UncleNUC Wiki

Second chance for NUCs

User Tools

Site Tools

Trace:
lab:nuc_1

This is an old revision of the document!

NUC 1

This is the first NUC in the Stack of NUCs.

Reference: https://www.jimangel.io/posts/automate-ubuntu-22-04-lts-bare-metal/

Hardware:

  • 7i3
  • 32GB RAM
  • 32GB storage
  • Wireless

Software:

  • Ubuntu 22.04 LTS desktop

Purpose:

  • Linux machine to facilitate:
    • creating the modified ISO for the boot USB stick
    • create the modified ISO for the USB
    • create SSH management keys

Steps:

  1. Install Ubuntu Desktop - https://ubuntu.com/tutorials/install-ubuntu-desktop#1-overview
  2. Log in to the NUC
  3. Do the usual software updates and install requirements
    • sudo apt update && sudo apt upgrade -y
    • sudo apt install xorriso squashfs-tools python3-debian gpg liblz4-tool arp-scan notepadqq python3-pip -y
  4. Generate key for ssh: ssh-keygen -o
    • accept default settings and don't enter a passphrase
  5. Download the latest live-server ISO from Ubuntu 22.04 releases page (name similar to ubuntu-22.04.2-live-server-amd64.iso)
    • move this file to your home directory
  6. Open the terminal (you should be in your home directory)
  7. Install livefs-editor, which we will use to modify the iso
  8. Create modified live-server ISO
    1. Copy the grub.cfg file from the ISO file
      • Set the ORIG_ISO filename to the actual file you downloaded. In this example I will use ubuntu-22.04.2-live-server-amd64.iso
      • export ORIG_ISO="ubuntu-22.04.2-live-server-amd64.iso"
mkdir mnt
mount -o loop $(ORIG_ISO) mnt
cp --no-preserve=all mnt/boot/grub/grub.cfg ./grub.cfg
umount nnt
sed -i 's/linux	\/casper\/vmlinuz  ---/linux	\/casper\/vmlinuz autoinstall quiet ---/g' ./grub.cfg
sed -i 's/timeout=30/timeout=1/g' /tmp/grub.cfg
export MODDED_ISO="${ORIG_ISO::-4}-modded.iso"
livefs-edit ../$ORIG_ISO ../$MODDED_ISO --cp ./grub.cfg new/iso/boot/grub/grub.cfg
  9. Create bootable USB from the modified ISO
  10. Create a USB stick named CIDATA for a cloud-init datasource
    1. Unplug the bootable USB stick you just created
    2. Plug in the USB that will be erased and used as the cloud-init datasource
    3. Identify the USB stick device name
      • lsblk
      • it will probably be sda or sdb
      • be SURE you pick the right one!
    4. Format the USB disk (assuming it's sdb in this example)
      1. Unmount it: sudo umount /dev/sdb
      2. Format it: sudo mkfs.vfat -I -F 32 -n 'CIDATA /dev/sdb'
      3. Confirm: ls /dev/disk/by-label/
    5. Create meta-data file on CIDATA (assuming it's sdb in this example)
      1. mkdir /tmp/cidata
      2. sudo mount /dev/sdb /tmp/cidata
      3. cd /tmp/cidata
      4. touch meta-data
    6. Create user-data file on CIDATA
      • You can create the use using a text editor (notepadqq was installed earlier) or use the command line
      • Replace the key(s) in the example with the output from your computer for:
        • cat ~/.ssh/id_rsa.pub
      • cat <<'EOF' > user-data
#cloud-config
autoinstall:
  version: 1
  ssh:
    install-server: true
    # option "allow-pw" defaults to `true` if authorized_keys is empty, `false` otherwise.
    allow-pw: false

  # "[late-commands] are run in the installer environment with the installed system mounted at /target."
  late-commands:
    # randomly generate the hostname & show the IP at boot
    - echo ubuntu-host-$(openssl rand -hex 3) > /target/etc/hostname
    # dump the IP out at login screen
    - echo "Ubuntu 22.04 LTS \nIP - $(hostname -I)\n" > /target/etc/issue
    # storage was a pain in the ass and merged multiple things, I just want a 100% use of the fs. (alt option: https://gist.github.com/anedward01/b68e00bb2dcfa4f1335cd4590cbc8484#file-user-data-L97-L199)
    - curtin in-target --target=/target -- lvextend -l +100%FREE /dev/mapper/ubuntu--vg-ubuntu--lv
    - curtin in-target --target=/target -- resize2fs /dev/mapper/ubuntu--vg-ubuntu--lv
    # shut-down the host to avoid an infinite installer loop
    - shutdown -h now

  user-data:
    disable_root: true
    timezone: America/New_York
    package_upgrade: false
    packages:
    - network-manager
    runcmd:
    - nmcli d wifi connect SSID password PASSWORD
    users:
      - name: tux
        primary_group: users
        groups: sudo
        lock_passwd: true
        # don't need PW since using SSH, leaving this in though...
        # password is "changeme" - created with `docker run -it --rm alpine mkpasswd --method=SHA-512`
        # passwd: "$5$IWwNqL9VUSDoc4Jv$DEUGR.cZQcbz/QvdCOmU13fX5ZW0rANg8LqkAtX3nBA"
        shell: /bin/bash
        # use cat ~/.ssh/id_rsa.pub or generate to get your public key
        ssh_authorized_keys:
          - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDTK3YYoKho9SvTejt9430NRwu5ZQpwtAQGBbX8piLvLfsrJzzXxWljTvmC63VMAbCy3ii/Z4yReeCt4h7JiFNf+4ggfUmG+SN+6WvRlfKdaQBXKqojNNxVDg/M73CYF/CYjifJYombA1WIFYoZwMSnd4pzuS7pSiMFKEYTznmImgqa40uZfK6My98KTFpbuebeRvF1u/2Q2ISEYRQmHbm79NAj2WPoI73vNDtkKOPn8NU13xQgC4EMlk/Yu0p36THYlMl30iJePhFgNNBTxXBZL41+nn6W9wgfwo78VDNSa0A2Cambad/lYEerSWevsPATU7bf2an7RsDJhvCx58hI4BMl0KQ3/R0MT2OSGU+GHjBzL/T9UHIxN1FynzmwYpI96MEmEqETjG2DzboO93Oo5EkuX/e6wo/ptQ1g9Qarmk66E0shYpTtwQn2mz0Lhv8PD9C/CbZl9QqcQ43yah1MD9PH/OaCj32FpBqDNJp+NuyYbjBDhG5TgGza4yrgww8= jimangel@Jims-MacBook-Pro.local"
        sudo: ALL=(ALL) NOPASSWD:ALL
      - name: ansible
        primary_group: users
        groups: sudo
        lock_passwd: true
        # don't need PW since using SSH, leaving this in though...
        # password is "changeme" - created with `docker run -it --rm alpine mkpasswd --method=SHA-512`
        # passwd: "$5$IWwNqL9VUSDoc4Jv$DEUGR.cZQcbz/QvdCOmU13fX5ZW0rANg8LqkAtX3nBA"
        shell: /bin/bash
        # use cat ~/.ssh/id_rsa.pub or generate to get your public key
        ssh_authorized_keys:
          - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDTK3YYoKho9SvTejt9430NRwu5ZQpwtAQGBbX8piLvLfsrJzzXxWljTvmC63VMAbCy3ii/Z4yReeCt4h7JiFNf+4ggfUmG+SN+6WvRlfKdaQBXKqojNNxVDg/M73CYF/CYjifJYombA1WIFYoZwMSnd4pzuS7pSiMFKEYTznmImgqa40uZfK6My98KTFpbuebeRvF1u/2Q2ISEYRQmHbm79NAj2WPoI73vNDtkKOPn8NU13xQgC4EMlk/Yu0p36THYlMl30iJePhFgNNBTxXBZL41+nn6W9wgfwo78VDNSa0A2Cambad/lYEerSWevsPATU7bf2an7RsDJhvCx58hI4BMl0KQ3/R0MT2OSGU+GHjBzL/T9UHIxN1FynzmwYpI96MEmEqETjG2DzboO93Oo5EkuX/e6wo/ptQ1g9Qarmk66E0shYpTtwQn2mz0Lhv8PD9C/CbZl9QqcQ43yah1MD9PH/OaCj32FpBqDNJp+NuyYbjBDhG5TgGza4yrgww8= jimangel@Jims-MacBook-Pro.local"
        sudo: ALL=(ALL) NOPASSWD:ALL
    # shutdown after first host initial provisioning
    power_state:
      mode: poweroff
EOF
    7. Unmount the USB stick
      1. sudo umount /tmp/cidata
      2. Remove the USB stick
  11. Test boot setup on a different NUC
    1. Insert both USBs into the (powered off) test NUC
    2. Connect the test NUC to your wired Lab network (which has Internet access)
    3. Power on
    4. Press F10 when prompted and select the USB bootable USB stick (“USB UEFI”)
    5. If no physical internet connection, it will delay the setup greatly
    6. If user-data is configured to update packages, be aware this requires an internet connection, and takes additional time
    7. When the NUC powers down the first time, remove the USB sticks, then power back on
    8. When the NUC powers down the second time, it is ready to deploy. Power back on when you are ready.
    9. Test ssh from NUC 1 to the test NUC
      • identify the IP address on the NUC
      • ssh tux@[IPADDRESS]
  12. Set up SSH management keys
    • once all your NUCs are up, you can use this script to add all of them to your ssh known_hosts file
    • IPs=$(sudo arp-scan --localnet --numeric --quiet --ignoredups | grep -E '([a-f0-9]{2}:){5}[a-f0-9]{2}' | awk '{print $1}')
for i in $(IPs"); do ssh-keygen -R $i && ssh-keyscan -H $i >> ~/.ssh/known_hosts; done
lab/nuc_1.1681075249.txt.gz · Last modified: 2023/04/09 21:20 by user