You are here:
Vanderbilt Biostatistics Wiki
>
Main Web
>
TWikiUsers
>
DalePlummer
>
DalesNotes
>
SystemSetupProcedures
(21 Feb 2023,
DalePlummer
)
(raw view)
E
dit
A
ttach
---+ Computer Setup Procedures %TOC{depth="2"}% ----------------- ---++Windows Setup * If reusing an existing system, reset or wipe and re-install Windows. This not needed for a new Dell. * Apply a barcode sticker. Add to inventory spreadsheet. * Perform an Intune configuration (see [[https://vumc365.sharepoint.com/:o:/r/sites/VUMCIndependentSupportProviders-IntuneAdminOnboarding/Shared%20Documents/Intune%20Admins/Onboarding%20Documentation?d=w5d2eb1e32b1f408d872c30d6dd6cd15b&csf=1&web=1&e=TmY2Nu][Intune documentation in OneNote]]) * Intune configuration * Records the computer in Azure Active Directory (see [[https://endpoint.microsoft.com/#home][Microsoft Endpoint Manager admin center]]) * Sets computer name to BIOS<system-serial-number> * Configures required VUMC settings * Installs Microsoft Office 365 * Installs BIG-IP VPN client * Installs security software * Send appropriate email if this system is for a new department member ([[Main.DalesNotes#Your_Windows_laptop_is_ready_40Intune_41][Windows email boilerplate]]) The first user to log on to the system becomes an administrator. I don't log in before sending the system to the user. They can install any other software that they need. --------------------------------- ---++ <nop>macOS Setup 1 [[https://pegasus.vumc.org/ViewKnowledge.aspx?id=15672][Intune Mac: Assign a MacOS device to an Enrollment Profile]] (*before* turning on computer for first time) 1 [[https://pegasus.vumc.org/ViewKnowledge.aspx?id=15771][Intune Mac: Setup and Enrollment]] 1 apply a barcode sticker. 1 add entry to inventory spreadsheet. 1 send introductory email to new department member - Main.DalesNotes#Your_MacBook_has_arrived_40configured_41 --------------------------------- ---++ Linux setup ---+++Re-installation Note If you are re-installing an existing user's computer, you will need to know the computer's host name. The GID/UID for this user's account is used when creating an account backup staging server. ---+++General Install Steps This section describes the setup steps that a general to all Ubuntu installations. There are a number of steps to be done that are specific to the user who will be using the computer. Those steps are outlined below. ---++++Labels If this is a new computer, get a barcode label from Main.DalePlummer and place it on the new computer. The computer hostname should be "biostat<barcode number>" (e.g. biostat0000). ---++++Install Ubuntu Using the live CD, install Ubuntu. * We usually make partitions like this: | *Partition* | *size* | *comment* | | swap | size of memory | e.g. 32 GB | | / | 256 GB | (approximately) (ext4) This is where all system files are placed. | | /home | remainder of space | (ext4) user's files | * Get a hostname from ColeBeck or DalePlummer * During the installation, make a user called "biostat". Once the Ubuntu installation is complete, log on as user "biostat" and continue... ---++++Edit the sources.list file Edit the sources.list file to use the =http://mirrors.advancedhosters.com/ubuntu/= repository. Include main/restricted/universe/multiverse. <verbatim> sudo gedit /etc/apt/sources.list </verbatim> Here is a sources.list files that works well. Use "bionic" for 18.04 systems and "focal" for 20.04. Note the addition of the R materials. <verbatim> deb http://mirrors.advancedhosters.com/ubuntu/ focal main restricted universe multiverse deb http://mirrors.advancedhosters.com/ubuntu/ focal-updates main restricted universe multiverse deb http://mirrors.advancedhosters.com/ubuntu/ focal-backports main restricted universe multiverse deb-src http://mirrors.advancedhosters.com/ubuntu/ focal main restricted universe multiverse deb-src http://mirrors.advancedhosters.com/ubuntu/ focal-updates main restricted universe multiverse deb-src http://mirrors.advancedhosters.com/ubuntu/ focal-backports main restricted universe multiverse deb http://mirrors.advancedhosters.com/ubuntu/ focal-security main restricted universe multiverse deb-src http://mirrors.advancedhosters.com/ubuntu/ focal-security main restricted universe multiverse deb https://cloud.r-project.org/bin/linux/ubuntu focal-cran40/ </verbatim> Then run these commands to get the key for the R repository: <verbatim> gpg --keyserver keyserver.ubuntu.com --recv-key 51716619E084DAB9 gpg -a --export 51716619E084DAB9 | sudo apt-key add - </verbatim> Then... <verbatim> sudo apt update sudo apt dist-upgrade </verbatim> And maybe a reboot... <verbatim> sudo reboot </verbatim> ---++++Install packages Install a few other things that we want. <verbatim> sudo apt install gnumeric abiword pidgin samba ntp ssh cifs-utils sshfs nfs-kernel-server nfs-common remmina compizconfig-settings-manager vim r-base-core r-base-dev r-base-html r-doc-pdf r-recommended exim4 htop emacs texlive-base texlive-latex-recommended texlive-latex-extra libjpeg62 libappindicator1 libindicator7 lockfile-progs </verbatim> Download (http://www.rstudio.com/) and install RStudio ( =sudo dpkg -i Downloads/rstudio-0.98.953-amd64.deb= ) Also, download (https://www.google.com/chrome/browser/) and install Google Chrome ( =sudo dpkg -i Downloads/google-chrome-stable_current_amd64.deb= ) ---++++Disallow ssh root logins Edit /etc/ssh/sshd_config and set *PermitRootLogin* to *no* <verbatim> sudo gedit /etc/ssh/sshd_config </verbatim> ---++++Set up printers See [[Main.PrinterHostnames][Printer hostnames]] for the names and other information about our printers. (Instructions for installing printers on Windows and Macintosh are in the [[Main.FrequentlyAskedQuestionsFAQ][FAQ topic]] (see the "How_to_install_printers..." section)) * get printer definition files <verbatim> cd /usr/share/cups/drv sudo wget http://biostat.app.vumc.org/wiki/pub/Main/UbuntuSetup/hp-color_laserjet_m651-ps.ppd sudo wget http://biostat.app.vumc.org/wiki/pub/Main/UbuntuSetup/hp-color_laserjet_m553-ps.ppd sudo wget http://biostat.app.vumc.org/wiki/pub/Main/UbuntuSetup/xrx6360dn.ppd </verbatim> * set up printers using the command line (biostatcolor1, biostatcolor2, and biostatcolor3 for regular users; biostatcolor4 is for administrators). The network addresses for the printers can be deduced from the commands below (following "socket://") or found at [[Main.PrinterHostnames]]. <verbatim> sudo lpadmin -p 00_biostatcolor1 -L "biostatistics" -D "HP Color LaserJet M651" -P /usr/share/cups/drv/hp-color_laserjet_m651-ps.ppd -v socket://biostatcolor1.dhcp.mc.vanderbilt.edu:9100/ -E sudo lpadmin -p 00_biostatcolor2 -L "biostatistics" -D "HP Color LaserJet M651" -P /usr/share/cups/drv/hp-color_laserjet_m651-ps.ppd -v socket://biostatcolor2.dhcp.mc.vanderbilt.edu:9100/ -E sudo lpadmin -p 00_biostatcolor3 -L "biostatistics" -D "HP Color LaserJet M651" -P /usr/share/cups/drv/hp-color_laserjet_m651-ps.ppd -v socket://biostatcolor3.dhcp.mc.vanderbilt.edu:9100/ -E sudo lpadmin -p 00_biostatcolor4 -L "biostatistics" -D "HP Color LaserJet M651" -P /usr/share/cups/drv/hp-color_laserjet_m651-ps.ppd -v socket://biostatcolor4.dhcp.mc.vanderbilt.edu:9100/ -E sudo lpadmin -p 00_biostatcolor7 -L "biostatistics" -D "HP Color LaserJet M553" -P /usr/share/cups/drv/hp-color_laserjet_m553-ps.ppd -v socket://biostatcolor7.dhcp.mc.vanderbilt.edu:9100/ -E </verbatim> ---++++Mount directory for administrative scripts Create a mount point for the administrative scripts. <verbatim> sudo mkdir -p /biostat/cvs/admin </verbatim> Add the following line to /etc/fstab <verbatim> biostat1553.emp.vumc.io:/home/cvs/admin /biostat/cvs/admin nfs nfsvers=3,rsize=8192,wsize=8192,timeo=14,intr 0 0 </verbatim> ...and mount the administrative folder <verbatim> sudo mount /biostat/cvs/admin </verbatim> <!-- At this point, you might want to check and see if automounting of the NFS share is working. Reboot to try it out. If automounting is not working, the likely culprit is systemd. Systemd needs to be explicitly told to wait for network stuff to be ready before attempting to mount. Do this to make that setting. <verbatim> systemctl enable NetworkManager-wait-online.service </verbatim> --> ---++++ Exim4 This setup allows the workstation to send emails, i.e. from the root account and from user cron jobs. This setup is orthogonal to the VUMCid user's email setup. It works by having exim send all outgoing emails to the smarthost biostat.app.vumc.org. This will only work if the following steps are performed, and if the workstation IP address resolves to biostat?.dhcp.mc.vanderbilt.edu, where ? is replaced with the appropriate number. Assuming exim v4... <verbatim> sudo cp /biostat/cvs/admin/etc/update-exim4.conf.conf /etc/exim4/update-exim4.conf.conf sudo /usr/sbin/update-exim4.conf sudo cp /biostat/cvs/admin/etc/mailname /etc/mailname </verbatim> Then edit =/etc/aliases= and add the following line =root: <nop>biostat-it@list.vumc.org= Restart exim <verbatim> sudo /etc/init.d/exim4 restart </verbatim> You can test that it works by running something like this: * =/biostat/cvs/admin/bin/mail-wrapper <nop>your.eamail.address@vumc.org ls -lh /tmp= This will email the output of 'ls -lh /tmp' to the biostat it mailing list. ---++++ Install the Tenable Nessus End Point Protection Agent * https://biostatdata.app.vumc.org/secdl ---+++Installation steps that are user specific Before configuring a new computer, please read NewEmployeeInfoSysProcedures. ---++++ Create an account and location for backup on the biostat1553 server (backup staging server) * Create the user on the biostat1553.emp.vumc.io server (for backup services). If this is a reinstall or new computer for an existing user, record the UID and GID from the old system. See [[https://biostat.app.vumc.org/wiki/Main/DalesNotes#Transition_to_new_backup_server][Transition to new backup server]] for additional detail. <verbatim> sudo adduser VUMCid </verbatim> * Note the UID and GID that are generated when the biostat1553 account is created. We will use these values when setting up the user account on the workstation. * edit /etc/passwd and change "/bin/bash" to be "/bin/false" for the user just created * Make the user's backup directory: /home/wsbu/backup/VUMCid ---++++ Make a user account on the workstation (if not reinstalling) Be sure to use the GID and UID that you recorded earlier. See NewEmployeeInfoSysProcedures <verbatim> sudo addgroup --gid [GID] [VUMCid] sudo useradd --create-home --shell "/bin/bash" --groups cdrom,audio,video,plugdev,lpadmin,adm,sudo --uid [UID] --gid [GID] [VUMCid] && sudo passwd [VUMCid] </verbatim> ---++++ Workstation Backups * Create the directory */biostat/backup/VUMCid* (make sure to change "VUMCid" to real value) <verbatim> sudo mkdir -p /biostat/backup/VUMCid </verbatim> * Add the following line to /etc/fstab: <verbatim> biostat1553.emp.vumc.io:/home/wsbu/VUMCid /biostat/backup/VUMCid nfs nfsvers=3,rsize=8192,wsize=8192,timeo=14,intr 0 0 </verbatim> * If you are restoring a backup because of a machine replacement or reimaging then use rsync. When logged on the the user's account, a command like this will work: <verbatim> cd /biostat/backup rsync -av VUMCid /home </verbatim> * Add the following cron entry to the *VUMCid's* crontab and choose a suitable value for X and Y ( =crontab -e=). The command is =sudo crontab -u VUMCid -e= <verbatim> mm hh * * * /biostat/cvs/admin/sbin/run-user-cron </verbatim> * *If* there's problems mounting those entries, try running *exportfs -a* on the server, either biostat or biostat1553. It seems to clear up the nfs export entries. ---++++ Samba (optional) * Set up Samba. To allow user to mount their /home/VUMCid directory from elsewhere, add this paragraph to then end of their /etc/samba/smb.conf file. Change "VUMCid" as appropriate. <verbatim> [VUMCid] comment = Samba on Ubuntu path = /home/VUMCid read only = no browsable = yes </verbatim> * Create a Samba ID: =sudo smbpasswd -a VUMCid= * Restart the Samba service: =sudo service smbd restart= ---++++ Send introductory email to new department member (Main.DalesNotes#Your_Linux_desktop_is_ready)
E
dit
|
A
ttach
|
P
rint version
|
H
istory
: r2
<
r1
|
B
acklinks
|
V
iew topic
|
Edit
w
iki text
|
M
ore topic actions
Topic revision: r2 - 21 Feb 2023,
DalePlummer
Main
Department Home Page
Biostatistics Graduate Program
Vanderbilt University Medical Center
Main Web
Main Web Home
Search
Recent Changes
Changes
Topic list
Biostatistics Webs
Archive
Main
Sandbox
System
Register
|
Log In
Copyright © 2013-2022 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Vanderbilt Biostatistics Wiki?
Send feedback