This is the first NUC in the Stack of NUCs. This “NUC 1” will be a user-friendly desktop installation used to create the rest of the environment. We will also prepare two (2) USB sticks for automatically installing our next NUC.

References:

• https://www.jimangel.io/posts/automate-ubuntu-22-04-lts-bare-metal/

Hardware:

• 7i3
• BOXNUC7i3BNK
• 16GB RAM
• 32GB storage
• Wireless

Software:

• Ubuntu 22.04 LTS desktop

Purpose:

• Linux desktop machine to facilitate:
  • create modified ISO for the boot USB stick
  • create boot USB stick from the new ISO
  • create CIDATA USB stick
  • create firmware upgrade USB stick
  • create SSH management keys
  • connect to the other NUCs you build

Install Ubuntu Desktop - https://ubuntu.com/tutorials/install-ubuntu-desktop#1-overview

• this process will step you through downloading the latest file and creating a bootable USB stick
• to boot from it
  • insert the USB stick
  • reboot the NUC
  • press F10 at the prompt
  • select the USB stick (USB EUFI)

• Log in to the NUC (NUC 1) and perform the usual software updates and install software packages

  • sudo apt update && sudo apt upgrade -y
    sudo apt install xorriso squashfs-tools python3-debian gpg liblz4-tool arp-scan notepadqq python3-pip -y

• Generate key for ssh
  • ssh-keygen -o
  • accept default settings and don't enter a passphrase

These steps are performed while logged in on NUC 1.

1. Download the latest live-server ISO from Ubuntu 22.04 releases page (name similar to ubuntu-22.04.2-live-server-amd64.iso)
   • move this file to your home directory
2. Open the terminal (you should be in your home directory be default)
3. Install livefs-editor, which we will use to modify the iso

   • git clone https://github.com/mwhudson/livefs-editor
     cd livefs-editor
     sudo python3 -m pip install .

   • Return to your home directory (i.e., cd ~ or cd ..)
4. Create modified live-server ISO
   1. Copy the grub.cfg file from the ISO file
      • Set the ORIG_ISO filename to the actual file you downloaded. In this example I will use ubuntu-22.04.2-live-server-amd64.iso

      • export ORIG_ISO="ubuntu-22.04.2-live-server-amd64.iso"
        mkdir mnt
        mount -o loop $(ORIG_ISO) mnt
        cp --no-preserve=all mnt/boot/grub/grub.cfg ./grub.cfg
        umount nnt
        sed -i 's/linux	\/casper\/vmlinuz  ---/linux	\/casper\/vmlinuz autoinstall quiet ---/g' ./grub.cfg
        sed -i 's/timeout=30/timeout=1/g' /tmp/grub.cfg
        export MODDED_ISO="${ORIG_ISO::-4}-modded.iso"
        livefs-edit ../$ORIG_ISO ../$MODDED_ISO --cp /tmp/grub.cfg new/iso/boot/grub/grub.cfg

5. Create bootable USB from the modified ISO
   • Use Balena Etcher or Startup Disk Creator

Create a USB stick named CIDATA as a cloud-init datasource

1. Unplug the bootable USB stick you just created
2. Plug in the USB that will be erased and used as the cloud-init datasource
3. Identify the USB stick device name
   • lsblk - it will probably be sda or sdb
   • be SURE you pick the right one!
4. Format the USB disk (assuming it's sdb in this example)
   1. Unmount it: sudo umount /dev/sdb
   2. Format it: sudo mkfs.vfat -I -F 32 -n 'CIDATA /dev/sdb'
   3. Confirm: ls /dev/disk/by-label/
5. Create meta-data file on CIDATA (assuming it's sdb in this example)

   • mkdir /tmp/cidata
     sudo mount /dev/sdb /tmp/cidata
     cd /tmp/cidata
     touch meta-data
     touch user-data

6. Modify the user-data file on CIDATA
   • You can create the use using a text editor (notepadqq was installed earlier) or use the command line
   • Replace the key(s) in the example with the output from your computer for:
     • cat ~/.ssh/id_rsa.pub
   • Replace the wifi SSID name and PASSWORD with your wifi SSID and passphrase

   • #cloud-config
     autoinstall:
       version: 1
       ssh:
         install-server: true
         # option "allow-pw" defaults to `true` if authorized_keys is empty, `false` otherwise.
         allow-pw: false
      
       # "[late-commands] are run in the installer environment with the installed system mounted at /target."
       late-commands:
         # randomly generate the hostname & show the IP at boot
         - echo nuc-host-$(openssl rand -hex 3) > /target/etc/hostname
         # dump the IP out at login screen
         - echo "Ubuntu 22.04 LTS \nIP - $(hostname -I)\n" > /target/etc/issue
         # merge storage to use 100% use of the file system
         - curtin in-target --target=/target -- lvextend -l +100%FREE /dev/mapper/ubuntu--vg-ubuntu--lv
         - curtin in-target --target=/target -- resize2fs /dev/mapper/ubuntu--vg-ubuntu--lv
         # shut-down the host to avoid an infinite installer loop
         - shutdown -h now
     
       user-data:
         disable_root: true
         timezone: America/New_York
         package_upgrade: false
         packages:
         - network-manager
         runcmd:
         - nmcli d wifi connect SSID password PASSWORD
         users:
           - name: tux
             primary_group: users
             groups: sudo
             lock_passwd: true
             # don't need PW since using SSH, leaving this in though...
             # password is "changeme" - created with `docker run -it --rm alpine mkpasswd --method=SHA-512`
             # passwd: "$5$IWwNqL9VUSDoc4Jv$DEUGR.cZQcbz/QvdCOmU13fX5ZW0rANg8LqkAtX3nBA"
             shell: /bin/bash
             # use cat ~/.ssh/id_rsa.pub or generate to get your public key
             ssh_authorized_keys:
               - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDTK3YYoKho9SvTejt9430NRwu5ZQpwtAQGBbX8piLvLfsrJzzXxWljTvmC63VMAbCy3ii/Z4yReeCt4h7JiFNf+4ggfUmG+SN+6WvRlfKdaQBXKqojNNxVDg/M73CYF/CYjifJYombA1WIFYoZwMSnd4pzuS7pSiMFKEYTznmImgqa40uZfK6My98KTFpbuebeRvF1u/2Q2ISEYRQmHbm79NAj2WPoI73vNDtkKOPn8NU13xQgC4EMlk/Yu0p36THYlMl30iJePhFgNNBTxXBZL41+nn6W9wgfwo78VDNSa0A2Cambad/lYEerSWevsPATU7bf2an7RsDJhvCx58hI4BMl0KQ3/R0MT2OSGU+GHjBzL/T9UHIxN1FynzmwYpI96MEmEqETjG2DzboO93Oo5EkuX/e6wo/ptQ1g9Qarmk66E0shYpTtwQn2mz0Lhv8PD9C/CbZl9QqcQ43yah1MD9PH/OaCj32FpBqDNJp+NuyYbjBDhG5TgGza4yrgww8= jimangel@Jims-MacBook-Pro.local"
             sudo: ALL=(ALL) NOPASSWD:ALL
           - name: ansible
             gecos: Ansible User
             primary_group: users
             groups: sudo
             sudo: ALL=(ALL) NOPASSWD:ALL
             shell: /bin/bash
             lock_passwd: true
             ssh_authorized_keys:
               - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDTK3YYoKho9SvTejt9430NRwu5ZQpwtAQGBbX8piLvLfsrJzzXxWljTvmC63VMAbCy3ii/Z4yReeCt4h7JiFNf+4ggfUmG+SN+6WvRlfKdaQBXKqojNNxVDg/M73CYF/CYjifJYombA1WIFYoZwMSnd4pzuS7pSiMFKEYTznmImgqa40uZfK6My98KTFpbuebeRvF1u/2Q2ISEYRQmHbm79NAj2WPoI73vNDtkKOPn8NU13xQgC4EMlk/Yu0p36THYlMl30iJePhFgNNBTxXBZL41+nn6W9wgfwo78VDNSa0A2Cambad/lYEerSWevsPATU7bf2an7RsDJhvCx58hI4BMl0KQ3/R0MT2OSGU+GHjBzL/T9UHIxN1FynzmwYpI96MEmEqETjG2DzboO93Oo5EkuX/e6wo/ptQ1g9Qarmk66E0shYpTtwQn2mz0Lhv8PD9C/CbZl9QqcQ43yah1MD9PH/OaCj32FpBqDNJp+NuyYbjBDhG5TgGza4yrgww8= jimangel@Jims-MacBook-Pro.local"
         # shutdown after first host initial provisioning
         power_state:
           mode: poweroff

7. Unmount the USB stick
   1. sudo umount /tmp/cidata
   2. Remove the USB stick
8. Test boot setup on a different NUC
   1. Insert both USBs into the (powered off) test NUC
   2. Connect the test NUC to your wired Lab network (which has Internet access)
   3. Power on
   4. Press F10 when prompted and select the USB bootable USB stick (“USB UEFI”)
   5. Be patient
      • if the user-data file is configured to update packages, be aware this requires additional time
      • if the ISO is older, it may take a while to download and install all the security updates
   6. When the NUC powers down the first time, remove the USB sticks, then power it back on
   7. When the NUC powers down the second time, it is ready to deploy
      • the Wifi connection should work at this point, so you don't need the wired Internet connection at this point
      • power back on when you are ready
   8. Test ssh from NUC 1 to the test NUC
      • identify the IP address on the NUC
      • ssh tux@[IPADDRESS]

You now have a working auto installation process! You can now proceed to building NUC 2.

1. Set up SSH management keys
   • once all your NUCs are up, you can use this script to add all of them to your ssh known_hosts file

   • IPs=$(sudo arp-scan --localnet --numeric --quiet --ignoredups | grep -E '([a-f0-9]{2}:){5}[a-f0-9]{2}' | awk '{print $1}')
     for i in $(IPs"); do ssh-keygen -R $i && ssh-keyscan -H $i >> ~/.ssh/known_hosts; done

Ubuntu will automatically download and install all security updates over the Internet as part of the automatic installation. As your ISO image gets older (and more security updates need to be installed), the build process will take longer and longer. Update your ISO boot USB stick to keep installation as fast as possible.