underpost 2.8.816 → 2.8.818

package/README.md

@@ -68,7 +68,7 @@ Run dev client server
 npm run dev
 ```
 <!-- -->
-## underpost ci/cd cli v2.8.816
+## underpost ci/cd cli v2.8.818
 
 ### Usage: `underpost [options] [command]`
   ```

package/bin/deploy.js

@@ -69,7 +69,9 @@ const keyboardSteps = [
   `sudo dpkg-reconfigure --frontend noninteractive keyboard-configuration`,
   `sudo systemctl restart keyboard-setup.service`,
 ];
-// #  - ${JSON.stringify([...timeZoneSteps, ...chronySetUp(chronyConfPath)])}
+
+const kernelLibVersion = `6.8.0-41-generic`;
+
 const installSteps = [
   `cat <<EOF | tee /etc/apt/sources.list
 deb http://ports.ubuntu.com/ubuntu-ports noble main restricted universe multiverse
@@ -79,7 +81,11 @@ EOF`,
 
   `apt update -qq`,
   `apt -y full-upgrade`,
-  `apt install -y xinput x11-xkb-utils usbutils`,
+  `apt install -y build-essential xinput x11-xkb-utils usbutils`,
+  'apt install -y linux-image-generic',
+  `apt install -y linux-modules-${kernelLibVersion} linux-modules-extra-${kernelLibVersion}`,
+
+  `depmod -a ${kernelLibVersion}`,
   // `apt install -y cloud-init=25.1.2-0ubuntu0~24.04.1`,
   `apt install -y cloud-init systemd-sysv openssh-server sudo locales udev util-linux systemd-sysv iproute2 netplan.io ca-certificates curl wget chrony`,
   `ln -sf /lib/systemd/systemd /sbin/init`,
@@ -89,19 +95,40 @@ EOF`,
   `DEBIAN_FRONTEND=noninteractive apt-get install -y tzdata kmod keyboard-configuration console-setup iputils-ping`,
 ];
 
+const bootCmdSteps = [
+  `/underpost/dns.sh`,
+  `/underpost/host.sh`,
+  // `/underpost/date.sh`,
+  `/underpost/keys_import.sh`,
+  `/underpost/mac.sh`,
+  `cat /underpost/mac`,
+];
+
+const cloudInitReset = `sudo cloud-init clean --logs --seed --configs all --machine-id
+sudo rm -rf /var/lib/cloud/*`;
+
+const cloudConfigCmdRunFactory = (steps = []) =>
+  steps
+    .map(
+      (step, i, a) =>
+        '  - echo "\\$(date) | ' + (i + 1) + '/' + a.length + ' - ' + step.split('\n')[0] + '"' + `\n` + `  - ${step}`,
+    )
+    .join('\n');
+
 const cloudConfigFactory = (
-  { IP_ADDRESS, architecture, host, nfsHostPath, ipaddr, update, gatewayip },
+  { controlServerIp, architecture, host, nfsHostPath, commissioningDeviceIp, update, gatewayip, auth },
   { consumer_key, consumer_secret, token_key, token_secret },
+  path = '/etc/cloud/cloud.cfg.d/90_maas.cfg',
 ) => [
   // Configure cloud-init for MAAS
-  `cat <<EOF_MAAS_CFG > /etc/cloud/cloud.cfg.d/90_maas.cfg
+  `cat <<EOF_MAAS_CFG > ${path}
 #cloud-config
 
 hostname: ${host}
 # fqdn: server01.midominio.cl
 # prefer_fqdn_over_hostname: true
-# metadata_url: http://${IP_ADDRESS}:5240/MAAS/metadata
-# metadata_url: http://${IP_ADDRESS}:5248/MAAS/metadata
+# metadata_url: http://${controlServerIp}:5240/MAAS/metadata
+# metadata_url: http://${controlServerIp}:5248/MAAS/metadata
 
 # Check:
 # /MAAS/metadata/latest/enlist-preseed/?op=get_enlist_preseed
@@ -112,9 +139,9 @@ hostname: ${host}
 datasource_list: [ MAAS ]
 datasource:
   MAAS:
-    metadata_url: http://${IP_ADDRESS}:5240/MAAS/metadata/
+    metadata_url: http://${controlServerIp}:5240/MAAS/metadata/
     ${
-      process.argv.includes('reset')
+      !auth
         ? ''
         : `consumer_key: ${consumer_key}
     consumer_secret: ${consumer_secret}
@@ -142,18 +169,15 @@ users:
 
 # check timedatectl on host
 # timezone: America/Santiago
-# timezone: ${timezone}
+timezone: ${timezone}
 
 ntp:
   enabled: true
   servers:
     - ${process.env.MAAS_NTP_SERVER}
   ntp_client: chrony
-#   config:
-#     confpath: ${chronyConfPath}
-#     packages:
-#       - chrony
-#     service_name: chrony
+  config:
+    confpath: ${chronyConfPath}
 
 # ssh:
 #   allow-pw: false
@@ -167,36 +191,40 @@ packages:
   - git
   - htop
   - snapd
+  - chrony
 resize_rootfs: false
 growpart:
-  mode: off
+  mode: false
 network:
   version: 2
   ethernets:
     ${process.env.RPI4_INTERFACE_NAME}:
-      dhcp4: true
+      match:
+        macaddress: "${process.env.RPI4_MAC_ADDRESS}"
+      mtu: 1500
+      set-name: ${process.env.RPI4_INTERFACE_NAME}
+      dhcp4: false
       addresses:
-        - ${ipaddr}/24
-#         routes:
-#           - to: default
-#             via: ${gatewayip}
+        - ${commissioningDeviceIp}/24
+      gateway4: ${gatewayip}
+      nameservers:
+        addresses:
+          - ${process.env.MAAS_DNS}
 
-# chpasswd:
-#   expire: false
-#   users:
-#   - {name: root, password: changeme, type: text}
 
-final_message: "The system is up, after $UPTIME seconds"
+final_message: "====== Cloud init finished ======"
 
 # power_state:
 #   mode: reboot
 #   message: Rebooting after initial setup
 #   timeout: 30
 #   condition: True
+
 bootcmd:
   - echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
   - echo "Init bootcmd"
   - echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
+${cloudConfigCmdRunFactory(bootCmdSteps)}
 runcmd:
   - echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
   - echo "Init runcmd"
@@ -212,61 +240,37 @@ preserve_hostname: false
 # The modules that run in the 'init' stage
 cloud_init_modules:
   - migrator
-  - seed_random
   - bootcmd
   - write-files
   - growpart
   - resizefs
-  - disk_setup
-  - mounts
   - set_hostname
-  - update_hostname
   - update_etc_hosts
-  - ca-certs
   - rsyslog
   - users-groups
   - ssh
 
-# The modules that run in the 'config' stage
 cloud_config_modules:
-# Emit the cloud config ready event
-# this can be used by upstart jobs for 'start on cloud-config'.
-  - emit_upstart
-  - snap_config
-  - ssh-import-id
+  - mounts
   - locale
   - set-passwords
-  - grub-dpkg
-  - apt-pipelining
-  - apt-configure
-  - ntp
+  - package-update-upgrade-install
   - timezone
-  - disable-ec2-metadata
   - runcmd
-  - byobu
+  - ssh-import-id
+  - ntp
 
-# The modules that run in the 'final' stage
 cloud_final_modules:
-  - snappy
-  - package-update-upgrade-install
-#  - fan
-#  - landscape
-#  - lxd
-#  - puppet
-  - chef
-  - salt-minion
-  - mcollective
   - rightscale_userdata
-  - scripts-vendor
   - scripts-per-once
   - scripts-per-boot
   - scripts-per-instance
   - scripts-user
   - ssh-authkey-fingerprints
   - keys-to-console
-#  - phone-home
+  - phone-home
   - final-message
-#  - power-state-change
+
 EOF_MAAS_CFG`,
 ];
 
@@ -285,7 +289,9 @@ EOF_OUTER`;
   shellExec(cmd);
 };
 
-const chronySetUp = (path) => {
+const chronySetUp = (path, alias = 'chrony') => {
+  // use alias = 'chronyd' for RHEL
+  // use alias = 'chrony' for Ubuntu
   return [
     `echo '
 # Use public servers from the pool.ntp.org project.
@@ -328,25 +334,25 @@ logdir /var/log/chrony
 # Select which information is logged.
 #log measurements statistics tracking
 ' > ${path} `,
-    `sudo systemctl stop chronyd`,
+    `systemctl stop ${alias}`,
+
+    `${alias}d -q 'server ntp.ubuntu.com iburst'`,
 
     // `chronyd -q 'server 0.europe.pool.ntp.org iburst'`,
-    `chronyd -q 'server ntp.ubuntu.com iburst'`,
 
-    `sudo systemctl enable --now chronyd`,
-    `sudo systemctl restart chronyd`,
-    `sudo systemctl status chronyd`,
+    `sudo systemctl enable --now ${alias}`,
+    `sudo systemctl restart ${alias}`,
+    `sudo systemctl status ${alias}`,
 
     `chronyc sources`,
     `chronyc tracking`,
-    // sudo firewall-cmd --add-service=ntp --permanent
-    // sudo firewall-cmd --reload
 
     `chronyc sourcestats -v`,
+    `timedatectl status`,
   ];
 };
 
-const installUbuntuUnderpostTools = (nfsHostPath) => {
+const installUbuntuUnderpostTools = ({ nfsHostPath, host }) => {
   fs.mkdirSync(`${nfsHostPath}/underpost`, { recursive: true });
 
   logger.info('Build', `${nfsHostPath}/underpost/date.sh`);
@@ -358,6 +364,36 @@ ${chronySetUp(chronyConfPath).join('\n')}
     'utf8',
   );
 
+  logger.info('Build', `${nfsHostPath}/underpost/host.sh`);
+  fs.writeFileSync(
+    `${nfsHostPath}/underpost/host.sh`,
+    `echo -e "127.0.0.1   localhost\n127.0.1.1   ${host}" | tee -a /etc/hosts`,
+    'utf8',
+  );
+
+  logger.info('Build', `${nfsHostPath}/underpost/keys_current.sh`);
+  fs.writeFileSync(
+    `${nfsHostPath}/underpost/keys_current.sh`,
+    `cat /etc/cloud/cloud.cfg.d/90_maas.cfg | grep -C 5 'metadata'`,
+    'utf8',
+  );
+
+  logger.info('Build', `${nfsHostPath}/underpost/keys_remove.sh`);
+  fs.writeFileSync(
+    `${nfsHostPath}/underpost/keys_remove.sh`,
+    `cp -a /underpost/90_maas_no_keys.cfg /etc/cloud/cloud.cfg.d/90_maas.cfg
+/underpost/keys_current.sh`,
+    'utf8',
+  );
+
+  logger.info('Build', `${nfsHostPath}/underpost/keys_import.sh`);
+  fs.writeFileSync(
+    `${nfsHostPath}/underpost/keys_import.sh`,
+    `cp -a /underpost/90_maas_keys.cfg /etc/cloud/cloud.cfg.d/90_maas.cfg
+/underpost/keys_current.sh`,
+    'utf8',
+  );
+
   logger.info('Build', `${nfsHostPath}/underpost/keyboard.sh`);
   fs.writeFileSync(
     `${nfsHostPath}/underpost/keyboard.sh`,
@@ -376,6 +412,24 @@ ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf`,
     'utf8',
   );
 
+  logger.info('Build', `${nfsHostPath}/underpost/start.sh`);
+  fs.writeFileSync(
+    `${nfsHostPath}/underpost/start.sh`,
+    `#!/bin/bash
+set -x
+sudo cloud-init --all-stages
+    `,
+    'utf8',
+  );
+
+  logger.info('Build', `${nfsHostPath}/underpost/reset.sh`);
+  fs.writeFileSync(
+    `${nfsHostPath}/underpost/reset.sh`,
+    `${cloudInitReset}
+${bootCmdSteps.join('\n')}`,
+    'utf8',
+  );
+
   logger.info('Build', `${nfsHostPath}/underpost/help.sh`);
   fs.writeFileSync(
     `${nfsHostPath}/underpost/help.sh`,
@@ -402,6 +456,24 @@ cut -d: -f1 /etc/passwd
     'utf8',
   );
 
+  logger.info('Build', `${nfsHostPath}/underpost/shutdown.sh`);
+  fs.writeFileSync(
+    `${nfsHostPath}/underpost/shutdown.sh`,
+    `cp -a /underpost/90_maas_no_keys.cfg /etc/cloud/cloud.cfg.d/90_maas.cfg
+sudo shutdown -h now`,
+    'utf8',
+  );
+
+  logger.info('Build', `${nfsHostPath}/underpost/mac.sh`);
+  fs.writeFileSync(
+    `${nfsHostPath}/underpost/mac.sh`,
+    `echo "$(cat /sys/class/net/${process.env.RPI4_INTERFACE_NAME}/address)" > /underpost/mac`,
+    'utf8',
+  );
+
+  logger.info('Build', `${nfsHostPath}/underpost/device_scan.sh`);
+  fs.copySync(`./manifests/maas/device-scan.sh`, `${nfsHostPath}/underpost/device_scan.sh`);
+
   logger.info('Build', `${nfsHostPath}/underpost/config-path.sh`);
   fs.writeFileSync(`${nfsHostPath}/underpost/config-path.sh`, `echo "/etc/cloud/cloud.cfg.d/90_maas.cfg"`, 'utf8');
 
@@ -417,7 +489,17 @@ cut -d: -f1 /etc/passwd
     `chmod +x /underpost/dns.sh`,
     `chmod +x /underpost/help.sh`,
     `chmod +x /underpost/config-path.sh`,
+    `chmod +x /underpost/host.sh`,
+    `chmod +x /underpost/keys_current.sh`,
+    `chmod +x /underpost/keys_import.sh`,
+    `chmod +x /underpost/keys_remove.sh`,
     `chmod +x /underpost/test.sh`,
+    `chmod +x /underpost/start.sh`,
+    `chmod +x /underpost/reset.sh`,
+    `chmod +x /underpost/shutdown.sh`,
+    `chmod +x /underpost/device_scan.sh`,
+    `chmod +x /underpost/mac.sh`,
+    chronySetUp(chronyConfPath)[0],
     `sudo chmod 700 ~/.ssh/`,
     `sudo chmod 600 ~/.ssh/authorized_keys`,
     `sudo chmod 644 ~/.ssh/known_hosts`,
@@ -428,7 +510,15 @@ cut -d: -f1 /etc/passwd
   ]);
 };
 
-const updateVirtualRoot = async ({ IP_ADDRESS, architecture, host, nfsHostPath, ipaddr, update, gatewayip }) => {
+const updateVirtualRoot = async ({
+  controlServerIp,
+  architecture,
+  host,
+  nfsHostPath,
+  commissioningDeviceIp,
+  update,
+  gatewayip,
+}) => {
   // <consumer_key>:<consumer_token>:<secret>
   // <consumer_key>:<consumer_secret>:<token_key>:<token_secret>
   // maas apikey --with-names --username ${process.env.MAAS_ADMIN_USERNAME}
@@ -461,8 +551,7 @@ const updateVirtualRoot = async ({ IP_ADDRESS, architecture, host, nfsHostPath,
     // --reboot
     if (process.argv.includes('reset'))
       shellExec(`sudo chroot ${nfsHostPath} /usr/bin/qemu-aarch64-static /bin/bash <<'EOF'
-sudo cloud-init clean --logs --seed --configs all --machine-id
-sudo rm -rf /var/lib/cloud/*
+${cloudInitReset}
 EOF`);
 
     if (fs.existsSync(`${nfsHostPath}/var/log/`)) {
@@ -495,11 +584,50 @@ EOF`);
   runSteps(
     nfsHostPath,
     cloudConfigFactory(
-      { IP_ADDRESS, architecture, host, nfsHostPath, ipaddr, update, gatewayip },
+      {
+        auth: true,
+        controlServerIp,
+        architecture,
+        host,
+        nfsHostPath,
+        commissioningDeviceIp,
+        update,
+        gatewayip,
+      },
+      { consumer_key, consumer_secret, token_key, token_secret },
+      '/underpost/90_maas_keys.cfg',
+    ),
+  );
+
+  runSteps(
+    nfsHostPath,
+    cloudConfigFactory(
+      {
+        auth: false,
+        controlServerIp,
+        architecture,
+        host,
+        nfsHostPath,
+        commissioningDeviceIp,
+        update,
+        gatewayip,
+      },
       { consumer_key, consumer_secret, token_key, token_secret },
+      '/underpost/90_maas_no_keys.cfg',
     ),
   );
-  installUbuntuUnderpostTools(nfsHostPath);
+
+  if (process.argv.includes('auth')) {
+    shellExec(`cp ${nfsHostPath}/underpost/90_maas_keys.cfg ${nfsHostPath}/etc/cloud/cloud.cfg.d/90_maas.cfg`);
+  } else {
+    shellExec(`cp ${nfsHostPath}/underpost/90_maas_no_keys.cfg ${nfsHostPath}/etc/cloud/cloud.cfg.d/90_maas.cfg`);
+  }
+
+  installUbuntuUnderpostTools({ nfsHostPath, host });
+
+  shellExec(`./manifests/maas/nat-iptables.sh`, { silent: true });
+
+  shellExec(`cat ${nfsHostPath}/etc/cloud/cloud.cfg.d/90_maas.cfg`);
 };
 
 try {
@@ -1679,41 +1807,60 @@ EOF`);
     }
 
     case 'maas': {
-      shellExec(
-        `underpost secret underpost --create-from-file /home/dd/engine/engine-private/conf/dd-cron/.env.production`,
-      );
-      dotenv.config({ path: `${getUnderpostRootPath()}/.env`, override: true });
-      const IP_ADDRESS = getLocalIPv4Address();
-      const serverip = IP_ADDRESS;
+      dotenv.config({ path: `/home/dd/engine/engine-private/conf/dd-cron/.env.production`, override: true });
+      const controlServerIp = getLocalIPv4Address();
       const tftpRoot = process.argv.includes('v3.0')
         ? `/var/snap/maas/common/maas/boot-resources/snapshot-20250720-162718`
         : process.env.TFTP_ROOT;
-      const ipaddr = process.env.RPI4_IP;
+      const commissioningDeviceIp = process.env.RPI4_IP;
       const netmask = process.env.NETMASK;
       const gatewayip = process.env.GATEWAY_IP;
+      let commissioningMac = '00:00:00:00:00:00';
 
-      const machineFactory = (m) => ({
-        system_id: m.interface_set[0].system_id,
-        mac_address: m.interface_set[0].mac_address,
-        hostname: m.hostname,
-        status_name: m.status_name,
-      });
+      const removeMachines = () => {
+        for (const machine of machines) {
+          shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} machine delete ${machine.system_id}`);
+        }
+        machines = [];
+      };
+
+      const clearDiscoveries = () => {
+        shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} discoveries clear all=true`);
+        if (process.argv.includes('force')) {
+          shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} discoveries scan force=true`);
+        }
+      };
+
+      const macMonitor = async (nfsServerRootPath) => {
+        if (fs.existsSync(`${nfsServerRootPath}/underpost/mac`)) {
+          commissioningMac = fs.readFileSync(`${nfsServerRootPath}/underpost/mac`, 'utf8').trim();
+          logger.info('Commissioning MAC', commissioningMac);
+          return;
+        }
+        await timer(1000);
+        await macMonitor(nfsServerRootPath);
+      };
 
       let resources;
-      try {
-        resources = JSON.parse(
-          shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} boot-resources read`, {
-            silent: true,
-            stdout: true,
-          }),
-        ).map((o) => ({
-          id: o.id,
-          name: o.name,
-          architecture: o.architecture,
-        }));
-      } catch (error) {
-        logger.error(error);
-      }
+      if (!process.argv.includes('machines'))
+        try {
+          resources = JSON.parse(
+            shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} boot-resources read`, {
+              silent: true,
+              stdout: true,
+            }),
+          ).map((o) => ({
+            id: o.id,
+            name: o.name,
+            architecture: o.architecture,
+          }));
+          if (process.argv.includes('images')) {
+            console.table(resources);
+            process.exit(0);
+          }
+        } catch (error) {
+          logger.error(error);
+        }
 
       let machines;
       try {
@@ -1722,23 +1869,21 @@ EOF`);
             stdout: true,
             silent: true,
           }),
-        ).map((m) => machineFactory(m));
+        ).map((m) => ({
+          system_id: m.interface_set[0].system_id,
+          mac_address: m.interface_set[0].mac_address,
+          hostname: m.hostname,
+          status_name: m.status_name,
+        }));
+        if (process.argv.includes('machines')) {
+          console.table(machines);
+          process.exit(0);
+        }
       } catch (error) {
         logger.error(error);
       }
 
-      if (process.argv.includes('ls')) {
-        shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} boot-sources read`);
-        shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} commissioning-scripts read`);
-        // shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} boot-source-selections read 60`);
-        logger.info('Resources');
-        console.table(resources);
-        logger.info('Machines');
-        console.table(machines);
-        process.exit(0);
-      }
-
-      if (process.argv.includes('config')) {
+      if (process.argv.includes('journald')) {
         shellExec(`sudo sed -i 's/^#Storage=auto/Storage=volatile/' /etc/systemd/journald.conf`);
         shellExec(`sudo systemctl daemon-reload`);
         shellExec(`sudo systemctl restart systemd-journald`);
@@ -1775,14 +1920,8 @@ EOF`);
       //       - Disable DNSSEC validation to No (Disable DNSSEC; useful when upstream DNS is misconfigured)
 
       if (process.argv.includes('clear')) {
-        for (const machine of machines) {
-          shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} machine delete ${machine.system_id}`);
-        }
-        // machines = [];
-        shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} discoveries clear all=true`);
-        if (process.argv.includes('force')) {
-          shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} discoveries scan force=true`);
-        }
+        removeMachines();
+        clearDiscoveries();
         process.exit(0);
       }
       if (process.argv.includes('grub-arm64')) {
@@ -1803,37 +1942,13 @@ EOF`);
         pbcopy(cmd);
         process.exit(0);
       }
-      if (process.argv.includes('reset')) {
-        // shellExec(
-        //   `maas init region+rack --database-uri "postgres://$DB_PG_MAAS_USER:$DB_PG_MAAS_PASS@$DB_PG_MAAS_HOST/$DB_PG_MAAS_NAME"` +
-        //     ` --maas-url http://${IP_ADDRESS}:5240/MAAS`,
-        // );
-        const cmd =
-          `maas init region+rack --database-uri "postgres://${process.env.DB_PG_MAAS_USER}:${process.env.DB_PG_MAAS_PASS}@${process.env.DB_PG_MAAS_HOST}/${process.env.DB_PG_MAAS_NAME}"` +
-          ` --maas-url http://${IP_ADDRESS}:5240/MAAS`;
-        pbcopy(cmd);
-        process.exit(0);
-      }
-
-      if (process.argv.includes('restart')) {
-        shellExec(`sudo snap restart maas.pebble`);
-        let secs = 0;
-        while (
-          !(
-            shellExec(`maas status`, { silent: true, disableLog: true, stdout: true })
-              .split(' ')
-              .filter((l) => l.match('inactive')).length === 1
-          )
-        ) {
-          await timer(1000);
-          console.log(`Waiting... (${++secs}s)`);
-        }
-        process.exit(0);
-      }
 
       // shellExec(`MAAS_ADMIN_USERNAME=${process.env.MAAS_ADMIN_USERNAME}`);
       // shellExec(`MAAS_ADMIN_EMAIL=${process.env.MAAS_ADMIN_EMAIL}`);
       // shellExec(`maas createadmin --username $MAAS_ADMIN_USERNAME --email $MAAS_ADMIN_EMAIL`);
+      // shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} boot-sources read`);
+      // shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} commissioning-scripts read`);
+      // shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} boot-source-selections read 60`);
 
       // MaaS admin CLI:
       // maas login <maas-admin-username> http://localhost:5240/MAAS
@@ -2022,15 +2137,16 @@ EOF`);
           ];
           const cmd = [
             `console=serial0,115200`,
+            // `console=ttyAMA0,115200`,
             `console=tty1`,
             // `initrd=-1`,
             // `net.ifnames=0`,
             // `dwc_otg.lpm_enable=0`,
             // `elevator=deadline`,
             `root=/dev/nfs`,
-            `nfsroot=${serverip}:${process.env.NFS_EXPORT_PATH}/rpi4mb,${mountOptions}`,
-            // `nfsroot=${serverip}:${process.env.NFS_EXPORT_PATH}/rpi4mb`,
-            `ip=${ipaddr}:${serverip}:${gatewayip}:${netmask}:${nfsHost}:${interfaceName}:static`,
+            `nfsroot=${controlServerIp}:${process.env.NFS_EXPORT_PATH}/rpi4mb,${mountOptions}`,
+            // `nfsroot=${controlServerIp}:${process.env.NFS_EXPORT_PATH}/rpi4mb`,
+            `ip=${commissioningDeviceIp}:${controlServerIp}:${gatewayip}:${netmask}:${nfsHost}:${interfaceName}:static`,
             `rootfstype=nfs`,
             `rw`,
             `rootwait`,
@@ -2045,6 +2161,12 @@ EOF`);
             // 'ip=dfcp',
             // 'autoinstall',
             // 'rd.break',
+
+            // Disable services that not apply over nfs
+            `systemd.mask=systemd-network-generator.service`,
+            `systemd.mask=systemd-networkd.service`,
+            `systemd.mask=systemd-fsck-root.service`,
+            `systemd.mask=systemd-udev-trigger.service`,
           ];
 
           // TODO: use autoinstall cloud-config-url=http://<MAAS_IP>:5240/MAAS/metadata/latest
@@ -2083,30 +2205,58 @@ EOF`);
 
           nfsConnectStr = cmd.join(' ');
           bootConf = `[all]
-MAC_ADDRESS=00:00:00:00:00:00
-MAC_ADDRESS_OTP=0,1
 BOOT_UART=0
 WAKE_ON_GPIO=1
 POWER_OFF_ON_HALT=0
 ENABLE_SELF_UPDATE=1
 DISABLE_HDMI=0
-TFTP_IP=${serverip}
-TFTP_PREFIX=1
-TFTP_PREFIX_STR=${tftpSubDir.slice(1)}/
 NET_INSTALL_ENABLED=1
 DHCP_TIMEOUT=45000
 DHCP_REQ_TIMEOUT=4000
 TFTP_FILE_TIMEOUT=30000
-BOOT_ORDER=0x21`;
-          // CLIENT_IP=${ipaddr}
-          // SUBNET=255.255.255.0
+BOOT_ORDER=0x21
+
+# ─────────────────────────────────────────────────────────────
+# TFTP configuration
+# ─────────────────────────────────────────────────────────────
+
+# Custom TFTP prefix string (e.g., based on MAC address, no colons)
+#TFTP_PREFIX_STR=AA-BB-CC-DD-EE-FF/
+
+# Optional PXE Option43 override (leave commented if unused)
+#PXE_OPTION43="Raspberry Pi Boot"
+
+# DHCP client GUID (Option 97); 0x34695052 is the FourCC for Raspberry Pi 4
+#DHCP_OPTION97=0x34695052
+
+TFTP_IP=${controlServerIp}
+TFTP_PREFIX=1
+TFTP_PREFIX_STR=${tftpSubDir.slice(1)}/
+
+# ─────────────────────────────────────────────────────────────
+# Manually override Ethernet MAC address
+# ─────────────────────────────────────────────────────────────
+
+MAC_ADDRESS=${process.env.RPI4_MAC_ADDRESS}
+
+# OTP MAC address override
+#MAC_ADDRESS_OTP=0,1
+
+# ─────────────────────────────────────────────────────────────
+# Static IP configuration (bypasses DHCP completely)
+# ─────────────────────────────────────────────────────────────
+CLIENT_IP=${commissioningDeviceIp}
+SUBNET=255.255.255.0
+GATEWAY=192.168.1.1
+
+`;
           break;
 
         default:
           break;
       }
-      shellExec(`sudo chmod 755 ${process.env.NFS_EXPORT_PATH}/${nfsHost}`);
 
+      shellExec(`sudo chmod 755 ${process.env.NFS_EXPORT_PATH}/${nfsHost}`);
       shellExec(`sudo rm -rf ${tftpRoot}${tftpSubDir}`);
       shellExec(`sudo cp -a ${firmwarePath} ${tftpRoot}${tftpSubDir}`);
       shellExec(`mkdir -p ${tftpRoot}${tftpSubDir}/pxe`);
@@ -2142,7 +2292,7 @@ BOOT_ORDER=0x21`;
     set default=0
     
     menuentry '${menuentryStr}' {
-      set root=(tftp,${serverip}) 
+      set root=(tftp,${controlServerIp})
       linux ${tftpSubDir}/pxe/vmlinuz-efi ${nfsConnectStr}
       initrd ${tftpSubDir}/pxe/initrd.img
       boot
@@ -2173,19 +2323,12 @@ BOOT_ORDER=0x21`;
         nfsServerRootPath,
         nfsConnectStr,
       });
-      if (process.argv.includes('restart')) {
-        if (fs.existsSync(`node engine-private/r.js`)) shellExec(`node engine-private/r`);
-        shellExec(`node bin/deploy maas dhcp`);
-        shellExec(`sudo chown -R root:root ${tftpRoot}`);
-        shellExec(`sudo sudo chmod 755 ${tftpRoot}`);
-      }
-      // for (const machine of machines) {
-      //   // shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} machine delete ${machine.system_id}`);
-      //   shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} machine commission ${machine.system_id}`, {
-      //     silent: true,
-      //   });
-      // }
-      // machines = [];
+      shellExec(`sudo chown -R root:root ${tftpRoot}`);
+      shellExec(`sudo sudo chmod 755 ${tftpRoot}`);
+
+      logger.info('Waiting for MAC assignment...');
+      fs.removeSync(`${nfsServerRootPath}/underpost/mac`);
+      await macMonitor(nfsServerRootPath);
 
       const monitor = async () => {
         // discoveries         Query observed discoveries.
@@ -2196,8 +2339,6 @@ BOOT_ORDER=0x21`;
             silent: true,
             stdout: true,
           }),
-        ).filter(
-          (o) => o.ip !== IP_ADDRESS && o.ip !== gatewayip && !machines.find((_o) => _o.mac_address === o.mac_address),
         );
 
         //   {
@@ -2218,12 +2359,14 @@ BOOT_ORDER=0x21`;
         //     "resource_uri": "/MAAS/api/2.0/discovery/MTkyLjE2OC4xLjE4OSwwMDowMDowMDowMDowMDowMA==/"
         // },
 
+        console.log(discoveries.map((d) => d.ip).join(' | '));
+
         for (const discovery of discoveries) {
           const machine = {
             architecture: architecture.match('amd') ? 'amd64/generic' : 'arm64/generic',
             mac_address: discovery.mac_address,
             hostname: discovery.hostname ?? discovery.mac_organization ?? discovery.domain ?? `generic-host-${s4()}`,
-            // discovery.ip.match(ipaddr)
+            // discovery.ip.match(commissioningDeviceIp)
             //   ? nfsHost
             //   : `unknown-${s4()}`,
             // description: '',
@@ -2231,11 +2374,14 @@ BOOT_ORDER=0x21`;
             power_type: 'manual', // manual
             // power_parameters_power_address: discovery.ip,
             mac_addresses: discovery.mac_address,
+            ip: discovery.ip,
           };
           machine.hostname = machine.hostname.replaceAll(' ', '').replaceAll('.', '');
 
-          if (machine.hostname.match('generic-host'))
+          if (machine.mac_addresses === commissioningMac)
             try {
+              machine.hostname = nfsHost;
+              machine.mac_address = commissioningMac;
               let newMachine = shellExec(
                 `maas ${process.env.MAAS_ADMIN_USERNAME} machines create ${Object.keys(machine)
                   .map((k) => `${k}="${machine[k]}"`)
@@ -2245,31 +2391,27 @@ BOOT_ORDER=0x21`;
                   stdout: true,
                 },
               );
-              newMachine = machineFactory(JSON.parse(newMachine));
+              newMachine = { discovery, machine: JSON.parse(newMachine) };
               machines.push(newMachine);
               console.log(newMachine);
               // commissioning_scripts=90-verify-user.sh
               shellExec(
-                `maas ${process.env.MAAS_ADMIN_USERNAME} machine commission ${newMachine.system_id} enable_ssh=1 skip_bmc_config=1 skip_networking=1 skip_storage=1`,
+                `maas ${process.env.MAAS_ADMIN_USERNAME} machine commission ${newMachine.machine.boot_interface.system_id} enable_ssh=1 skip_bmc_config=1 skip_networking=1 skip_storage=1`,
                 {
                   silent: true,
                 },
               );
             } catch (error) {
               logger.error(error, error.stack);
+            } finally {
+              process.exit(0);
             }
         }
-        // if (discoveries.length > 0) {
-        //   shellExec(
-        //     `maas ${process.env.MAAS_ADMIN_USERNAME} machines read | jq '.[] | {system_id: .interface_set[0].system_id, hostname, status_name, mac_address: .interface_set[0].mac_address}'`,
-        //   );
-        // }
         await timer(1000);
         monitor();
       };
-      // shellExec(`node bin/deploy open-virtual-root ${architecture.match('amd') ? 'amd64' : 'arm64'} ${nfsHost}`);
-      machines = [];
-      shellExec(`node bin/deploy maas clear`);
+      // clearDiscoveries();
+      removeMachines();
       monitor();
       break;
     }
@@ -2351,18 +2493,18 @@ udp-port = 32766
     }
     case 'update-virtual-root': {
       dotenv.config({ path: `${getUnderpostRootPath()}/.env`, override: true });
-      const IP_ADDRESS = getLocalIPv4Address();
+      const controlServerIp = getLocalIPv4Address();
       const architecture = process.argv[3];
       const host = process.argv[4];
       const nfsHostPath = `${process.env.NFS_EXPORT_PATH}/${host}`;
-      const ipaddr = process.env.RPI4_IP;
+      const commissioningDeviceIp = process.env.RPI4_IP;
       const gatewayip = process.env.GATEWAY_IP;
       await updateVirtualRoot({
-        IP_ADDRESS,
+        controlServerIp,
         architecture,
         host,
         nfsHostPath,
-        ipaddr,
+        commissioningDeviceIp,
         update: true,
         gatewayip,
       });
@@ -2370,7 +2512,7 @@ udp-port = 32766
     }
     case 'open-virtual-root': {
       dotenv.config({ path: `${getUnderpostRootPath()}/.env`, override: true });
-      const IP_ADDRESS = getLocalIPv4Address();
+      const controlServerIp = getLocalIPv4Address();
       const architecture = process.argv[3];
       const host = process.argv[4];
       const nfsHostPath = `${process.env.NFS_EXPORT_PATH}/${host}`;
@@ -2392,7 +2534,6 @@ udp-port = 32766
       shellExec(`sudo mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc`);
 
       if (process.argv.includes('build')) {
-        // shellExec(`depmod -a`);
         shellExec(`mkdir -p ${nfsHostPath}`);
         let cmd;
         switch (host) {
@@ -2445,14 +2586,14 @@ EOF`);
       if (process.argv.includes('build')) {
         switch (host) {
           case 'rpi4mb':
-            const ipaddr = process.env.RPI4_IP;
+            const commissioningDeviceIp = process.env.RPI4_IP;
 
             await updateVirtualRoot({
-              IP_ADDRESS,
+              controlServerIp,
               architecture,
               host,
               nfsHostPath,
-              ipaddr,
+              commissioningDeviceIp,
               gatewayip,
             });
 
@@ -2503,10 +2644,10 @@ EOF`);
 
     case 'create-ports': {
       const cmd = [];
-      const ipaddr = getLocalIPv4Address();
+      const commissioningDeviceIp = getLocalIPv4Address();
       for (const port of ['5240']) {
         const name = 'maas';
-        cmd.push(`${name}:${port}-${port}:${ipaddr}`);
+        cmd.push(`${name}:${port}-${port}:${commissioningDeviceIp}`);
       }
       pbcopy(`node engine-private/r create-port ${cmd}`);
       break;

package/cli.md

@@ -1,4 +1,4 @@
-## underpost ci/cd cli v2.8.816
+## underpost ci/cd cli v2.8.818
 
 ### Usage: `underpost [options] [command]`
   ```

package/docker-compose.yml

@@ -58,7 +58,7 @@ services:
           cpus: '0.25'
           memory: 20M
     labels: # labels in Compose file instead of Dockerfile
-      engine.version: '2.8.816'
+      engine.version: '2.8.818'
     networks:
       - load-balancer
 

package/manifests/deployment/dd-template-development/deployment.yaml

@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: dd-template-development-blue
-          image: localhost/rockylinux9-underpost:v2.8.816
+          image: localhost/rockylinux9-underpost:v2.8.818
           #          resources:
           #            requests:
           #              memory: "124Ki"
@@ -100,7 +100,7 @@ spec:
     spec:
       containers:
         - name: dd-template-development-green
-          image: localhost/rockylinux9-underpost:v2.8.816
+          image: localhost/rockylinux9-underpost:v2.8.818
           #          resources:
           #            requests:
           #              memory: "124Ki"

package/manifests/maas/device-scan.sh

@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+
+for iface_path in /sys/class/net/*; do
+  name=$(basename "$iface_path")
+  mac=$(< "$iface_path/address")
+  ip=$(ip -4 addr show dev "$name" \
+       | grep -oP '(?<=inet\s)\d+(\.\d+){3}' || echo "—")
+  operstate=$(< "$iface_path/operstate")
+  mtu=$(< "$iface_path/mtu")
+
+  # Driver: módulo kernel que maneja esta interfaz
+  if [ -L "$iface_path/device/driver" ]; then
+    driver=$(basename "$(readlink -f "$iface_path/device/driver")")
+  else
+    driver="—"
+  fi
+
+  # Vendor:Device ID PCI
+  pci_dev="$iface_path/device"
+  if [ -f "$pci_dev/vendor" ] && [ -f "$pci_dev/device" ]; then
+    vendor_id=$(< "$pci_dev/vendor")
+    device_id=$(< "$pci_dev/device")
+    # pasamos de 0x8086 a 8086, etc.
+    vendor_id=${vendor_id#0x}
+    device_id=${device_id#0x}
+    pci="${vendor_id}:${device_id}"
+  else
+    pci="—"
+  fi
+
+  # Link Speed: lectura directa de /sys/class/net/<iface>/speed
+  speed=$(cat "$iface_path/speed" 2>/dev/null || echo "—")
+
+  echo "Interface: $name"
+  echo "  MAC:          $mac"
+  echo "  IPv4:         $ip"
+  echo "  Estado:       $operstate"
+  echo "  MTU:          $mtu"
+  echo "  Driver:       $driver"
+  echo "  PCI Vendor:Device ID: $pci"
+  echo "  Link Speed:   ${speed}Mb/s"
+  echo
+done

package/manifests/maas/maas-setup.sh

@@ -9,25 +9,6 @@ sudo snap install maas
 INTERFACE=$(ip route | grep default | awk '{print $5}')
 IP_ADDRESS=$(ip -4 addr show dev "$INTERFACE" | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
 
-# Disable firewalld
-sudo systemctl disable --now iptables
-sudo systemctl disable --now ufw
-sudo systemctl disable --now firewalld
-
-# Enable IP forwarding and configure NAT
-echo "net.ipv4.ip_forward = 1" | sudo tee -a /etc/sysctl.conf
-echo "net.ipv6.conf.all.forwarding = 1" | sudo tee -a /etc/sysctl.conf
-sudo sysctl -p
-
-# Accept all traffic
-sudo iptables -P INPUT ACCEPT
-sudo iptables -P FORWARD ACCEPT
-sudo iptables -P OUTPUT ACCEPT
-
-# List iptables rules
-sudo iptables -L -n
-sysctl net.ipv4.ip_forward
-
 cd /home/dd/engine
 
 # Load secrets

package/manifests/maas/nat-iptables.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+set -euo pipefail
+
+# Disable firewalld
+sudo systemctl disable --now iptables
+sudo systemctl disable --now ufw
+sudo systemctl disable --now firewalld
+
+# Enable IP forwarding and configure NAT
+echo "net.ipv4.ip_forward = 1" | sudo tee -a /etc/sysctl.conf
+echo "net.ipv6.conf.all.forwarding = 1" | sudo tee -a /etc/sysctl.conf
+sudo sysctl -p
+
+# Accept all traffic
+sudo iptables -P INPUT ACCEPT
+sudo iptables -P FORWARD ACCEPT
+sudo iptables -P OUTPUT ACCEPT
+
+# List iptables rules
+sudo iptables -L -n
+sysctl net.ipv4.ip_forward

package/package.json

@@ -2,7 +2,7 @@
     "type": "module",
     "main": "src/index.js",
     "name": "underpost",
-    "version": "2.8.816",
+    "version": "2.8.818",
     "description": "pwa api rest template",
     "scripts": {
         "start": "env-cmd -f .env.production node --max-old-space-size=8192 src/server",

package/src/cli/baremetal.js

@@ -66,6 +66,7 @@ maas login "$MAAS_ADMIN_USERNAME" "http://localhost:5240/MAAS/" "$APIKEY"`);
       if (options.controlServerInstall === true) {
         shellExec(`chmod +x ${underpostRoot}/manifests/maas/maas-setup.sh`);
         shellExec(`${underpostRoot}/manifests/maas/maas-setup.sh`);
+        shellExec(`${underpostRoot}/manifests/maas/nat-iptables.sh`);
       }
       if (options.controlServerInit === true) {
         shellExec(`node ${underpostRoot}/bin/deploy maas reset`);

package/src/index.js

@@ -32,7 +32,7 @@ class Underpost {
    * @type {String}
    * @memberof Underpost
    */
-  static version = 'v2.8.816';
+  static version = 'v2.8.818';
   /**
    * Repository cli API
    * @static