This is an old revision of the document!

NUC 2

This is the second NUC in the Stack of NUCs. This will be the Ansible controller, the Control Node. We will build it using the USB install and autoconfiguration method we tested with NUC 1.

Ansible terms:

Control node - A system on which Ansible is installed. You run Ansible commands such as ansible or ansible-inventory on a control node.
Managed node - A remote system, or host, that Ansible controls.
Inventory - A list of managed nodes that are logically organized. You create an inventory on the control node to describe host deployments to Ansible.

References

Hardware:

i3
D34010WYK
Haswell NUC D34010WYK and D54250WYK: BIOS version 0054 (9/2/2019)
https://www.intel.com/content/www/us/en/download/17536/bios-update-wylpt10h.html
8GB RAM
32GB or more storage
Wireless

Software:

Ubuntu 22.04 LTS server

Purpose:

Ansible controller

Steps:

Modify the CIDATA USB stick file user_data to set up an Ansible controller

#cloud-config
autoinstall:
  version: 1
  ssh:
    install-server: true
    # option "allow-pw" defaults to `true` if authorized_keys is empty, `false` otherwise.
    allow-pw: false
 
  # "[late-commands] are run in the installer environment with the installed system mounted at /target."
  late-commands:
    # randomly generate the hostname & show the IP at boot
    - echo nuc-ansible-$(openssl rand -hex 3) > /target/etc/hostname
    # dump the IP out at login screen
    - echo "Ubuntu 22.04 LTS \nIP - $(hostname -I)\n" > /target/etc/issue
    # merge storage to use 100% use of the file system
    - curtin in-target --target=/target -- lvextend -l +100%FREE /dev/mapper/ubuntu--vg-ubuntu--lv
    - curtin in-target --target=/target -- resize2fs /dev/mapper/ubuntu--vg-ubuntu--lv
    # shut-down the host to avoid an infinite installer loop
    - shutdown -h now

  user-data:
    disable_root: true
    timezone: America/New_York
    package_upgrade: false
    packages:
    - network-manager
    - lldpd
    - git
    - python3-pip
    - ansible
    - arp-scan
    runcmd:
    - nmcli d wifi connect SSID password PASSWORD
    users:
      - name: tux
        primary_group: users
        groups: sudo
        lock_passwd: true
        # don't need PW since using SSH, leaving this in though...
        # password is "changeme" - created with `docker run -it --rm alpine mkpasswd --method=SHA-512`
        # passwd: "$5$IWwNqL9VUSDoc4Jv$DEUGR.cZQcbz/QvdCOmU13fX5ZW0rANg8LqkAtX3nBA"
        shell: /bin/bash
        # use cat ~/.ssh/id_rsa.pub or generate to get your public key
        ssh_authorized_keys:
          - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDTK3YYoKho9SvTejt9430NRwu5ZQpwtAQGBbX8piLvLfsrJzzXxWljTvmC63VMAbCy3ii/Z4yReeCt4h7JiFNf+4ggfUmG+SN+6WvRlfKdaQBXKqojNNxVDg/M73CYF/CYjifJYombA1WIFYoZwMSnd4pzuS7pSiMFKEYTznmImgqa40uZfK6My98KTFpbuebeRvF1u/2Q2ISEYRQmHbm79NAj2WPoI73vNDtkKOPn8NU13xQgC4EMlk/Yu0p36THYlMl30iJePhFgNNBTxXBZL41+nn6W9wgfwo78VDNSa0A2Cambad/lYEerSWevsPATU7bf2an7RsDJhvCx58hI4BMl0KQ3/R0MT2OSGU+GHjBzL/T9UHIxN1FynzmwYpI96MEmEqETjG2DzboO93Oo5EkuX/e6wo/ptQ1g9Qarmk66E0shYpTtwQn2mz0Lhv8PD9C/CbZl9QqcQ43yah1MD9PH/OaCj32FpBqDNJp+NuyYbjBDhG5TgGza4yrgww8= jimangel@Jims-MacBook-Pro.local"
        sudo: ALL=(ALL) NOPASSWD:ALL
      - name: ansible
        gecos: Ansible User
        primary_group: users
        groups: sudo
        sudo: ALL=(ALL) NOPASSWD:ALL
        shell: /bin/bash
        lock_passwd: true
        ssh_authorized_keys:
          - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDTK3YYoKho9SvTejt9430NRwu5ZQpwtAQGBbX8piLvLfsrJzzXxWljTvmC63VMAbCy3ii/Z4yReeCt4h7JiFNf+4ggfUmG+SN+6WvRlfKdaQBXKqojNNxVDg/M73CYF/CYjifJYombA1WIFYoZwMSnd4pzuS7pSiMFKEYTznmImgqa40uZfK6My98KTFpbuebeRvF1u/2Q2ISEYRQmHbm79NAj2WPoI73vNDtkKOPn8NU13xQgC4EMlk/Yu0p36THYlMl30iJePhFgNNBTxXBZL41+nn6W9wgfwo78VDNSa0A2Cambad/lYEerSWevsPATU7bf2an7RsDJhvCx58hI4BMl0KQ3/R0MT2OSGU+GHjBzL/T9UHIxN1FynzmwYpI96MEmEqETjG2DzboO93Oo5EkuX/e6wo/ptQ1g9Qarmk66E0shYpTtwQn2mz0Lhv8PD9C/CbZl9QqcQ43yah1MD9PH/OaCj32FpBqDNJp+NuyYbjBDhG5TgGza4yrgww8= jimangel@Jims-MacBook-Pro.local"
    ansible:
      install_method: pip
      package_name: ansible
      run_user: ansible
      galaxy:
        actions:
          - ["ansible-galaxy", "collection", "install", "community.general"]
      setup_controller:
        repositories:
          - path: /home/ansible/my-repo
            source: git@github.com:doritoes/nuc-ansible-lab.git
    # shutdown after first host initial provisioning
    power_state:
      mode: poweroff

Boot with the custom Lab bootable USB and the customized CIDATA USB inserted
- with the NUC powered off, insert both USB sticks
- power on the NUC, and press F10 when prompted
- select the UEFI USB boot option
  - be patient as the system is configured
  - after a while, the device will power down
- remove the USB sticks from the NUC and power it back on
  - be patient it is completes configuration and powers down again
- WiFi should be working now; you can disconnect the ethernet cable if you'd like, relocate it, etc., and then power it back on
By default, Ansible default configuration file and inventory file is located at /etc/ansible/ansible.cfg and /etc/ansible/hosts respectively.
Log in to NUC 2 from NUC 1:
- ssh ansible@[IP ADDRESS NUC2]
Generate keys
- ssh-keygen -o
- press enter to accept defaults to all prompts
View the key, which you will use for building the remaining NUCs
- cat ~/.ssh/id_rsa.pub
Ansible is now installed, but with no inventory file(s) or configuration
- ansible –version

Set up some files for Ansible; we will be configuring/adding the new NUCs under [nodes] later

mkdir my-project
cat <<'EOF' > my-project/hosts
[all:vars]
ansible_python_interpreter=/usr/bin/python3
ansible_user='ansible'
ansible_become=yes
ansible_become_method=sudo
 
[nodes]
 
EOF

Exit back to your NUC 1 session
Test running a remote command using SSH
- ssh ansible@[IP ADDRESS NUC2] “sudo apt update && sudo apt upgrade -y”
You are now ready to build more more NUCs! Continue with NUC 3