npm - underpost - Versions diffs - 2.8.818 → 2.8.821 - Mend

underpost 2.8.818 → 2.8.821

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/README.md +2 -2
package/bin/deploy.js +0 -1320
package/cli.md +24 -16
package/docker-compose.yml +1 -1
package/manifests/deployment/dd-template-development/deployment.yaml +2 -2
package/manifests/maas/device-scan.sh +1 -1
package/manifests/maas/maas-setup.sh +81 -7
package/manifests/maas/nat-iptables.sh +10 -5
package/package.json +1 -1
package/src/cli/baremetal.js +1233 -47
package/src/cli/cloud-init.js +537 -0
package/src/cli/index.js +15 -10
package/src/index.js +26 -16
package/src/server/runtime.js +0 -5
package/src/server/ssl.js +1 -12

package/bin/deploy.js CHANGED Viewed

@@ -51,585 +51,6 @@ logger.info('argv', process.argv);
 const [exe, dir, operator] = process.argv;
-const chronyConfPath = `/etc/chrony/chrony.conf`;
-const timezone = 'America/New_York';
-const timeZoneSteps = [
-  `export DEBIAN_FRONTEND=noninteractive`,
-  `ln -fs /usr/share/zoneinfo/${timezone} /etc/localtime`,
-  `sudo dpkg-reconfigure --frontend noninteractive tzdata`,
-];
-const keyboardSteps = [
-  `sudo locale-gen en_US.UTF-8`,
-  `sudo update-locale LANG=en_US.UTF-8`,
-  `sudo sed -i 's/XKBLAYOUT="us"/XKBLAYOUT="es"/' /etc/default/keyboard`,
-  `sudo dpkg-reconfigure --frontend noninteractive keyboard-configuration`,
-  `sudo systemctl restart keyboard-setup.service`,
-];
-const kernelLibVersion = `6.8.0-41-generic`;
-const installSteps = [
-  `cat <<EOF | tee /etc/apt/sources.list
-deb http://ports.ubuntu.com/ubuntu-ports noble main restricted universe multiverse
-deb http://ports.ubuntu.com/ubuntu-ports noble-updates main restricted universe multiverse
-deb http://ports.ubuntu.com/ubuntu-ports noble-security main restricted universe multiverse
-EOF`,
-  `apt update -qq`,
-  `apt -y full-upgrade`,
-  `apt install -y build-essential xinput x11-xkb-utils usbutils`,
-  'apt install -y linux-image-generic',
-  `apt install -y linux-modules-${kernelLibVersion} linux-modules-extra-${kernelLibVersion}`,
-  `depmod -a ${kernelLibVersion}`,
-  // `apt install -y cloud-init=25.1.2-0ubuntu0~24.04.1`,
-  `apt install -y cloud-init systemd-sysv openssh-server sudo locales udev util-linux systemd-sysv iproute2 netplan.io ca-certificates curl wget chrony`,
-  `ln -sf /lib/systemd/systemd /sbin/init`,
-  `apt-get update`,
-  `DEBIAN_FRONTEND=noninteractive apt-get install -y apt-utils`,
-  `DEBIAN_FRONTEND=noninteractive apt-get install -y tzdata kmod keyboard-configuration console-setup iputils-ping`,
-];
-const bootCmdSteps = [
-  `/underpost/dns.sh`,
-  `/underpost/host.sh`,
-  // `/underpost/date.sh`,
-  `/underpost/keys_import.sh`,
-  `/underpost/mac.sh`,
-  `cat /underpost/mac`,
-];
-const cloudInitReset = `sudo cloud-init clean --logs --seed --configs all --machine-id
-sudo rm -rf /var/lib/cloud/*`;
-const cloudConfigCmdRunFactory = (steps = []) =>
-  steps
-    .map(
-      (step, i, a) =>
-        '  - echo "\\$(date) | ' + (i + 1) + '/' + a.length + ' - ' + step.split('\n')[0] + '"' + `\n` + `  - ${step}`,
-    )
-    .join('\n');
-const cloudConfigFactory = (
-  { controlServerIp, architecture, host, nfsHostPath, commissioningDeviceIp, update, gatewayip, auth },
-  { consumer_key, consumer_secret, token_key, token_secret },
-  path = '/etc/cloud/cloud.cfg.d/90_maas.cfg',
-) => [
-  // Configure cloud-init for MAAS
-  `cat <<EOF_MAAS_CFG > ${path}
-#cloud-config
-hostname: ${host}
-# fqdn: server01.midominio.cl
-# prefer_fqdn_over_hostname: true
-# metadata_url: http://${controlServerIp}:5240/MAAS/metadata
-# metadata_url: http://${controlServerIp}:5248/MAAS/metadata
-# Check:
-# /MAAS/metadata/latest/enlist-preseed/?op=get_enlist_preseed
-# Debug:
-# https://maas.io/docs/how-to-use-logging
-datasource_list: [ MAAS ]
-datasource:
-  MAAS:
-    metadata_url: http://${controlServerIp}:5240/MAAS/metadata/
-    ${
-      !auth
-        ? ''
-        : `consumer_key: ${consumer_key}
-    consumer_secret: ${consumer_secret}
-    token_key: ${token_key}
-    token_secret: ${token_secret}`
-    }
-users:
-- name: ${process.env.MAAS_ADMIN_USERNAME}
-  sudo: ['ALL=(ALL) NOPASSWD:ALL']
-  shell: /bin/bash
-  lock_passwd: false
-  groups: sudo,users,admin,wheel,lxd
-  plain_text_passwd: '${process.env.MAAS_ADMIN_USERNAME}'
-  ssh_authorized_keys:
-    - ${fs.readFileSync(`/home/dd/engine/engine-private/deploy/id_rsa.pub`, 'utf8')}
-# manage_resolv_conf: true
-# resolv_conf:
-#   nameservers: [8.8.8.8]
-# keyboard:
-#   layout: es
-# check timedatectl on host
-# timezone: America/Santiago
-timezone: ${timezone}
-ntp:
-  enabled: true
-  servers:
-    - ${process.env.MAAS_NTP_SERVER}
-  ntp_client: chrony
-  config:
-    confpath: ${chronyConfPath}
-# ssh:
-#   allow-pw: false
-#   install-server: true
-# ssh_pwauth: false
-package_update: true
-package_upgrade: true
-packages:
-  - git
-  - htop
-  - snapd
-  - chrony
-resize_rootfs: false
-growpart:
-  mode: false
-network:
-  version: 2
-  ethernets:
-    ${process.env.RPI4_INTERFACE_NAME}:
-      match:
-        macaddress: "${process.env.RPI4_MAC_ADDRESS}"
-      mtu: 1500
-      set-name: ${process.env.RPI4_INTERFACE_NAME}
-      dhcp4: false
-      addresses:
-        - ${commissioningDeviceIp}/24
-      gateway4: ${gatewayip}
-      nameservers:
-        addresses:
-          - ${process.env.MAAS_DNS}
-final_message: "====== Cloud init finished ======"
-# power_state:
-#   mode: reboot
-#   message: Rebooting after initial setup
-#   timeout: 30
-#   condition: True
-bootcmd:
-  - echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
-  - echo "Init bootcmd"
-  - echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
-${cloudConfigCmdRunFactory(bootCmdSteps)}
-runcmd:
-  - echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
-  - echo "Init runcmd"
-  - echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
-# If this is set, 'root' will not be able to ssh in and they
-# will get a message to login instead as the default $user
-disable_root: true
-# This will cause the set+update hostname module to not operate (if true)
-preserve_hostname: false
-# The modules that run in the 'init' stage
-cloud_init_modules:
-  - migrator
-  - bootcmd
-  - write-files
-  - growpart
-  - resizefs
-  - set_hostname
-  - update_etc_hosts
-  - rsyslog
-  - users-groups
-  - ssh
-cloud_config_modules:
-  - mounts
-  - locale
-  - set-passwords
-  - package-update-upgrade-install
-  - timezone
-  - runcmd
-  - ssh-import-id
-  - ntp
-cloud_final_modules:
-  - rightscale_userdata
-  - scripts-per-once
-  - scripts-per-boot
-  - scripts-per-instance
-  - scripts-user
-  - ssh-authkey-fingerprints
-  - keys-to-console
-  - phone-home
-  - final-message
-EOF_MAAS_CFG`,
-];
-const runSteps = (nfsHostPath, steps = []) => {
-  const script = steps
-    .map(
-      (s, i) => `echo "step ${i + 1}/${steps.length}: ${s.split('\n')[0]}"
-${s}`,
-    )
-    .join('\n');
-  const cmd = `sudo chroot ${nfsHostPath} /usr/bin/qemu-aarch64-static /bin/bash <<'EOF_OUTER'
-${script}
-EOF_OUTER`;
-  shellExec(cmd);
-};
-const chronySetUp = (path, alias = 'chrony') => {
-  // use alias = 'chronyd' for RHEL
-  // use alias = 'chrony' for Ubuntu
-  return [
-    `echo '
-# Use public servers from the pool.ntp.org project.
-# Please consider joining the pool (http://www.pool.ntp.org/join.html).
-# pool 2.pool.ntp.org iburst
-server ${process.env.MAAS_NTP_SERVER} iburst
-# Record the rate at which the system clock gains/losses time.
-driftfile /var/lib/chrony/drift
-# Allow the system clock to be stepped in the first three updates
-# if its offset is larger than 1 second.
-makestep 1.0 3
-# Enable kernel synchronization of the real-time clock (RTC).
-rtcsync
-# Enable hardware timestamping on all interfaces that support it.
-#hwtimestamp *
-# Increase the minimum number of selectable sources required to adjust
-# the system clock.
-#minsources 2
-# Allow NTP client access from local network.
-#allow 192.168.0.0/16
-# Serve time even if not synchronized to a time source.
-#local stratum 10
-# Specify file containing keys for NTP authentication.
-keyfile /etc/chrony.keys
-# Get TAI-UTC offset and leap seconds from the system tz database.
-leapsectz right/UTC
-# Specify directory for log files.
-logdir /var/log/chrony
-# Select which information is logged.
-#log measurements statistics tracking
-' > ${path} `,
-    `systemctl stop ${alias}`,
-    `${alias}d -q 'server ntp.ubuntu.com iburst'`,
-    // `chronyd -q 'server 0.europe.pool.ntp.org iburst'`,
-    `sudo systemctl enable --now ${alias}`,
-    `sudo systemctl restart ${alias}`,
-    `sudo systemctl status ${alias}`,
-    `chronyc sources`,
-    `chronyc tracking`,
-    `chronyc sourcestats -v`,
-    `timedatectl status`,
-  ];
-};
-const installUbuntuUnderpostTools = ({ nfsHostPath, host }) => {
-  fs.mkdirSync(`${nfsHostPath}/underpost`, { recursive: true });
-  logger.info('Build', `${nfsHostPath}/underpost/date.sh`);
-  fs.writeFileSync(
-    `${nfsHostPath}/underpost/date.sh`,
-    `${timeZoneSteps.join('\n')}
-${chronySetUp(chronyConfPath).join('\n')}
-`,
-    'utf8',
-  );
-  logger.info('Build', `${nfsHostPath}/underpost/host.sh`);
-  fs.writeFileSync(
-    `${nfsHostPath}/underpost/host.sh`,
-    `echo -e "127.0.0.1   localhost\n127.0.1.1   ${host}" | tee -a /etc/hosts`,
-    'utf8',
-  );
-  logger.info('Build', `${nfsHostPath}/underpost/keys_current.sh`);
-  fs.writeFileSync(
-    `${nfsHostPath}/underpost/keys_current.sh`,
-    `cat /etc/cloud/cloud.cfg.d/90_maas.cfg | grep -C 5 'metadata'`,
-    'utf8',
-  );
-  logger.info('Build', `${nfsHostPath}/underpost/keys_remove.sh`);
-  fs.writeFileSync(
-    `${nfsHostPath}/underpost/keys_remove.sh`,
-    `cp -a /underpost/90_maas_no_keys.cfg /etc/cloud/cloud.cfg.d/90_maas.cfg
-/underpost/keys_current.sh`,
-    'utf8',
-  );
-  logger.info('Build', `${nfsHostPath}/underpost/keys_import.sh`);
-  fs.writeFileSync(
-    `${nfsHostPath}/underpost/keys_import.sh`,
-    `cp -a /underpost/90_maas_keys.cfg /etc/cloud/cloud.cfg.d/90_maas.cfg
-/underpost/keys_current.sh`,
-    'utf8',
-  );
-  logger.info('Build', `${nfsHostPath}/underpost/keyboard.sh`);
-  fs.writeFileSync(
-    `${nfsHostPath}/underpost/keyboard.sh`,
-    `${keyboardSteps.join('\n')}
-`,
-    'utf8',
-  );
-  logger.info('Build', `${nfsHostPath}/underpost/dns.sh`);
-  // echo "nameserver ${process.env.MAAS_DNS}" | tee /etc/resolv.conf > /dev/null
-  fs.writeFileSync(
-    `${nfsHostPath}/underpost/dns.sh`,
-    `rm /etc/resolv.conf
-echo 'nameserver 8.8.8.8' > /run/systemd/resolve/stub-resolv.conf
-ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf`,
-    'utf8',
-  );
-  logger.info('Build', `${nfsHostPath}/underpost/start.sh`);
-  fs.writeFileSync(
-    `${nfsHostPath}/underpost/start.sh`,
-    `#!/bin/bash
-set -x
-sudo cloud-init --all-stages
-    `,
-    'utf8',
-  );
-  logger.info('Build', `${nfsHostPath}/underpost/reset.sh`);
-  fs.writeFileSync(
-    `${nfsHostPath}/underpost/reset.sh`,
-    `${cloudInitReset}
-${bootCmdSteps.join('\n')}`,
-    'utf8',
-  );
-  logger.info('Build', `${nfsHostPath}/underpost/help.sh`);
-  fs.writeFileSync(
-    `${nfsHostPath}/underpost/help.sh`,
-    `echo "=== Cloud init utils ==="
-echo "sudo cloud-init --all-stages"
-echo "sudo cloud-init clean --logs --seed --configs all --machine-id --reboot"
-echo "sudo cloud-init init --local"
-echo "sudo cloud-init init"
-echo "sudo cloud-init modules --mode=config"
-echo "sudo cloud-init modules --mode=final"`,
-    'utf8',
-  );
-  logger.info('Build', `${nfsHostPath}/underpost/test.sh`);
-  fs.writeFileSync(
-    `${nfsHostPath}/underpost/test.sh`,
-    `echo -e "\n=== Current date/time ==="
-date '+%Y-%m-%d %H:%M:%S'
-echo -e "\n=== Keyboard layout ==="
-cat /etc/default/keyboard
-echo -e "\n=== Registered users ==="
-cut -d: -f1 /etc/passwd
-    `,
-    'utf8',
-  );
-  logger.info('Build', `${nfsHostPath}/underpost/shutdown.sh`);
-  fs.writeFileSync(
-    `${nfsHostPath}/underpost/shutdown.sh`,
-    `cp -a /underpost/90_maas_no_keys.cfg /etc/cloud/cloud.cfg.d/90_maas.cfg
-sudo shutdown -h now`,
-    'utf8',
-  );
-  logger.info('Build', `${nfsHostPath}/underpost/mac.sh`);
-  fs.writeFileSync(
-    `${nfsHostPath}/underpost/mac.sh`,
-    `echo "$(cat /sys/class/net/${process.env.RPI4_INTERFACE_NAME}/address)" > /underpost/mac`,
-    'utf8',
-  );
-  logger.info('Build', `${nfsHostPath}/underpost/device_scan.sh`);
-  fs.copySync(`./manifests/maas/device-scan.sh`, `${nfsHostPath}/underpost/device_scan.sh`);
-  logger.info('Build', `${nfsHostPath}/underpost/config-path.sh`);
-  fs.writeFileSync(`${nfsHostPath}/underpost/config-path.sh`, `echo "/etc/cloud/cloud.cfg.d/90_maas.cfg"`, 'utf8');
-  shellExec(`sudo rm -rf ${nfsHostPath}/root/.ssh`);
-  shellExec(`sudo rm -rf ${nfsHostPath}/home/root/.ssh`);
-  fs.copySync(`/root/.ssh`, `${nfsHostPath}/root/.ssh`);
-  logger.info('Run', `${nfsHostPath}/underpost/test.sh`);
-  runSteps(nfsHostPath, [
-    `chmod +x /underpost/date.sh`,
-    `chmod +x /underpost/keyboard.sh`,
-    `chmod +x /underpost/dns.sh`,
-    `chmod +x /underpost/help.sh`,
-    `chmod +x /underpost/config-path.sh`,
-    `chmod +x /underpost/host.sh`,
-    `chmod +x /underpost/keys_current.sh`,
-    `chmod +x /underpost/keys_import.sh`,
-    `chmod +x /underpost/keys_remove.sh`,
-    `chmod +x /underpost/test.sh`,
-    `chmod +x /underpost/start.sh`,
-    `chmod +x /underpost/reset.sh`,
-    `chmod +x /underpost/shutdown.sh`,
-    `chmod +x /underpost/device_scan.sh`,
-    `chmod +x /underpost/mac.sh`,
-    chronySetUp(chronyConfPath)[0],
-    `sudo chmod 700 ~/.ssh/`,
-    `sudo chmod 600 ~/.ssh/authorized_keys`,
-    `sudo chmod 644 ~/.ssh/known_hosts`,
-    `sudo chmod 600 ~/.ssh/id_rsa`,
-    `sudo chmod 600 /etc/ssh/ssh_host_ed25519_key`,
-    `chown -R root:root ~/.ssh`,
-    `/underpost/test.sh`,
-  ]);
-};
-const updateVirtualRoot = async ({
-  controlServerIp,
-  architecture,
-  host,
-  nfsHostPath,
-  commissioningDeviceIp,
-  update,
-  gatewayip,
-}) => {
-  // <consumer_key>:<consumer_token>:<secret>
-  // <consumer_key>:<consumer_secret>:<token_key>:<token_secret>
-  // maas apikey --with-names --username ${process.env.MAAS_ADMIN_USERNAME}
-  // maas ${process.env.MAAS_ADMIN_USERNAME} account create-authorisation-token
-  // maas apikey --generate --username ${process.env.MAAS_ADMIN_USERNAME}
-  // https://github.com/CanonicalLtd/maas-docs/issues/647
-  const parts = shellExec(`maas apikey --with-names --username ${process.env.MAAS_ADMIN_USERNAME}`, {
-    stdout: true,
-  })
-    .trim()
-    .split(`\n`)[0]
-    .split(':');
-  let consumer_key, consumer_secret, token_key, token_secret;
-  if (parts.length === 4) {
-    [consumer_key, consumer_secret, token_key, token_secret] = parts;
-  } else if (parts.length === 3) {
-    [consumer_key, token_key, token_secret] = parts;
-    consumer_secret = '""';
-    token_secret = token_secret.split(' MAAS consumer')[0].trim();
-  } else {
-    throw new Error('Invalid token format');
-  }
-  logger.info('Maas api token generated', { consumer_key, consumer_secret, token_key, token_secret });
-  if (update) {
-    // --reboot
-    if (process.argv.includes('reset'))
-      shellExec(`sudo chroot ${nfsHostPath} /usr/bin/qemu-aarch64-static /bin/bash <<'EOF'
-${cloudInitReset}
-EOF`);
-    if (fs.existsSync(`${nfsHostPath}/var/log/`)) {
-      fs.writeFileSync(`${nfsHostPath}/var/log/cloud-init.log`, '', 'utf8');
-      fs.writeFileSync(`${nfsHostPath}/var/log/cloud-init-output.log`, '', 'utf8');
-    }
-  } else {
-    runSteps(nfsHostPath, installSteps);
-    runSteps(nfsHostPath, [
-      `useradd -m -s /bin/bash -G sudo root`,
-      `echo 'root:root' | chpasswd`,
-      `mkdir -p /home/root/.ssh`,
-      `echo '${fs.readFileSync(
-        `/home/dd/engine/engine-private/deploy/id_rsa.pub`,
-        'utf8',
-      )}' > /home/root/.ssh/authorized_keys`,
-      `chown -R root /home/root/.ssh`,
-      `chmod 700 /home/root/.ssh`,
-      `chmod 600 /home/root/.ssh/authorized_keys`,
-    ]);
-    runSteps(nfsHostPath, [
-      // `date -s "${shellExec(`date '+%Y-%m-%d %H:%M:%S'`, { stdout: true }).trim()}"`,
-      // `date`,
-      ...timeZoneSteps,
-      ...chronySetUp(chronyConfPath),
-      ...keyboardSteps,
-    ]);
-  }
-  runSteps(
-    nfsHostPath,
-    cloudConfigFactory(
-      {
-        auth: true,
-        controlServerIp,
-        architecture,
-        host,
-        nfsHostPath,
-        commissioningDeviceIp,
-        update,
-        gatewayip,
-      },
-      { consumer_key, consumer_secret, token_key, token_secret },
-      '/underpost/90_maas_keys.cfg',
-    ),
-  );
-  runSteps(
-    nfsHostPath,
-    cloudConfigFactory(
-      {
-        auth: false,
-        controlServerIp,
-        architecture,
-        host,
-        nfsHostPath,
-        commissioningDeviceIp,
-        update,
-        gatewayip,
-      },
-      { consumer_key, consumer_secret, token_key, token_secret },
-      '/underpost/90_maas_no_keys.cfg',
-    ),
-  );
-  if (process.argv.includes('auth')) {
-    shellExec(`cp ${nfsHostPath}/underpost/90_maas_keys.cfg ${nfsHostPath}/etc/cloud/cloud.cfg.d/90_maas.cfg`);
-  } else {
-    shellExec(`cp ${nfsHostPath}/underpost/90_maas_no_keys.cfg ${nfsHostPath}/etc/cloud/cloud.cfg.d/90_maas.cfg`);
-  }
-  installUbuntuUnderpostTools({ nfsHostPath, host });
-  shellExec(`./manifests/maas/nat-iptables.sh`, { silent: true });
-  shellExec(`cat ${nfsHostPath}/etc/cloud/cloud.cfg.d/90_maas.cfg`);
-};
 try {
   switch (operator) {
     case 'save':
@@ -1806,616 +1227,6 @@ EOF`);
       break;
     }
-    case 'maas': {
-      dotenv.config({ path: `/home/dd/engine/engine-private/conf/dd-cron/.env.production`, override: true });
-      const controlServerIp = getLocalIPv4Address();
-      const tftpRoot = process.argv.includes('v3.0')
-        ? `/var/snap/maas/common/maas/boot-resources/snapshot-20250720-162718`
-        : process.env.TFTP_ROOT;
-      const commissioningDeviceIp = process.env.RPI4_IP;
-      const netmask = process.env.NETMASK;
-      const gatewayip = process.env.GATEWAY_IP;
-      let commissioningMac = '00:00:00:00:00:00';
-      const removeMachines = () => {
-        for (const machine of machines) {
-          shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} machine delete ${machine.system_id}`);
-        }
-        machines = [];
-      };
-      const clearDiscoveries = () => {
-        shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} discoveries clear all=true`);
-        if (process.argv.includes('force')) {
-          shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} discoveries scan force=true`);
-        }
-      };
-      const macMonitor = async (nfsServerRootPath) => {
-        if (fs.existsSync(`${nfsServerRootPath}/underpost/mac`)) {
-          commissioningMac = fs.readFileSync(`${nfsServerRootPath}/underpost/mac`, 'utf8').trim();
-          logger.info('Commissioning MAC', commissioningMac);
-          return;
-        }
-        await timer(1000);
-        await macMonitor(nfsServerRootPath);
-      };
-      let resources;
-      if (!process.argv.includes('machines'))
-        try {
-          resources = JSON.parse(
-            shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} boot-resources read`, {
-              silent: true,
-              stdout: true,
-            }),
-          ).map((o) => ({
-            id: o.id,
-            name: o.name,
-            architecture: o.architecture,
-          }));
-          if (process.argv.includes('images')) {
-            console.table(resources);
-            process.exit(0);
-          }
-        } catch (error) {
-          logger.error(error);
-        }
-      let machines;
-      try {
-        machines = JSON.parse(
-          shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} machines read`, {
-            stdout: true,
-            silent: true,
-          }),
-        ).map((m) => ({
-          system_id: m.interface_set[0].system_id,
-          mac_address: m.interface_set[0].mac_address,
-          hostname: m.hostname,
-          status_name: m.status_name,
-        }));
-        if (process.argv.includes('machines')) {
-          console.table(machines);
-          process.exit(0);
-        }
-      } catch (error) {
-        logger.error(error);
-      }
-      if (process.argv.includes('journald')) {
-        shellExec(`sudo sed -i 's/^#Storage=auto/Storage=volatile/' /etc/systemd/journald.conf`);
-        shellExec(`sudo systemctl daemon-reload`);
-        shellExec(`sudo systemctl restart systemd-journald`);
-        shellExec(`journalctl --disk-usage`);
-        process.exit(0);
-      }
-      if (process.argv.includes('db')) {
-        // DROP, ALTER, CREATE, WITH ENCRYPTED
-        // sudo -u <user> -h <host> psql <db-name>
-        shellExec(`DB_PG_MAAS_NAME=${process.env.DB_PG_MAAS_NAME}`);
-        shellExec(`DB_PG_MAAS_PASS=${process.env.DB_PG_MAAS_PASS}`);
-        shellExec(`DB_PG_MAAS_USER=${process.env.DB_PG_MAAS_USER}`);
-        shellExec(`DB_PG_MAAS_HOST=${process.env.DB_PG_MAAS_HOST}`);
-        shellExec(
-          `sudo -i -u postgres psql -c "CREATE USER \"$DB_PG_MAAS_USER\" WITH ENCRYPTED PASSWORD '$DB_PG_MAAS_PASS'"`,
-        );
-        shellExec(
-          `sudo -i -u postgres psql -c "ALTER USER \"$DB_PG_MAAS_USER\" WITH ENCRYPTED PASSWORD '$DB_PG_MAAS_PASS'"`,
-        );
-        const actions = ['LOGIN', 'SUPERUSER', 'INHERIT', 'CREATEDB', 'CREATEROLE', 'REPLICATION'];
-        shellExec(`sudo -i -u postgres psql -c "ALTER USER \"$DB_PG_MAAS_USER\" WITH ${actions.join(' ')}"`);
-        shellExec(`sudo -i -u postgres psql -c "\\du"`);
-        shellExec(`sudo -i -u postgres createdb -O "$DB_PG_MAAS_USER" "$DB_PG_MAAS_NAME"`);
-        shellExec(`sudo -i -u postgres psql -c "\\l"`);
-        process.exit(0);
-      }
-      // TODO: - Disable maas proxy (egress forwarding to public dns)
-      //       - Configure maas dhcp control server
-      //       - Configure maas dns forwarding ${process.env.MAAS_DNS}
-      //       - Disable DNSSEC validation to No (Disable DNSSEC; useful when upstream DNS is misconfigured)
-      if (process.argv.includes('clear')) {
-        removeMachines();
-        clearDiscoveries();
-        process.exit(0);
-      }
-      if (process.argv.includes('grub-arm64')) {
-        shellExec(`sudo dnf install grub2-efi-aa64-modules`);
-        shellExec(`sudo dnf install grub2-efi-x64-modules`);
-        // sudo grub2-mknetdir --net-directory=${tftpRoot} --subdir=/boot/grub --module-path=/usr/lib/grub/arm64-efi arm64-efi
-        process.exit(0);
-      }
-      if (process.argv.includes('psql')) {
-        const cmd = `psql -U ${process.env.DB_PG_MAAS_USER} -h ${process.env.DB_PG_MAAS_HOST} -W ${process.env.DB_PG_MAAS_NAME}`;
-        pbcopy(cmd);
-        process.exit(0);
-      }
-      if (process.argv.includes('logs')) {
-        shellExec(`maas status`);
-        const cmd = `journalctl -f -t dhcpd -u snap.maas.pebble.service`;
-        pbcopy(cmd);
-        process.exit(0);
-      }
-      // shellExec(`MAAS_ADMIN_USERNAME=${process.env.MAAS_ADMIN_USERNAME}`);
-      // shellExec(`MAAS_ADMIN_EMAIL=${process.env.MAAS_ADMIN_EMAIL}`);
-      // shellExec(`maas createadmin --username $MAAS_ADMIN_USERNAME --email $MAAS_ADMIN_EMAIL`);
-      // shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} boot-sources read`);
-      // shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} commissioning-scripts read`);
-      // shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} boot-source-selections read 60`);
-      // MaaS admin CLI:
-      // maas login <maas-admin-username> http://localhost:5240/MAAS
-      // paste GUI API KEY (profile section)
-      // Import custom image
-      // maas <maas-admin-username> boot-resources create name='custom/RockyLinuxRpi4' \
-      // title='RockyLinuxRpi4' \
-      // architecture='arm64/generic' \
-      // filetype='tgz' \
-      // content@=/home/RockyLinuxRpi_9-latest.tar.gz
-      // Image boot resource:
-      // /var/snap/maas/current/root/snap/maas
-      // /var/snap/maas/common/maas/tftp_root
-      // sudo chmod 755 /var/snap/maas/common/maas/tftp_root
-      // /var/snap/maas/common/maas/dhcpd.conf
-      // sudo snap restart maas.pebble
-      // PXE Linux files:
-      // /var/snap/maas/common/maas/image-storage/bootloaders/pxe/i386
-      // sudo nmcli con modify <interface-device-name-connection-id> ethtool.feature-rx on ethtool.feature-tx off
-      // sudo nmcli connection up <interface-device-name-connection-id>
-      // man nm-settings |grep feature-tx-checksum
-      // nmcli c modify <interface-device-name-connection-id> \
-      //  ethtool.feature-tx-checksum-fcoe-crc off \
-      //  ethtool.feature-tx-checksum-ip-generic off \
-      //  ethtool.feature-tx-checksum-ipv4 off \
-      //  ethtool.feature-tx-checksum-ipv6 off \
-      //  ethtool.feature-tx-checksum-sctp off
-      // Ensure Rocky NFS server and /etc/exports configured
-      // sudo systemctl restart nfs-server
-      // Check mounts: showmount -e <server-ip>
-      // Check nfs ports: rpcinfo -p
-      // sudo chown -R root:root ${process.env.NFS_EXPORT_PATH}/rpi4mb
-      // sudo chmod 755 ${process.env.NFS_EXPORT_PATH}/rpi4mb
-      // tftp server
-      // sudo chown -R root:root /var/snap/maas/common/maas/tftp_root/rpi4mb
-      // tftp client
-      // sudo dnf install tftp
-      // tftp <server-ip> -c get <path>
-      // Check firewall-cmd
-      // firewall-cmd --permanent --add-service=rpc-bind
-      // firewall-cmd --reload
-      // systemctl disable firewalld
-      // sudo firewall-cmd --permanent --add-port=10259/tcp --zone=public
-      // Image extension transform (.img.xz to .tar.gz):
-      // tar -cvzf image-name.tar.gz image-name.img.xz
-      // Rocky network configuration:
-      // /etc/NetworkManager/system-connections
-      // Rocky kernel params update
-      // sudo grubby --args="<key>=<value> <key>=<value>" --update-kernel=ALL
-      // sudo reboot now
-      // Temporal:
-      // sudo snap install temporal
-      // journalctl -u snap.maas.pebble -t maas-regiond
-      // journalctl -u snap.maas.pebble -t maas-temporal -n 100 --no-pager -f
-      // Remove:
-      // sudo dnf remove <package> -y; sudo dnf autoremove -y; sudo dnf clean packages
-      // check: ~
-      // check: ~./cache
-      // check: ~./config
-      // Check file logs
-      // grep -i -E -C 1 '<key-a>|<key-b>' /example.log | tail -n 600
-      // Back into your firmware setup (UEFI or BIOS config screen).
-      // grub> fwsetup
-      // Poweroff:
-      // grub > halt
-      // initramfs > poweroff
-      // Check interface
-      // ip link show
-      // nmcli con show
-      let firmwarePath,
-        tftpSubDir,
-        kernelFilesPaths,
-        name,
-        architecture,
-        resource,
-        nfsConnectStr,
-        etcExports,
-        nfsServerRootPath,
-        bootConf,
-        zipFirmwareFileName,
-        zipFirmwareName,
-        zipFirmwareUrl,
-        interfaceName,
-        nfsHost,
-        bootResourcesPath,
-        bootKernelPath;
-      switch (process.argv[3]) {
-        case 'rpi4mb':
-          tftpSubDir = '/rpi4mb';
-          zipFirmwareFileName = `RPi4_UEFI_Firmware_v1.41.zip`;
-          zipFirmwareName = zipFirmwareFileName.split('.zip')[0];
-          zipFirmwareUrl = `https://github.com/pftf/RPi4/releases/download/v1.41/RPi4_UEFI_Firmware_v1.41.zip`;
-          firmwarePath = `../${zipFirmwareName}`;
-          interfaceName = process.env.RPI4_INTERFACE_NAME;
-          nfsHost = 'rpi4mb';
-          if (!fs.existsSync(firmwarePath)) {
-            await Downloader(zipFirmwareUrl, `../${zipFirmwareFileName}`);
-            shellExec(`cd .. && mkdir ${zipFirmwareName} && cd ${zipFirmwareName} && unzip ../${zipFirmwareFileName}`);
-          }
-          resource = resources.find((o) => o.architecture === 'arm64/ga-24.04' && o.name === 'ubuntu/noble');
-          name = resource.name;
-          architecture = resource.architecture;
-          // resource = resources.find((o) => o.name === name && o.architecture === architecture);
-          nfsServerRootPath = `${process.env.NFS_EXPORT_PATH}/rpi4mb`;
-          // ,anonuid=1001,anongid=100
-          // etcExports = `${nfsServerRootPath} *(rw,all_squash,sync,no_root_squash,insecure)`;
-          etcExports = `${nfsServerRootPath} 192.168.1.0/24(${[
-            'rw',
-            // 'all_squash',
-            'sync',
-            'no_root_squash',
-            'no_subtree_check',
-            'insecure',
-          ]})`;
-          if (process.argv.includes('v3.0')) {
-            bootResourcesPath = `/var/snap/maas/common/maas/boot-resources/snapshot-20250720-162718`;
-            bootKernelPath = `/var/snap/maas/common/maas/boot-resources/snapshot-20250720-162718/ubuntu/arm64/hwe-24.04/noble/stable`;
-            kernelFilesPaths = {
-              'vmlinuz-efi': `${bootKernelPath}/boot-kernel`,
-              'initrd.img': `${bootKernelPath}/boot-initrd`,
-              squashfs: `${bootKernelPath}/squashfs`,
-            };
-          } else {
-            const resourceData = JSON.parse(
-              shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} boot-resource read ${resource.id}`, {
-                stdout: true,
-                silent: true,
-                disableLog: true,
-              }),
-            );
-            const bootFiles = resourceData.sets[Object.keys(resourceData.sets)[0]].files;
-            const suffix = architecture.match('xgene') ? '.xgene' : '';
-            bootResourcesPath = `/var/snap/maas/common/maas/image-storage/bootloaders/uefi/arm64`;
-            bootKernelPath = `/var/snap/maas/common/maas/image-storage`;
-            kernelFilesPaths = {
-              'vmlinuz-efi': `${bootKernelPath}/${bootFiles['boot-kernel' + suffix].filename_on_disk}`,
-              'initrd.img': `${bootKernelPath}/${bootFiles['boot-initrd' + suffix].filename_on_disk}`,
-              squashfs: `${bootKernelPath}/${bootFiles['squashfs'].filename_on_disk}`,
-            };
-          }
-          const protocol = 'tcp'; // v3 -> tcp, v4 -> udp
-          const mountOptions = [
-            protocol,
-            'vers=3',
-            'nfsvers=3',
-            'nolock',
-            // 'protocol=tcp',
-            // 'hard=true',
-            'port=2049',
-            // 'sec=none',
-            'rw',
-            'hard',
-            'intr',
-            'rsize=32768',
-            'wsize=32768',
-            'acregmin=0',
-            'acregmax=0',
-            'acdirmin=0',
-            'acdirmax=0',
-            'noac',
-            // 'nodev',
-            // 'nosuid',
-          ];
-          const cmd = [
-            `console=serial0,115200`,
-            // `console=ttyAMA0,115200`,
-            `console=tty1`,
-            // `initrd=-1`,
-            // `net.ifnames=0`,
-            // `dwc_otg.lpm_enable=0`,
-            // `elevator=deadline`,
-            `root=/dev/nfs`,
-            `nfsroot=${controlServerIp}:${process.env.NFS_EXPORT_PATH}/rpi4mb,${mountOptions}`,
-            // `nfsroot=${controlServerIp}:${process.env.NFS_EXPORT_PATH}/rpi4mb`,
-            `ip=${commissioningDeviceIp}:${controlServerIp}:${gatewayip}:${netmask}:${nfsHost}:${interfaceName}:static`,
-            `rootfstype=nfs`,
-            `rw`,
-            `rootwait`,
-            `fixrtc`,
-            'initrd=initrd.img',
-            // 'boot=casper',
-            // 'ro',
-            'netboot=nfs',
-            `init=/sbin/init`,
-            // `cloud-config-url=/dev/null`,
-            // 'ip=dhcp',
-            // 'ip=dfcp',
-            // 'autoinstall',
-            // 'rd.break',
-            // Disable services that not apply over nfs
-            `systemd.mask=systemd-network-generator.service`,
-            `systemd.mask=systemd-networkd.service`,
-            `systemd.mask=systemd-fsck-root.service`,
-            `systemd.mask=systemd-udev-trigger.service`,
-          ];
-          // TODO: use autoinstall cloud-config-url=http://<MAAS_IP>:5240/MAAS/metadata/latest
-          // #cloud-config
-          // autoinstall:
-          //   version: 1
-          //   keyboard:
-          //     layout: es
-          //     variant: latinamerican
-          //   identity:
-          //     hostname: rpi4
-          //     username: root
-          //     password: "{{PASSWORD}}"
-          //   ssh:
-          //     install-server: true
-          //     allow-pw: true
-          //     authorized-keys:
-          //       - "{{SSH_KEY}}"
-          //   locale: es_ES.UTF-8
-          //   timezone: America/Santiago
-          //   packages:
-          //     - cloud-init
-          //     - systemd-sysv
-          //     - openssh-server
-          //     - sudo
-          //     - udev
-          //     - netplan.io
-          //   late-commands:
-          //     - curtin in-target --target=/target ln -sf /lib/systemd/systemd /sbin/init
-          nfsConnectStr = cmd.join(' ');
-          bootConf = `[all]
-BOOT_UART=0
-WAKE_ON_GPIO=1
-POWER_OFF_ON_HALT=0
-ENABLE_SELF_UPDATE=1
-DISABLE_HDMI=0
-NET_INSTALL_ENABLED=1
-DHCP_TIMEOUT=45000
-DHCP_REQ_TIMEOUT=4000
-TFTP_FILE_TIMEOUT=30000
-BOOT_ORDER=0x21
-# ─────────────────────────────────────────────────────────────
-# TFTP configuration
-# ─────────────────────────────────────────────────────────────
-# Custom TFTP prefix string (e.g., based on MAC address, no colons)
-#TFTP_PREFIX_STR=AA-BB-CC-DD-EE-FF/
-# Optional PXE Option43 override (leave commented if unused)
-#PXE_OPTION43="Raspberry Pi Boot"
-# DHCP client GUID (Option 97); 0x34695052 is the FourCC for Raspberry Pi 4
-#DHCP_OPTION97=0x34695052
-TFTP_IP=${controlServerIp}
-TFTP_PREFIX=1
-TFTP_PREFIX_STR=${tftpSubDir.slice(1)}/
-# ─────────────────────────────────────────────────────────────
-# Manually override Ethernet MAC address
-# ─────────────────────────────────────────────────────────────
-MAC_ADDRESS=${process.env.RPI4_MAC_ADDRESS}
-# OTP MAC address override
-#MAC_ADDRESS_OTP=0,1
-# ─────────────────────────────────────────────────────────────
-# Static IP configuration (bypasses DHCP completely)
-# ─────────────────────────────────────────────────────────────
-CLIENT_IP=${commissioningDeviceIp}
-SUBNET=255.255.255.0
-GATEWAY=192.168.1.1
-`;
-          break;
-        default:
-          break;
-      }
-      shellExec(`sudo chmod 755 ${process.env.NFS_EXPORT_PATH}/${nfsHost}`);
-      shellExec(`sudo rm -rf ${tftpRoot}${tftpSubDir}`);
-      shellExec(`sudo cp -a ${firmwarePath} ${tftpRoot}${tftpSubDir}`);
-      shellExec(`mkdir -p ${tftpRoot}${tftpSubDir}/pxe`);
-      fs.writeFileSync(`/etc/exports`, etcExports, 'utf8');
-      if (bootConf) fs.writeFileSync(`${tftpRoot}${tftpSubDir}/boot.conf`, bootConf, 'utf8');
-      shellExec(`node bin/deploy nfs`);
-      switch (process.argv[3]) {
-        case 'rpi4mb':
-          {
-            for (const file of ['bootaa64.efi', 'grubaa64.efi']) {
-              shellExec(`sudo cp -a ${bootResourcesPath}/${file} ${tftpRoot}${tftpSubDir}/pxe/${file}`);
-            }
-            {
-              for (const file of Object.keys(kernelFilesPaths)) {
-                shellExec(`sudo cp -a ${kernelFilesPaths[file]} ${tftpRoot}${tftpSubDir}/pxe/${file}`);
-              }
-              fs.mkdirSync(`${tftpRoot}/grub`, { recursive: true });
-              const menuentryStr = 'UNDERPOST.NET UEFI/GRUB/MAAS RPi4 commissioning (ARM64)';
-              const grubCfgPath = `${tftpRoot}/grub/grub.cfg`;
-              fs.writeFileSync(
-                grubCfgPath,
-                `
-    insmod gzio
-    insmod http
-    insmod nfs
-    set timeout=5
-    set default=0
-    menuentry '${menuentryStr}' {
-      set root=(tftp,${controlServerIp})
-      linux ${tftpSubDir}/pxe/vmlinuz-efi ${nfsConnectStr}
-      initrd ${tftpSubDir}/pxe/initrd.img
-      boot
-    }
-        `,
-                'utf8',
-              );
-            }
-            const arm64EfiPath = `${tftpRoot}/grub/arm64-efi`;
-            if (fs.existsSync(arm64EfiPath)) shellExec(`sudo rm -rf ${arm64EfiPath}`);
-            shellExec(`sudo cp -a /usr/lib/grub/arm64-efi ${arm64EfiPath}`);
-          }
-          break;
-        default:
-          break;
-      }
-      logger.info('succes maas deploy', {
-        resource,
-        kernelFilesPaths,
-        tftpRoot,
-        tftpSubDir,
-        firmwarePath,
-        etcExports,
-        nfsServerRootPath,
-        nfsConnectStr,
-      });
-      shellExec(`sudo chown -R root:root ${tftpRoot}`);
-      shellExec(`sudo sudo chmod 755 ${tftpRoot}`);
-      logger.info('Waiting for MAC assignment...');
-      fs.removeSync(`${nfsServerRootPath}/underpost/mac`);
-      await macMonitor(nfsServerRootPath);
-      const monitor = async () => {
-        // discoveries         Query observed discoveries.
-        // discovery           Read or delete an observed discovery.
-        const discoveries = JSON.parse(
-          shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} discoveries read`, {
-            silent: true,
-            stdout: true,
-          }),
-        );
-        //   {
-        //     "discovery_id": "",
-        //     "ip": "192.168.1.189",
-        //     "mac_address": "00:00:00:00:00:00",
-        //     "last_seen": "2025-05-05T14:17:37.354",
-        //     "hostname": null,
-        //     "fabric_name": "",
-        //     "vid": null,
-        //     "mac_organization": "",
-        //     "observer": {
-        //         "system_id": "",
-        //         "hostname": "",
-        //         "interface_id": 1,
-        //         "interface_name": ""
-        //     },
-        //     "resource_uri": "/MAAS/api/2.0/discovery/MTkyLjE2OC4xLjE4OSwwMDowMDowMDowMDowMDowMA==/"
-        // },
-        console.log(discoveries.map((d) => d.ip).join(' | '));
-        for (const discovery of discoveries) {
-          const machine = {
-            architecture: architecture.match('amd') ? 'amd64/generic' : 'arm64/generic',
-            mac_address: discovery.mac_address,
-            hostname: discovery.hostname ?? discovery.mac_organization ?? discovery.domain ?? `generic-host-${s4()}`,
-            // discovery.ip.match(commissioningDeviceIp)
-            //   ? nfsHost
-            //   : `unknown-${s4()}`,
-            // description: '',
-            // https://maas.io/docs/reference-power-drivers
-            power_type: 'manual', // manual
-            // power_parameters_power_address: discovery.ip,
-            mac_addresses: discovery.mac_address,
-            ip: discovery.ip,
-          };
-          machine.hostname = machine.hostname.replaceAll(' ', '').replaceAll('.', '');
-          if (machine.mac_addresses === commissioningMac)
-            try {
-              machine.hostname = nfsHost;
-              machine.mac_address = commissioningMac;
-              let newMachine = shellExec(
-                `maas ${process.env.MAAS_ADMIN_USERNAME} machines create ${Object.keys(machine)
-                  .map((k) => `${k}="${machine[k]}"`)
-                  .join(' ')}`,
-                {
-                  silent: true,
-                  stdout: true,
-                },
-              );
-              newMachine = { discovery, machine: JSON.parse(newMachine) };
-              machines.push(newMachine);
-              console.log(newMachine);
-              // commissioning_scripts=90-verify-user.sh
-              shellExec(
-                `maas ${process.env.MAAS_ADMIN_USERNAME} machine commission ${newMachine.machine.boot_interface.system_id} enable_ssh=1 skip_bmc_config=1 skip_networking=1 skip_storage=1`,
-                {
-                  silent: true,
-                },
-              );
-            } catch (error) {
-              logger.error(error, error.stack);
-            } finally {
-              process.exit(0);
-            }
-        }
-        await timer(1000);
-        monitor();
-      };
-      // clearDiscoveries();
-      removeMachines();
-      monitor();
-      break;
-    }
     case 'nfs': {
       // Daemon RPC  NFSv3. ports:
@@ -2491,137 +1302,6 @@ udp-port = 32766
       shellExec(`sudo systemctl restart nfs-server`);
       break;
     }
-    case 'update-virtual-root': {
-      dotenv.config({ path: `${getUnderpostRootPath()}/.env`, override: true });
-      const controlServerIp = getLocalIPv4Address();
-      const architecture = process.argv[3];
-      const host = process.argv[4];
-      const nfsHostPath = `${process.env.NFS_EXPORT_PATH}/${host}`;
-      const commissioningDeviceIp = process.env.RPI4_IP;
-      const gatewayip = process.env.GATEWAY_IP;
-      await updateVirtualRoot({
-        controlServerIp,
-        architecture,
-        host,
-        nfsHostPath,
-        commissioningDeviceIp,
-        update: true,
-        gatewayip,
-      });
-      break;
-    }
-    case 'open-virtual-root': {
-      dotenv.config({ path: `${getUnderpostRootPath()}/.env`, override: true });
-      const controlServerIp = getLocalIPv4Address();
-      const architecture = process.argv[3];
-      const host = process.argv[4];
-      const nfsHostPath = `${process.env.NFS_EXPORT_PATH}/${host}`;
-      const gatewayip = process.env.GATEWAY_IP;
-      shellExec(`sudo dnf install -y iptables-legacy`);
-      shellExec(`sudo dnf install -y debootstrap`);
-      shellExec(`sudo dnf install kernel-modules-extra-$(uname -r)`);
-      switch (architecture) {
-        case 'arm64':
-          shellExec(`sudo podman run --rm --privileged multiarch/qemu-user-static --reset -p yes`);
-          break;
-        default:
-          break;
-      }
-      shellExec(`sudo modprobe binfmt_misc`);
-      shellExec(`sudo mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc`);
-      if (process.argv.includes('build')) {
-        shellExec(`mkdir -p ${nfsHostPath}`);
-        let cmd;
-        switch (host) {
-          case 'rpi4mb':
-            shellExec(`sudo rm -rf ${nfsHostPath}/*`);
-            shellExec(`sudo chown -R root:root ${nfsHostPath}`);
-            cmd = [
-              `sudo debootstrap`,
-              `--arch=arm64`,
-              `--variant=minbase`,
-              `--foreign`, // arm64 on amd64
-              [`noble`, `jammy`][0],
-              nfsHostPath,
-              `http://ports.ubuntu.com/ubuntu-ports/`,
-            ];
-            break;
-          default:
-            break;
-        }
-        shellExec(cmd.join(' '));
-        shellExec(`sudo podman create --name extract multiarch/qemu-user-static`);
-        shellExec(`podman ps -a`);
-        shellExec(`sudo podman cp extract:/usr/bin/qemu-aarch64-static ${nfsHostPath}/usr/bin/`);
-        shellExec(`sudo podman rm extract`);
-        shellExec(`podman ps -a`);
-        switch (host) {
-          case 'rpi4mb':
-            shellExec(`file ${nfsHostPath}/bin/bash`); // expected: ELF 64-bit LSB pie executable, ARM aarch64 …
-            break;
-          default:
-            break;
-        }
-        shellExec(`sudo chroot ${nfsHostPath} /usr/bin/qemu-aarch64-static /bin/bash <<'EOF'
-/debootstrap/debootstrap --second-stage
-EOF`);
-      }
-      if (process.argv.includes('mount')) {
-        shellExec(`sudo mount --bind /proc ${nfsHostPath}/proc`);
-        shellExec(`sudo mount --bind /sys ${nfsHostPath}/sys`);
-        shellExec(`sudo mount --rbind /dev ${nfsHostPath}/dev`);
-        shellExec(`sudo mount --rbind /dev/pts ${nfsHostPath}/dev/pts`);
-        shellExec(`sudo mount --bind /run ${nfsHostPath}/run`);
-      }
-      if (process.argv.includes('build')) {
-        switch (host) {
-          case 'rpi4mb':
-            const commissioningDeviceIp = process.env.RPI4_IP;
-            await updateVirtualRoot({
-              controlServerIp,
-              architecture,
-              host,
-              nfsHostPath,
-              commissioningDeviceIp,
-              gatewayip,
-            });
-            break;
-          default:
-            break;
-        }
-      }
-      // if (process.argv.includes('mount')) {
-      //   shellExec(`sudo mount --bind /lib/modules ${nfsHostPath}/lib/modules`);
-      // }
-      break;
-    }
-    case 'close-virtual-root': {
-      const architecture = process.argv[3];
-      const host = process.argv[4];
-      const nfsHostPath = `${process.env.NFS_EXPORT_PATH}/${host}`;
-      shellExec(`sudo umount ${nfsHostPath}/proc`);
-      shellExec(`sudo umount ${nfsHostPath}/sys`);
-      shellExec(`sudo umount ${nfsHostPath}/dev/pts`);
-      shellExec(`sudo umount ${nfsHostPath}/dev`);
-      shellExec(`sudo umount ${nfsHostPath}/run`);
-      // shellExec(`sudo umount ${nfsHostPath}/lib/modules`);
-      break;
-    }
     case 'mount': {
       const mounts = shellExec(`mount`).split(`\n`);