Rebuild Dell XPS - First Build

[scottmuc]

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing all the previous repave issues. Have fun!

Things to do with the existing build

• [x] Create USB stick with latest Ubuntu OS

Rebuild steps

• [x] Reboot laptop and press F12 to load the boot selection menu

• [x] Install the OS

  Instructions

  • https://ubuntu.com/tutorials/install-ubuntu-server#1-overview
  • Create a user called bootstrap with a password bootstrap

Post OS install steps

• [x] Document what to do next ;-)

[scottmuc]

My Dell XPS has been dormant. I'm thinking of making it a second DNS cache and a Concourse host.

[scottmuc]

As the number of machines in my home network grows, I've decided to introduce a bit more automation. This host is going to be prepared with ansible. I found this ansible bootstrapping post as a good baseline to get a machine.

The first attempt required a new package to be installed:

(.virtualenv) ~/workspace/infrastructure ? ansible-playbook -i 192.168.2.129, -e "ansible_ssh_pass=boot" ansible/bootstrap-playbook.yml

PLAY [all] *****************************************************************************************************************************************************

TASK [attempt to update apt's cache] ***************************************************************************************************************************
fatal: [192.168.2.129]: FAILED! => {"msg": "to use the 'ssh' connection type with passwords, you must install the sshpass program"}
...ignoring

TASK [attempt to install Python on Debian-based systems] *******************************************************************************************************
fatal: [192.168.2.129]: FAILED! => {"msg": "to use the 'ssh' connection type with passwords, you must install the sshpass program"}
...ignoring

TASK [setup] ***************************************************************************************************************************************************
fatal: [192.168.2.129]: FAILED! => {"msg": "to use the 'ssh' connection type with passwords, you must install the sshpass program"}

PLAY RECAP *****************************************************************************************************************************************************
192.168.2.129              : ok=2    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=2

Then tried to install sshpass:

(.virtualenv) ~/workspace/infrastructure ? brew install sshpass
Updating Homebrew...
==> Auto-updated Homebrew!
Updated 3 taps (homebrew/cask-versions, homebrew/core and homebrew/cask).
==> New Formulae
curlie                                                                           ht-rust
==> Updated Formulae
Updated 28 formulae.
==> Updated Casks
Updated 39 casks.

==> Searching for similarly named formulae...
Error: No similarly named formulae found.
Error: No available formula or cask with the name "sshpass".
We won't add sshpass because it makes it too easy for novice SSH users to
ruin SSH's security.

I was sort of conflicted with this. I totally understand the rationale, but it's going to add another step. That being said, the Ubuntu installer did have the option to import keys from GitHub. I wasn't sure if I wanted that yet because I wasn't sure when the keys will be created.

For now, I'll use ssh-copy-id to bootstrap the bootstrapping.

(.virtualenv) ~/workspace/infrastructure ? ssh-copy-id boot@192.168.2.129
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
boot@192.168.2.129's password:

Number of key(s) added:        1

Now try logging into the machine, with:   "ssh 'boot@192.168.2.129'"
and check to make sure that only the key(s) you wanted were added.

(.virtualenv) ~/workspace/infrastructure ? ssh boot@192.168.2.129
Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-65-generic x86_64)

Going to tweak the bootstrapping playbook to obtain the authorized_keys from GitHub and remove the bootstrap user.

[scottmuc]

Successfully bootstrapped the host:

(.virtualenv) ~/workspace/infrastructure ? ansible-playbook -i 192.168.2.129, --become --ask-become-pass ansible/bootstrap-playbook.yml
BECOME password:

PLAY [all] *****************************************************************************************************************************************************

TASK [attempt to update apt's cache] ***************************************************************************************************************************
changed: [192.168.2.129]

TASK [attempt to install Python on Debian-based systems] *******************************************************************************************************
changed: [192.168.2.129]

TASK [setup] ***************************************************************************************************************************************************
[DEPRECATION WARNING]: Distribution Ubuntu 20.04 on host 192.168.2.129 should use /usr/bin/python3, but is using /usr/bin/python for backward compatibility
with prior Ansible releases. A future Ansible release will default to using the discovered platform python for this host. See
https://docs.ansible.com/ansible/2.10/reference_appendices/interpreter_discovery.html for more information. This feature will be removed in version 2.12.
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
ok: [192.168.2.129]

TASK [Create admin user group] *********************************************************************************************************************************
ok: [192.168.2.129]

TASK [Ensure sudo is installed] ********************************************************************************************************************************
ok: [192.168.2.129]

TASK [Create Ansible user] *************************************************************************************************************************************
ok: [192.168.2.129]

TASK [Add Ansible user to admin group] *************************************************************************************************************************
ok: [192.168.2.129]

TASK [Add authorized keys] *************************************************************************************************************************************
ok: [192.168.2.129]

TASK [Copy sudoers file] ***************************************************************************************************************************************
changed: [192.168.2.129]

TASK [Backup sudoers file] *************************************************************************************************************************************
changed: [192.168.2.129]

TASK [Ensure admin group can sudo] *****************************************************************************************************************************
ok: [192.168.2.129]

TASK [Replace sudoers file] ************************************************************************************************************************************
changed: [192.168.2.129]

TASK [Test Ansible user's access] ******************************************************************************************************************************
changed: [192.168.2.129]

PLAY RECAP *****************************************************************************************************************************************************
192.168.2.129              : ok=13   changed=6    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Will tweak the playlist and push the commit soon. Note, the comma after the IP is required (stated in the docs).

Will ensure that I remove the bootstrap user in the main playbook.

[scottmuc]

• [ ] Disable screen on lid close: https://mensfeld.pl/2018/08/ubuntu-18-04-disable-screen-on-lid-close/

[scottmuc]

• [x] Figure out a way to setup static IP

Rather than configuring a static IP on the XPS, I kept the default DHCP network configuration and created a static reservation in /etc/kea/kea-dhcp4.conf on the PI:

            "reservations": [
                {
                    "hw-address": "00:e0:4c:01:15:6b",
                    "ip-address": "192.168.2.11"
                }
            ],

Also, this is terrifying :-(

root@pi:/etc/kea# uptime
 22:55:17 up 247 days,  2:55,  1 user,  load average: 0.00, 0.00, 0.00

[scottmuc]

Concourse successfully installed and running!

I think this is a good place to conclude this repave. Going to need to repave the machine again to see what steps need to be documented now. Also going to need a pipeline that deploy to really ensure that things are working. No workers are deployed yet so that'll clearly be an issue.

[scottmuc]

Going to defer figuring out turning off the screen at a future time. It's not as straightforward as I initially expected. Also need to do the unbound setup too.