etc/nfs.conf and export changes.
-      logger.info('Restarting nfs-server service...');
-      shellExec(`sudo systemctl restart nfs-server`);
-      logger.info('NFS server restarted.');
+      if (nfsReset) {
+        logger.info('Restarting nfs-server service...');
+        shellExec(`sudo systemctl restart nfs-server`);
+        logger.info('NFS server restarted.');
+      }
     },
     /**