Build a new Ubuntu machine

(For ubuntu desktop, not ubuntu server)

Generic tasks for all builds

*.*                     @cslog.cs.wpi.edu
NTP=ntp.cs.wpi.edu ntp2.cs.wpi.edu
# hosts.allow:
sshd : 130.215.     # WPI Campus Net
sshd : 10.217.      # WPI VPN
sshd : 127.0.       # Localhost (if needed)

# hosts.deny:
sshd : ALL          # Reject all other SSH attempts
apt-get update
apt-get purge cloud-init landscape-common
apt-get install mbuffer pigz pbzip2 tcsh libpam-passwdqc build-essential
apt-get dist-upgrade

You're pretty much done at this point. Do a last reboot and see if all is well.

If you're using Ubuntu Desktop, consider the following:

  sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
  xhost +SI:localuser:gdm
  sudo su gdm -s /bin/bash
  gsettings set org.gnome.login-screen disable-user-list true

Multi-user machine?

If you're going to use this machine as a multiuser server you might consider:

 sudo apt-get install build-essential openjdk-7-jdk openjdk-7-jre-headless \
    emacs23 vim alpine finger make texlive eclipse

If you'd like to use KERBEROS to store user passwords on the machine, see our wiki section on kerberos_usage.

Consider disabling printer discovery (detailed above).

SUDO or ADMIN group membership

Strangely, in Ubuntu a user needs to be an “administrator” in order to do certain mundane tasks like joining a wireless network. If you are building an ubuntu laptop for some other user, make sure to give that user an “administrative” account, or you may find yourself receiving an unhappy call from them when they cannot connect their machine to, say, their hotel's wireless network somewhere.

In fact, all PRIMARY users (i.e., owner of a laptop or main user of a desktop) should have this access. I presume that non-admins cannot do software updates, for instance.

Adding a person to this group can be done in two ways – using the “User Accounts” section of the system preferences window, or using an editor on /etc/group. In Ubuntu-12.04 and later, adding a person to the sudo group will make them an administrator. In earlier versions adding them to the “admin” group should work, but I would add them to admin, adm, and sudo, just to be safe from that late-night phone call.

KVM Server (i.e., a Virtual Machine server)?

If you're going ot use KVM then add bridge utils and *perhaps* link aggregation.

 sudo apt-get install qemu-kvm bridge-utils virt-manager virt-viewer virt-top nfs-common

(other packages may be needed but I can't remember them right now)

Setup the network bridge device; see virtual_machine_management for help getting things going.

Edit /etc/libvirt/qemu.conf, uncomment the “user=root” and “group=root” lines in that file.

Note well that many/most VM hosts are also NFS Clients (see this page, immediately below), getting disk images from a separate fileserver.

KVM Guest (i.e., a VM running inside a KVM Server)

Install as little extraneous stuff as possible on VM guests. VM guests may be exceedingly small–VMs have been made with 4G of disk space and 128M of RAM.

If you'd like to be able to remotely shutdown KVM guests with the virsh shutdown [vm-name] command, make sure the VM itself has the acpid package installed. Ubuntu Server does not install this package by default, so it should be installed on KVM Guest machines with the following command:

apt-get install acpid

Consider adding “noatime” to mount points in fstab to avoid unnecessary network traffic.

NFS Client?

If you plan on mounting directories from an NFS Server on your Ubuntu machine, you'll need to add the package “nfs-common” or you'll get an error when trying to mount the NFS server's disk.

 sudo apt-get install nfs-common

Personal machine?

If you'd like to play video DVDs, you'll need a package called “ubuntu-restricted-extras” and you will need the decoding package.

 sudo apt-get install ubuntu-restricted-extras
 sudo /usr/share/doc/libdvdread4/install-css.sh

If your personal machine is a LAPTOP or contains confidential information, you should consider encryption of its user data and installation of a "phone home" script.

Mike Machine?

Applications that Mike wants on his personal Ubuntu desktop/laptop:

apt-get install aptitude build-essential cdparanoia dconf-tools emacs enscript finger gimp \
gnome-shell heirloom-mailx jfsutils k3b lame makepasswd mbuffer mdadm mencoder mosh mplayer \
nmap ntp pigz pipebench rdiff-backup screen sox tagtool tcsh tmux traceroute transcode \
ubuntu-restricted-extras ufraw vm

When logging on set the default windowing environment to Gnome Classic (no effects). Use dconf-editor as described here to set the clock so that the day and month are displayed.

Perhaps also Chromium from google (as opposed to the one in the Ubuntu package collection).

Alter /etc/logrotate.conf so that wtmp is rotated after reachin 5m (or more) instead of rotating it monthly.