Differences

This shows you the differences between two versions of the page.

--- ubuntu_steps [2025/05/23 04:50] – kenson
+++ ubuntu_steps [2026/04/23 07:14] (current) – kenson
@@ Line 1: / Line 1: @@
-Start with "bare" ubuntu
+Start with "bare" ubuntu, I'm still on 22.04 LTS
+Notes:
-Install vim
 <code>
-apt -y install vim
+vi ~/.inputrc
+set enable-bracketed-paste off
 </code>
-Temporarily allow root access for setup
+Update system and install prereq
 <code>
-sudo sed -i -E '/^\s*#?\s*PermitRootLogin\s+.*/c\PermitRootLogin yes' /etc/ssh/sshd_config && grep -q '^\s*PermitRootLogin yes' /etc/ssh/sshd_config || echo 'PermitRootLogin yes' | sudo tee -a /etc/ssh/sshd_config
+apt update && sudo apt upgrade -y
-systemctl restart ssh
+apt -y install build-essential dkms linux-headers-$(uname -r) software-properties-common curl wget git
+apt -y install iputils-ping traceroute
+apt -y install vim
+apt -y install build-essential
+apt -y install net-tools
+apt -y install less
+apt -y install libssl-dev
+apt -y install libz-dev
+apt -y install python3-pip
+apt -y install python3-venv
+apt -y install cron
+apt -y install ipmitool
 </code>
-Change root password
+<code>
+apt install -y openvswitch-switch
+</code>
+Temporarily allow SSH root access for setup
+<code>
+sed -i -E '/^\s*#?\s*PermitRootLogin\s+.*/d' /etc/ssh/sshd_config && echo 'PermitRootLogin yes' | sudo tee -a /etc/ssh/sshd_config
+systemctl restart sshd
+</code>
+Add authorized_keys
+<code>
+grep -qxF 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiKJ/84kE14mqkZllnBFHfsXD10UmEuE6phOvdBC8k/CbybfPEEYUbPW87hykxK8iE0vx8abD58DEOHh0KHpVK3uFB+NqufA5BXixUChZfBoNtK7kJIaJvo4OWOrU09uQ4KYTDXDX61H76MnDSGwPluRw2qSSRPyDS3jMpPpg0iwS1VWmkdvCqn+cqCkZrMGLvK+AKrB8QsaDT33qpmSteaWUM7ZbScVhpWv7o7Zmek0j1jJ8wpSULZpAUW+er0CVS2reaCSTpbX6wYfXs0Vkknt' /root/.ssh/authorized_keys || echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiKJ/84kE14mqkZllnBFHfsXD10UmEuE6phOvdBC8k/CbybfPEEYUbPW87hykxK8iE0vx8abD58DEOHh0KHpVK3uFB+NqufA5BXixUChZfBoNtK7kJIaJvo4OWOrU09uQ4KYTDXDX61H76MnDSGwPluRw2qSSRPyDS3jMpPpg0iwS1VWmkdvCqn+cqCkZrMGLvK+AKrB8QsaDT33qpmSteaWUM7ZbScVhpWv7o7Zmek0j1jJ8wpSULZpAUW+er0CVS2reaCSTpbX6wYfXs0Vkknt' | tee -a /root/.ssh/authorized_keys
+</code>
+Set explicit root password
 <code>
-sudo passwd root
+passwd root
 </code>
-Fix bash history in .bashrc (also repeat this for root) Remember go to the local home directory first
+Infinite bash history in .bashrc
 <code>
+cd /root
 sed -i -E '/^\s*HISTSIZE=.*$/c\HISTSIZE=-1' .bashrc && sed -i -E '/^\s*HISTFILESIZE=.*$/c\HISTFILESIZE=-1\nPROMPT_COMMAND="history -a; history -n; $PROMPT_COMMAND"' .bashrc
 source .bashrc
 </code>
+If you didn't config the machine as static but you want to
+<code>
+# detect current interface, IP/CIDR and gateway
+iface=$(ip route show default | awk '/default/ {for(i=1;i<=NF;i++) if($i=="dev"){print $(i+1); exit}}')
+cidr=$(ip -o -4 addr show dev "$iface" | awk '{print $4}')
+gw=$(ip route show default | awk '/default/ {print $3}')
+# disable cloud-init network config
+sudo mkdir -p /etc/cloud/cloud.cfg.d \
+  && echo 'network: {config: disabled}' \
+      | sudo tee /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg >/dev/null
+# write your custom netplan
+sudo tee /etc/netplan/01-netcfg.yaml >/dev/null <<EOF
+network:
+  version: 2
+  renderer: networkd
+  ethernets:
+    $iface:
+      dhcp4: false
+      addresses:
+        - $cidr
+      routes:
+        - to: 0.0.0.0/0
+          via: $gw
+      nameservers:
+        addresses:
+          - 8.8.8.8
+          - 8.8.4.4
+EOF
+# disable the auto-generated cloud-init netplan
+sudo tee /etc/netplan/50-cloud-init.yaml >/dev/null <<EOF
+# disabled by custom config (/etc/netplan/01-netcfg.yaml)
+EOF
+echo "✔️  Netplan written for $iface ($cidr) via $gw"
+</code>
+Fix DNS, e.g. 86 systemd-resolvd
 <code>
-vi /etc/ssh/sshd_config
+sudo systemctl disable --now systemd-resolved
-systemctl restart ssh
+sudo rm /etc/resolv.conf
+echo -e "nameserver 8.8.8.8\nnameserver 8.8.4.4" | sudo tee /etc/resolv.conf >/dev/null
 </code>
+If by chance auditd is running, disable it (auditd is off on a bare installation)
 <code>
 vi  /etc/audit/auditd.conf
@@ Line 36: / Line 107: @@
 </code>
-Verify UFW is inactive
+Verify UFW is inactive if installed, should return "Status: inactive"
 <code>
 ufw status
-Status: inactive
+</code>
+Fix nvme bug and turn off audit and app armor
+<code>
+sudo sed -i '/^\s*GRUB_CMDLINE_LINUX_DEFAULT=/d' /etc/default/grub && echo 'GRUB_CMDLINE_LINUX_DEFAULT="audit=0 pcie_aspm=off pcie_port_pm=off nvme_core.default_ps_max_latency_us=0 apparmor=0 security=apparmor"' | sudo tee -a /etc/default/grub && sudo update-grub
+update-grub
 </code>
 <code>
-cd /etc/netplan/
-vi 01-network-manager-all.yaml
-netplan try
-vi /etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg
-mv 01-network-manager-all.yaml 01-netcfg.yaml
-netplan try
-vi 01-netcfg.yaml
-netplan try
 </code>
-  cd /etc/
+<code>
-  less issue
+Install ipmitool
-  less issue.net
+@reboot /usr/bin/python3 /root/hostinfoLCDbyid.py
+</code>
-  cd update-motd.d/
+AI
-  less 50-motd-news
-  chmod a-x *
-  vi 50-landscape-sysinfo
+Cuda 12.x uses ≥525
+<code>
+add-apt-repository ppa:graphics-drivers/ppa -y
+apt update
+</code>
+Check for latest recommended NVIDIA driver
+<code>
+ubuntu-drivers devices
+</code>
+Replace 575-open with the recommended, for certain 40 series and all 50 series use the open
+<code>
+apt install nvidia-driver-575-open -y
+</code>
-  apt get apache
+<code>
-  apt install apache2
+reboot
-  systemctl start apache2
+</code>
-  cd /var/www/html/
-  vi index.html
-  apt install mariadb-server
+Verify Installation
-  systemctl start mariadb.service
+<code>
-  mysql_secure_installation
+nvidia-smi
-  mysql -uroot -p
+</code>
-  apt install libapache2-mod-php php-mysql
+Add CUDA repo
-  cd /etc/apache2/mods-enabled/
+<code>
-  vi dir.conf
+# Ensure NVIDIA CUDA repo is added:
-  systemctl restart apache2
+sudo apt install software-properties-common
-  systemctl status apache2
+distribution="ubuntu2204"
-  apt search php- | less
+wget https://developer.download.nvidia.com/compute/cuda/repos/$distribution/x86_64/cuda-keyring_1.1-1_all.deb
-  ls
+sudo dpkg -i cuda-keyring_1.1-1_all.deb
-  cd
+sudo apt update
-  cd /var/www/html/
-  ls -al
+# List the latest CUDA toolkit packages available:
-  vi cam.html
+apt-cache madison cuda-toolkit
-  vi save_photo.php
+</code>
-  mkdir uploads
-  ps -ef
+Returns
-  chown www-data uploads/
+<code>
-  ls -al
+cuda-toolkit |   12.9.0-1 | https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64  Packages
-  ls
+cuda-toolkit |   12.8.1-1 | https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64  Packages
-  cd /var/www/
+cuda-toolkit |   12.8.0-1 | https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64  Packages
-  ls
+cuda-toolkit |   12.6.3-1 | https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64  Packages
-  cd html/
+cuda-toolkit |   12.6.2-1 | https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64  Packages
-  ls
+cuda-toolkit |   12.6.1-1 | https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64  Packages
-  vi cam.html
+</code>
-  ls
-  \rm cam.html
+Install the latest toolkit
-  vi p.php
+<code>
-  vi c2.html
+sudo apt install cuda-toolkit-12-9 -y
-  ls a-l
+</code>
-  ls
-  ls -al uploads/
+Set CUDA environment variables
-  pwd
+<code>
-  service apache2 restart
+echo 'export PATH=/usr/local/cuda/bin${PATH:+:${PATH}}' >> ~/.bashrc
-  ls
+echo 'export LD_LIBRARY_PATH=/usr/local/cuda/lib64${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}' >> ~/.bashrc
-  vi p.php
+source ~/.bashrc
-  ls
+</code>
-  vi index.html
-  cd
+Verify CUDA
-  ls
+<code>
-  penssl genrsa -aes128 -out private.key 2048
+nvcc --version
-  openssl genrsa -aes128 -out private.key 2048
+</code>
-  openssl req  -nodes -new -x509  -keyout server.key -out server.cert
-  ls
-  mkdir keys
+<code>
-  mv server.* keys
+apt install nfs-common
-  cd keys/
-  ls
+apt install nfs-kernel-server
-  openssl req -new -days 999 -key private.key -out request.csr
+</code>
-  ls
-  openssl req -new -days 999 -key server.key -out server.csr
-  openssl x509 -in server.csr -out certificate.crt -req -signkey server.key -days 999
-  ls -l
-  cd /etc/apache2/
-  ls
-  cd conf-available/
+<code>
-  ls
+apt install apache2
-  vi ssl-params.conf
+systemctl start apache2
-  cd ../sites-available/
-  ls
+apt install mariadb-server
-  ls
+systemctl start mariadb.service
-  mv certificate.crt server.crt
+mysql_secure_installation
-  ls
+mysql -uroot -p
-  openssl x509 -inform DER -outform PEM -in server.crt -out server.crt.pem
-  ls
+apt install libapache2-mod-php php-mysql
-  openssl rsa -in server.key -text > private.pem
+cd /etc/apache2/mods-enabled/
-  openssl x509 -inform PEM -in server.crt > public.pem
+vi dir.conf
-  ls
+systemctl restart apache2
-  mkdir /etc/ssl/hot
+systemctl status apache2
-  mv server.* /etc/ssl/hot/
+openssl genrsa -aes128 -out private.key 2048
-  ls
+openssl req  -nodes -new -x509  -keyout server.key -out server.cert
-  mv * /etc/ssl/hot/
+openssl req -new -days 999 -key private.key -out request.csr
-  ls -l /etc/ssl/hot/
+openssl req -new -days 999 -key server.key -out server.csr
-  pwd
+openssl x509 -in server.csr -out certificate.crt -req -signkey server.key -days 999
-  vi /var/www/html/p.php
+cd /etc/apache2/conf-available/
-  ls
+vi ssl-params.conf
-  ls -al
+cd ../sites-available/
-  cd
+openssl x509 -inform DER -outform PEM -in server.crt -out server.crt.pem
-  cd /var/www/html/
+openssl rsa -in server.key -text > private.pem
-  ls
+openssl x509 -inform PEM -in server.crt > public.pem
-  service apache2 restart
+vi default-ssl.conf
-  ls
+a2enmod ssl
-  ls -l
+a2enconf ssl-params
-  vi default-ssl.conf
+a2ensite default-ssl
-  a2enmod ssl
+vi /etc/apache2/conf-enabled/ssl-params.conf
-  a2enconf ssl-params
+apache2ctl configtest
-  a2ensite default-ssl
+systemctl restart apache2
-  apache2ctl configtest
+vi /etc/php/7.4/apache2/php.ini
-  vi /etc/apache2/conf-enabled/ssl-params.conf
+apt install nmap
-  apache2ctl configtest
+</code>
-  vi /etc/apache2/conf-enabled/ssl-params.conf
-  apache2ctl configtest
+===== WiFi + “jerky typing” fix for low power wifi cards!!!! =====
-  systemctl restart apache2
-  ls
+Run <code>ip addr</code> to find the wlan card, mine is wlp2s0.
-  cd /var/www/
-  ls
+Test if this is the problem first.
-  cd html/
+<code>
-  ls
+iw dev wlan0 get power_save
-  ls
+</code>
-  vi c2.html
+if its on, it will report:
-  vi /var/log/apache2/error.log
+<code>
-  find / > /tmp/fl.txt
+Power save: on
-  vi /etc/php/7.4/apache2/php.ini
+</code>
-  ls
+Turn off power save via:
-  ls /tmp/
+<code>
-  ls -al
+sudo iw dev wlan0 set power_save off
-  ls uploads/
+</code>
-  cd /var/log/
+If that works, make it permanent via (also note this isn't the "right" way, just the fastest way)
-  ls
+<code>
-  vi /etc/php/7.4/apache2/php.ini
+vi /etc/systemd/system/wifi-powersave-off.service
-  echo -ne '\e]4;4;#0000FF\a'
+</code>
-  ls
+Add the following snippet
-  echo -ne '\e]4;4;#8888FF\a'
+<code>
-  ls
+[Unit]
-  vi /etc/php/7.4/apache2/php.ini
+Description=Disable WiFi Power Save
-  echo -e "\e]P46495ED"
+After=network.target
-  ls
-  vi /etc/php/7.4/apache2/php.ini
+[Service]
-  ls -al
+Type=oneshot
-  vi /etc/bash.bashrc
+ExecStart=/usr/sbin/iw dev wlp2s0 set power_save off
-  ls -al
-  grep php.log /tmp/fl.txt
+[Install]
-  vi /etc/php/7.4/apache2/php.ini
+WantedBy=multi-user.target
-  ls a-l
+</code>
-  ls -al
+Make it permanent
-  touch php.loh
+<code>
-  touch php.log
+sudo systemctl daemon-reexec
-  ls -al
+sudo systemctl enable wifi-powersave-off
-  rm php.loh
+sudo systemctl start wifi-powersave-off
-  chmod a+x php.log
+</code>
-  ls -al
-  chmod a+w php.log
-  chmod a-x php.log
-  ls -al
-  service apache2 restart
-  ls -al
-  cd /var/www/html/
-  apt  install nmap