Monday, June 18, 2007

My Ubuntu Setup

Edit 7/23/07: Replaed the netkit-inetd with openbsd-inetd and fixed svn so it works now.

One of my big pastimes is to play around with Linux. This means I try out a lot of stuff, which often ends up breaking my install. This means I need to whip out the (FREE) install disc and wipe the hard drive and start all over again.
After doing this for the umty-odd time, I finally broke down and made a checklist of everything I do right after a fresh install. Granted this is all for my personal use, so whatever you don't want, skip over.
The one thing you'll need to do is know the basics of vim, which is a classic terminal text editor. Vim is very different than other text editors (The best known being notepad) in that it has different modes for entering text and editing the text. In insert mode you type normally like you would in notepad, and in command mode you would do things like you would with key chords in notepad (ie ctrl-c in notepad is y in vim)
To open a file, just type in a terminal vim /path/to/file. When you first open a file you will be in command mode. To switch to insert mode, press i. To save and quit press esc and then type :wq and press enter. That's all you really should need for the basic editing you're doing here.

Turn off IPv6:
IPv6 is the new system for computers to talk over the internet, unfortunately it really hasn't been implemented yet so it does you no good to have it turned on.
  • In /etc/modprobe.d/aliases change alias net-pf-10 ipv6 to alias net-pf-10 off #ipv6
  • Visit about:config in Firefox, type network.dns.disableIPv6 in the filter bar at the top and turn it to true. This make browsing the web usable again.
Turn on Boot Concurrency:
When your computer is first booting, it needs to run a lot of software right away. Normally what it does is load the first program, run it, load the second, run it, etc. But this isn't as good as loading programs as fast as possible and running them once they're loaded.
  • In /etc/init.d/rc change CONCURRENCY=none to CONCURRENCY=shell
Decrease Swappiness:
Swappiness determines how soon before Linux starts moving stuff from memory to the hard drive to make room for more stuff. Having this fairly high for a small amount of RAM makes sense because when you go to open a new program, you don't want to wait for Linux to swap out a bunch of files in RAM, you want it to have already swapped out a bunch of stuff you weren't using. The downside is that if you have a lot of RAM, (512MB+) it will swap stuff out sooner than it really needs to, and if that stuff it swapped out you really did need, it has to stop and swap it back in. Waste of time. I believe the default value for this is 60. Finding the best value is a bit of trial and error if you want to get it really good. I just use 10.
  • In /etc/sysctl.conf add vm.swappiness = 5
Installing Software:
Now for the first pass of installing software. First use the Symantec GUI to enable Universe and Multiverse. These are just third party software packages that Ubuntu can't guarantee are high quality. Run the following code:
sudo apt-get update
sudo apt-get install preload ssh firestarter mailx subversion openbsd-inetd mpg123
When it installs mailx it will ask what configuration you want, choose local only.
What it does:
  • apt-get update: updates the local database of what software is available to download and install. Ubuntu will usually auto-run this when you boot and check for patches for you. You only need to run this now because you just added two new databases.
  • apt-get install: This downloads and installs all the software packages listed after it.
  • preload: This program runs in the background and watches which programs and libraries you use. When the computer is idle it will take these logs and calculate which programs you're most likely to use next and caches them in memory to help them run faster once you do run them.
  • ssh: This is both the client and server for ssh, which is a remote terminal program that I use so I can work on my Linux box from my Vista laptop anywhere.
  • firestarter: Firestarter is a firewall mostly controlled from a GUI. Start it from System> Administration and make sure to open port 3690 TCP for whoever you want access to your svn server.
  • mailx: mailx is a mail system which is useful because some programs run automatically and will send you email through this to alert you if anything goes wrong.
  • subversion: SubVersion is a revision control system I use for all my programming projects. It's nice because it allows me to program on one computer, commit, switch to another computer, press update and be able to start from where I left off on the other computer.
  • netkit-inetd openbsd-inetd: inetd is the master internet daemon, which you configure to listen on whichever ports you want it to and it will respond to connections on that port by starting the server for it. I only use this with the subversion server. Edit: the openBSD inetd was ported to Linux and is better maintained than the netkit one.
  • mpg123: This is a very lightweight text-based mp3 player. The developers of it take great pride in being able to run it on a 100MHz desktop. Another plus about it is that I run it in a virtual terminal (Ctrl-Alt-F(1-6)) so if I need to restart the X Server (Ctrl-Alt-Backspace) my music keeps playing and I don't miss a beat. (FYI, to switch back to the GUI, press Ctrl-Alt-F7)
Upgrade Vim:
Vim is an extension of another text editor, vi, and normally will try and act like vi, which is great if you're used to vi, but vi was before my time so I've never used anything other than vim, thus I want all the added functionality:
touch ~/.vimrc

Install Hamachi:
Hamachi is a VPN program I use to virtually connect all of my computers plus some of my friends so we can always access the computer no matter where we are. I use it the most to access my SVN server and to log into my Linux box's SSH server.
wget http://files.hamachi.cc/linux/hamachi-0.9.9.9-6.tar.gz
tar -zxvf hamachi-0.9.9.9-6.tar.gz
sudo su
mkdir /usr/src/hamachi
mv hamachi-0.9.9.9-6 /usr/src/hamachi
cd /usr/src/hamachi/hamachi-0.9.9.9-6
make install
tunecfg
hamachi-init -c /etc/hamachi
At this point Hamachi will be installed and you can setup/join your network using these commands:
hamachi -c /etc/hamachi set-nick nickname
hamachi -c /etc/hamachi login
hamachi -c /etc/hamachi create network password
hamachi -c /etc/hamachi join network password
hamachi -c /etc/hamachi go-online network
hamachi -c /etc/hamachi list
hamachi -c /etc/hamachi go-offline my-net
And lastly you need to create a script so Hamachi will start every time you turn your computer on, which is nice, right?
vim /etc/init.d/hamachi-control
And paste the following script into it:

#!/bin/sh


hamachi_start() {
echo "Starting hamachi..."
/sbin/tuncfg
/usr/bin/hamachi -c /etc/hamachi start
}


hamachi_stop() {
echo "Stopping hamachi..."
killall tuncfg
/usr/bin/hamachi -c /etc/hamachi stop
}


hamachi_restart() {
hamachi_stop
sleep 1
hamachi_start
}


case "$1" in
'start')
hamachi_start
;;
'stop')
hamachi_stop
;;
'restart')
hamachi_restart
;;
*)
hamachi_start
esac
Edit 11/20/08: Apparently this script has problems starting Hamachi after a power failure.  I no longer use Hamachi on my network, so I can't confirm or deny any solution left in the comments.

Next, make it executable:
chmod a+x /etc/init.d/hamachi-control
And finally add it to the list of scrips to be run on startup and shutdown:
update-rc.d /etc/init.d/hamachi-control defaults
We're done being root for now, exit back to your normal user:
exit
Thanks to this post for most of this, BTW.

Setup Hamachi with Firestarter:
Now that we've installed Hamachi, we need to allow people to access this computer through it. First step is to configure our firewall to recognize it, then to allow access to the ports needed, which in my case is 22 for SSH and 3690 for SVN.
  • In /etc/firestarter/user-pre add:
    • $IPT -A INPUT -i ham0 -j ACCEPT
    • $IPT -A OUTPUT -o ham0 -j ACCEPT
      • Note: I use ham0, type ifconfig to double check that on your system.
  • Since Hamachi is my private network, I'm not very worried about it and allow all traffic on all ports. Add this rule to System > Administration > Firestarter > Policy > Allow connections from host in the GUI:
    • 5.0.0.0/255.0.0.0
  • In the bottom box add rules to allow anyone access to ports 22 and 3690 so I can log into this box from any computer over SSH and so anyone can checkout my svn repositories.

Profile the Boot Files in GRUB:
GRUB is the bootloader that first loads everything Linux needs to boot when you first press the power button. Now that we have most of the software setup, we can have GRUB make a list of where all these files are so it can load them faster on boot:
  • On the GRUB splash screen right after the BIOS, press ESC to get to the GRUB menu.
  • Use the arrows to select the Ubuntu kernel and press e to edit the options
  • Move down the the second line and press e again
  • move to the end of this line and add a space and profile
  • press enter, then b to boot the kernel with this extra option
FYI: This option is temporary and will only run this one time. Expect it to boot noticeably slower this time, but after this first time it will boot somewhat faster.

Setting up the SVN Server:
You really have two options here, either run the basic svn server which has no bells or whistles, but just runs and is easy to setup, or run it as an Apache module, which I have never gotten to work before... So I went the first route since it's one of only two services I'm running on this computer, no need for all of Apache.
  • Create a new user to be in charge of the svn repositories. I called my user svn. I gave it a totally random password because I'm never going to be logging in as this user.
  • Switch to this user using su:
    • sudo su - svn
  • In their home directory create a folder called repos to store all the repositories:
    • mkdir repos
  • Create a new repository in repos:
    • cd repos
    • svnadmin create NewRepo
  • Enable the password file
    • cd ~/repos/NewRepo/conf/
    • vim svnserve.conf
      • Uncommect (delete the #) before password-db = passwd
    • vim passwd
      • Add users to the repo in the form username = password
  • Add svn to inetd, so it will start when someone makes a request on port 3690
    • vim /etc/inetd.conf
    • Add this line to the end
      • svn stream tcp nowait svn /usr/bin/svnserve svnserve -i -r /home/svn/repos
    • What this does:
      • svn: defines the service, which is stored in a table in /etc/services, svn uses port 3690
      • stream tcp nowait: this service uses a tcp connection, compared to the simpler udp
      • svn: run this service as the svn user, which protects the rest of your computer
      • /usr/bin/svnserve: this is the program to run to service the client making a connection
      • svnserve -i -r /home/svn/repos: start svnserve, telling it that it's being called by the inetd (-i) and restrict it to the repos folder so it can not access the rest of your computer. (-r /home/svn/repos)
    • restart the inetd so this takes effect
      • /etc/init.d/openbsd-inetd restart
  • We're done, exit out back to your normal account
    • exit
Configure ddclient:
ddclient is a third-party script used to update your IP address for a dyndns account. I use this mainly so I can find my computer anywhere on the internet with the URL myscreenname.dyndns.org. Of everything, this is probably by far the most challenging to set up. First download ddclient from the internet and extract it:
wget http://downloads.sourceforge.net/ddclient/ddclient-3.7.2.tar.bz2
tar -xvvjf ddclient-3.7.2.tar.bz2
cd ddclient-3.7.2
sudo su
cp ddclient /usr/sbin/
mkdir /etc/ddclient
cp sample-etc_ddclient.conf /etc/ddclient/ddclient.conf
vim /etc/ddclient/ddclient.conf
And change your hostname, logins, and passwords. Also set your username for mail and turn off SSL, it doesn't work by default. Next add the script so this runs automatically.
cp sample-etc_rc.d_init.d_ddclient /etc/init.d/ddclient
update-rc.d /etc/init.d/ddclient defaults
At this point ddclient should be working, unfortunately it will constantly send you "CAUGHT SIGTERM" emails every time you turn off your computer. I really don't care about what happens to this script when I turn off my computer, so I commented out that line in the script.
vim /usr/sbin/ddclient
And find the line with sigterm and add a # at the beginning of it. Its line number should be somewhere in the 600s.


That pretty much does it. Once I have it setup I obviously add other software like the java compiler and some games, but all of the back-end software is here.

2 comments:

  1. Thank you man, the article was very usefull in my job, and save me the potatoes many times.

    I suggest an add to file /etc/init.d/hamachi-control

    In hamachi_stop() section, add a line:

    rm /etc/hamachi/.lock

    When the server goes down (example: if power supply fails) the .lock still live in next reboot, and hamachi doesn't start

    ReplyDelete
  2. only problem there is that if the power dies that script doesn't run so you .lock file still exists

    ReplyDelete