Setup for Ubuntu 11.10 (and up)
NOTE - This procedure has been superseded by UbuntuSetup20.
Click here for
Windows system setup
Re-installation Note
If you are re-installing an existing user's computer, see
http://biostat.app.vumc.org/wiki/Main/KubuntuSetup#Installing_Kubuntu_From_Existing. You will need to know the computer's host name, where the user's backup is stored, etc.
General Install Steps
This section describes the setup steps that a general to all Ubuntu installations. There are a number of steps to be done that are specific to the user who will be using the computer. Those steps are outlined below.
Install Ubuntu
Using the live CD, install Ubuntu.
- We usually make partitions like this:
Partition |
size |
comment |
swap |
size of memory |
e.g. 8 GB |
/ |
150 GB |
(approximately) (ext4) This is where all system files are placed. |
/home |
remainder of space |
(ext4) user's files |
- Get a hostname from ColeBeck or DalePlummer
- During the installation, make a user called "biostat".
Once the Ubuntu installation is complete, log on as user "biostat" and continue...
Edit the sources.list file
Edit the sources.list file to use the
http://mirrors.advancedhosters.com/ubuntu/
repository. Include main/restricted/universe/multiverse.
sudo gedit /etc/apt/sources.list
Then...
sudo apt-get update
sudo apt-get dist-upgrade
sudo shutdown -r now
Add R repository to sources.list
If we want the very latest R stuff then add these lines at the end of
/etc/apt/sources.list
. "bionic" is version specific (18.04). You might need to change it to match the version that is installed.
# R stuff
deb https://cloud.r-project.org/bin/linux/ubuntu bionic-cran35/
deb https://cloud.r-project.org/bin/linux/ubuntu focal-cran40/
Then run these commands:
gpg --keyserver keyserver.ubuntu.com --recv-key 51716619E084DAB9
gpg -a --export 51716619E084DAB9 | sudo apt-key add -
Then...
sudo apt-get update
Install packages
Install a few other things that we want.
sudo apt-get install gnumeric abiword pidgin samba ntp ssh cifs-utils sshfs nfs-kernel-server nfs-common remmina compizconfig-settings-manager vim r-base-core r-base-dev r-base-html r-doc-pdf r-recommended exim4 htop emacs texlive-base texlive-latex-recommended texlive-latex-extra libjpeg62 libappindicator1 libindicator7 lockfile-progs
Download (
http://www.rstudio.com/) and install RStudio (
sudo dpkg -i Downloads/rstudio-0.98.953-amd64.deb
)
Also, download (
https://www.google.com/chrome/browser/) and install Google Chrome (
sudo dpkg -i Downloads/google-chrome-stable_current_amd64.deb
)
Disallow ssh root logins
Edit /etc/ssh/sshd_config and set
PermitRootLogin to
no
sudo gedit /etc/ssh/sshd_config
Set up printers
See
Printer hostnames for the names and other information about our printers. (Instructions for installing printers on Windows and Macintosh are in the
FAQ topic (see the "How_to_install_printers..." section))
- get printer definition files
cd /usr/share/cups/drv
sudo wget http://biostat.app.vumc.org/wiki/pub/Main/UbuntuSetup/hp-color_laserjet_m651-ps.ppd
sudo wget http://biostat.app.vumc.org/wiki/pub/Main/UbuntuSetup/hp-color_laserjet_m553-ps.ppd
sudo wget http://biostat.app.vumc.org/wiki/pub/Main/UbuntuSetup/xrx6360dn.ppd
- set up printers using the command line (biostatcolor1, biostatcolor2, and biostatcolor3 for regular users; biostatcolor4 is for administrators). The network addresses for the printers can be deduced from the commands below (following "socket://") or found at Main.PrinterHostnames.
sudo lpadmin -p 00_biostatcolor1 -L "biostatistics" -D "HP Color LaserJet M651" -P /usr/share/cups/drv/hp-color_laserjet_m651-ps.ppd -v socket://biostatcolor1.dhcp.mc.vanderbilt.edu:9100/ -E
sudo lpadmin -p 00_biostatcolor2 -L "biostatistics" -D "HP Color LaserJet M651" -P /usr/share/cups/drv/hp-color_laserjet_m651-ps.ppd -v socket://biostatcolor2.dhcp.mc.vanderbilt.edu:9100/ -E
sudo lpadmin -p 00_biostatcolor3 -L "biostatistics" -D "HP Color LaserJet M651" -P /usr/share/cups/drv/hp-color_laserjet_m651-ps.ppd -v socket://biostatcolor3.dhcp.mc.vanderbilt.edu:9100/ -E
sudo lpadmin -p 00_biostatcolor4 -L "biostatistics" -D "HP Color LaserJet M651" -P /usr/share/cups/drv/hp-color_laserjet_m651-ps.ppd -v socket://biostatcolor4.dhcp.mc.vanderbilt.edu:9100/ -E
sudo lpadmin -p 00_biostatcolor7 -L "biostatistics" -D "HP Color LaserJet M553" -P /usr/share/cups/drv/hp-color_laserjet_m553-ps.ppd -v socket://biostatcolor7.dhcp.mc.vanderbilt.edu:9100/ -E
Mount directory for administrative scripts
Create a mount point for the administrative scripts.
sudo mkdir -p /biostat/cvs/admin
Add the following line to /etc/fstab
biostat3.emp.vumc.io:/home/cvs/admin /biostat/cvs/admin nfs nfsvers=3,rsize=8192,wsize=8192,timeo=14,intr 0 0
That (above) should be the correct line for modern versions of Ubuntu. If it does not work, try this one (below). Then difference is that "nfsvers=3," has been removed.
biostat3.emp.vumc.io:/home/cvs/admin /biostat/cvs/admin nfs rsize=8192,wsize=8192,timeo=14,intr 0 0
...and mount the administrative folder
sudo mount /biostat/cvs/admin
Set up firewall
Set up the iptables firewall. Download iptables file and set things up.
We have stopped setting up firewalls on workstations with private IP addresses. It causes more trouble than it is worth.
For servers and computers that are exposed to the internet, we probably DO want to set up a firewall.
cd /etc/network/if-up.d/
sudo wget -nc http://biostat.app.vumc.org/wiki/pub/Main/UbuntuSetup/iptables
sudo chmod ugo+x /etc/network/if-up.d/iptables
cd /etc/network/if-post-down.d
sudo ln -s ../if-up.d/iptables
Create the /var/lib/iptables directory and set up the inactive and active rule sets.
sudo mkdir /var/lib/iptables
sudo chmod 700 /var/lib/iptables
sudo cp /biostat/cvs/admin/etc/active /var/lib/iptables/
sudo touch /var/lib/iptables/inactive
Exim4
This setup allows the workstation to send emails, i.e. from the root account and from user cron jobs. This setup is orthogonal to the vunetid user's email setup.
It works by having exim send all outgoing emails to the smarthost biostat.app.vumc.org. This will only work if the following steps are performed, and if the workstation IP address resolves to biostat?.dhcp.mc.vanderbilt.edu, where ? is replaced with the appropriate number.
Assuming exim v4...
sudo cp /biostat/cvs/admin/etc/update-exim4.conf.conf /etc/exim4/update-exim4.conf.conf
sudo /usr/sbin/update-exim4.conf
sudo cp /biostat/cvs/admin/etc/mailname /etc/mailname
Then edit
/etc/aliases
and add the following line
root: biostat-it@list.vumc.org
Restart exim
sudo /etc/init.d/exim4 restart
You can test that it works by running something like this:
-
/biostat/cvs/admin/bin/mail-wrapper biostat-it@list.vumc.org ls -lh /tmp
This will email the output of 'ls -lh /tmp' to the biostat it mailing list. You may want to send it to your own email address for immediate results as the biostat it list is sloooowwwwwwww sometimes.
Labels
If this is a new computer, get a bar code label from
DalePlummer. Also put a hostname label where it can be seen easily. The label printer is in the IT work room.
Installation steps that are user specific
Before configuring a new user's computer, please read
NewEmployeeInfoSysProcedures.
Create an account and location for backup on the biostat3 server
- Create the user on the biostat3 server (for backup services)
sudo adduser VUNETID
- Note the UID and GID that are generated when the biostat3 account is created. We will use these values when setting up the user account on the workstation.
- edit /etc/passwd and change "/bin/bash" to be "/bin/false" for the user just created
- Make the user's backup directory: /home?/backup/VUNETID
Make a user account on the workstation (if not reinstalling)
Be sure to use the GID and UID that you recorded earlier. See
NewEmployeeInfoSysProcedures
sudo addgroup --gid [GID] [vunetid]
sudo useradd --create-home --shell "/bin/bash" --groups cdrom,audio,video,plugdev,lpadmin,adm,sudo --uid [UID] --gid [GID] [vunetid] && sudo passwd [vunetid]
Workstation Backups
- Create the directory /biostat/backup/vunetid (make sure to change "vunetid" to real value)
sudo mkdir -p /biostat/backup/vunetid
- Add the following line to /etc/fstab:
biostat3.emp.vumc.io:/home?/backup/vunetid /biostat/backup/vunetid nfs rsize=8192,wsize=8192,timeo=14,intr 0 0
or
biostat3.emp.vumc.io:/home?/backup/vunetid /biostat/backup/vunetid nfs nfsvers=3,rsize=8192,wsize=8192,timeo=14,intr 0 0
Note that "home?" should be "home2" or "home3" or whatever depending on disk space constraints on the backup server (biostat3.emp.vumc.io).
- If you are restoring a backup because of a machine replacement or reimaging then use rsync. When logged on the the user's account, a command like this will work:
cd /biostat/backup
rsync -av vunetid /home
Samba
- Set up Samba. Click smb.conf to save a generic version of the /etc/samba/smb.conf file. This is for authenticated user-level access.
- Create a Samba ID:
sudo smbpasswd -a vunetid
- Restart the Samba service:
sudo service smbd restart
Set up password-less SSH login to servers
See
http://askubuntu.com/questions/46930/how-can-i-set-up-password-less-ssh-login. Here is an example from that topic:
vunetid@biostatnnn:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/vunetid/.ssh/id_rsa):
Created directory '/home/vunetid/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/vunetid/.ssh/id_rsa.
Your public key has been saved in /home/vunetid/.ssh/id_rsa.pub.
The key fingerprint is:
b1:25:04:21:1a:38:73:38:3c:e9:e4:5b:81:e9:ac:0f vunetid@biostatnnn
The key's randomart image is:
+--[ RSA 2048]----+
|.o= . oo. |
|*B.+ . . |
|*=o . o . |
| = . = |
|. o S |
|E. |
| o |
| . |
| |
+-----------------+
Copy the public key to the server (e.g. biostat.app.vumc.org).
vunetid@biostatnnn:~$ ssh-copy-id vunetid@biostat.app.vumc.org
vunetid@biostat.app.vumc.org's password:
Now try logging into the machine, with "ssh 'vunetid@biostat.app.vumc.org'", and check in:
~/.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
Other
- Configure Thunderbird
- Configure Pidgin
- Configure Terminal Server Client (Remmina Remote Desktop Client)
Labels
Make a label containing the hostname and stick it some place visible.