Instalación limpia en oracle

# Instalación limpia en oracle ## Ubuntu 22.04 con GPU A10 ``` sudo apt update sudo apt upgrade -y sudo apt install -y rsync tmux screen vim tmate iperf3 python3-pip htop glances git tig ethtool net-tools iftop iotop wget curl nmap sshfs ssh mc stress stress-ng ntp neovim tshark tree ipmitool lshw timedatectl set-timezone Europe/Madrid ``` Desactivamos apparmor en el kernel para evitar problemas añadiendo estas dos lineas en /etc/default/grub y eliminamos el paquete apparmor: ``` systemctl disable apparmor --now sudo apt remove --assume-yes apparmor echo 'CONFIG_DEFAULT_SECURITY="apparmor=0" CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE='"'"'security="disable"'"'"'' >> /etc/default/grub systemctl disable ufw --now sudo ufw disable apt install -y network-manager mv /usr/lib/NetworkManager/conf.d/10-globally-managed-devices.conf /usr/lib/NetworkManager/conf.d/10-globally-managed-devices.conf_orig touch /usr/lib/NetworkManager/conf.d/10-globally-managed-devices.conf echo "[keyfile]" > /usr/lib/NetworkManager/conf.d/10-globally-managed-devices.conf echo "unmanaged-devices=*,except:type:wifi,except:type:ethernet,except:type:wireguard" >> /usr/lib/NetworkManager/conf.d/10-globally-managed-devices.conf mv /usr/lib/NetworkManager/conf.d/10-dns-resolved.conf /usr/lib/NetworkManager/conf.d/10-dns-resolved.conf:orig echo "[main]" > /usr/lib/NetworkManager/conf.d/10-dns-resolved.conf echo "dns=default" >> /usr/lib/NetworkManager/conf.d/10-dns-resolved.conf systemctl restart NetworkManager sudo apt install wireguard -y apt install firewalld -y firewall-cmd --zone=public --add-port=443/udp --permanent firewall-cmd --zone=public --add-port=443/tcp --permanent firewall-cmd --zone=public --add-port=9999/tcp --permanent firewall-cmd --zone=public --add-port=80/tcp --permanent firewall-cmd --reload apt install -y fail2ban ``` Modificamos la línea de sudoers para que no nos pida el password al hacer sudo: ``` sudo sed -i 's/^%sudo\s.*/%sudo ALL=(ALL:ALL) NOPASSWD:ALL/' /etc/sudoers ``` Añadimos el usuario isard al sudoers ``` adduser isard usermod -aG sudo isard ``` Generamos las claves ssh dentro del usuario que queremos usar e introducimos los authorized_keys ``` sudo -u isard ssh-keygen echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH3KJYETySlFQDJusenT1/ODFhQVxescQ6IL5b9qYirM root # Néfix ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC2YUnbtxU1ok6HtSYWMhObMuWsjUu6K4KLFMr/r82VjCxMh5xrB9ugkqFoy0ptqZ02cYB52JZh2wnOAtm+rEJN6fMjirXYV8aaIPYSP8KCUlAfdIJkPUiMkX+HrtDsAyhObBHAJTvQg6Jch9FKfEHlKygoTLhEWdtKWll1zHsOxrw8CYGIo0Zu836eMHt0mOxV+crSEra8KykcDd262BGSZz2zOZEDkU8ISLTLTJchOqc6It1hNTjHLrHZT0lLhwDJVUcfPyrXT2zQhpjThi98EqeA9iGSzRBXFLaU26PGeBbCBu5NZfOe75ss9cGeGPOWA+JmSLrcb+ZUa3IP70i6lEastrQtEeDE8n1iWjwzbPPeNJG1+CjnWHK4Mz1bcQ/zIU8lG9doZzcW4TsJGwdE1LQpdFIqKitDNXetd4GDOaahVzAqA4tiTKupMmBMSglq00XWisvmCxx1PRcpyb0L5GTnHjPQx1UnJI53jkTZOhyUuXMk985QMaGX5S0LTLk= sim6@lunarstone.sim6.bona.gent # Simó ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDTJs2/DklAK1DCorf6dH4T32HDABoL+GoVuokW8OVAlTvFis0Y4RyO21v7Eknhp3tAwfP7eXJJg94ufBdpRg4wOTptT6IT2tVe5r/avxN6TW69wV1jfkgKNCXu+83jH9r/oSshaZXb/m4juchTdNnF9AKzGj9svSzOlcs6jmQZ+XFiZxIiq6pjhqkn72GEMnMid8iUpP6Lco3qxHmBmKPC2I1AeIJguWOJ9VIjV4LkbgLFyHFWyxVZ9HVPfwPBLTdcZTLC/CUgpqmHwiU85WfmJGf/6cjEasfus1dE/o6VlMxljGnMCsGq6qTAg3IMvY37UwNDVr6TXQ3KqXEAjrumO83pubLULudFD0M5Zn14snXIAu+TPhvp5U8dwsKxUKPQHJ8sRB7gXvrv6BFD10iB/7y/M5+cM2+wNFyxI1REvNz0xOk5nDBnbMv76BOMNVw63N11x7kz4mbZmP//DF1KOZVSJefrbJiAKiqM302C+SU1+Ecq14l8nNAnZOOTuik= darta@laptop # Josep Maria ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4LDFN0XnQgmuzaRLzYUbpqCMA7DgReOKzQ5GVgnsn0v7RBJiuRX7CZWjzW5JGJGx5J2n0SH56wyI+HpP1oznsC8ZsYMjQ2POSYPeMh9feIqltBS3xgML80cnwQoHyY2nR1UgPE4PeqONxE8xPCWL4nm5Bo4AV5sgbbPywpGNtHVSyZqIv6lTW0zFvj+KgR8FO90WaKAYo4S39w5HzIY7rc2bNIAKKOKgZpROwehX8KqoD0annD5NhTwHwgsrN7IiU6ZfVlIOThejZK02rR7pxqxYTdYgVKRLwClsEj+dRvfTIhJmM0VS46Q6FclDNjk459rEwvhnS5XvexLTtJBKL /home/beto/.ssh/id_rsa # Alberto ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDLoRYjUSz7ab9V7x9qAsWzqmjQwEggauZBX6+mQrVbbmK1d1THsQhqjhl1X8vSedIxU0QxMwCiQ36pS/lJ0QmBcqE0S+g1DLsIu6NSTui3zs1Sd6DrpjDtL9skwBNrPCXI6s7HMkR8/95cpsRc/sbZTRlAheCyg8AsjU2HU2/XJbz2mCM6nm4YVQ0KMIP2/RuqA3QCJYIlI7GmuowjAsS7jgN+ZqLHlVCbnFA7pSqWrDiFX42ZilekAIZmdjRycggqWgK7gRSHs+h1B8cL6DOvdfWKtVEkr/VsZbTNPQceVfEIJ4J58UTDhrYbsKO3xp6R0rCQeaDFAJFXB5u919/RDeOowJ+G+eOVxcenqdweoeEiSp7SUMOgTQ3JK+8Oo9tEyxOhbzc6Wj/0grvLuppxFm0HClUS8ORH6a84JZMd3wnTEyfkyYALZWda+9tXPXSUiFrLxvQjWaO79MVpTCmfIPYAJLPx9r7sedXjOKFGRSAPSwFK0fnsMzggosPCzCc= jhony@IsardVDI # Jhony" >> /home/isard/.ssh/authorized_keys chown isard:isard /home/isard/.ssh/authorized_keys chmod 600 /home/isard/.ssh/authorized_keys ``` Instalar docker-ce ``` sudo apt-get update sudo apt-get install ca-certificates curl gnupg sudo install -m 0755 -d /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg sudo chmod a+r /etc/apt/keyrings/docker.gpg echo \ "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \ sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt-get update sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin ``` Install docker-compose ``` mkdir -p ~/.docker/cli-plugins curl -sSL https://github.com/docker/compose/releases/download/v2.0.1/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose chmod +x ~/.docker/cli-plugins/docker-compose docker compose version ``` Disable docker service ``` systemctl disable docker.service --now ``` Install Isard: ``` mkdir -p /opt/isard/src git clone https://gitlab.com/isard/isardvdi /opt/isard/src cd /opt/isard/src cp isarvdi.cfg.example isardvdi.cfg ``` Activate NVIDIA SCAN: ``` sudo sed -i 's/^#GPU_NVIDIA_SCAN=false/GPU_NVIDIA_SCAN=true/' /opt/isard/src/isardvdi.cfg sudo sed -i 's/^#GPU_NVIDIA_RESCAN=false/GPU_NVIDIA_RESCAN=true/' /opt/isard/src/isardvdi.cfg ``` ``` apt install jq ``` ## Antes de los drivers ***OPCIONAL*** Activar iommu en el grub, en el fichero de grub /etc/default/grub añadir: ``` GRUB_CMDLINE_LINUX_DEFAULT="intel_iommu=on" ``` en el caso de amd sería: ``` GRUB_CMDLINE_LINUX_DEFAULT="amd_iommu=on" ``` y hacemos un update grub: ``` update-grub ``` ***EXTRA*** Si la tarjeta no es una A40, tendremos conflictos con el nouveau y no se mapearán correctamente los mdevs luego, entonces hay que seguir los siguientes pasos: - Primero comprobar si está el nouveau: ``` lsmod |grep -i nouveau ``` - Si lo está hay que seguir los pasos: ``` echo "blacklist nouveau" > /etc/modprobe.d/nvidia-installer-disable-nouveau.conf echo "options nouveau modeset=0" >> /etc/modprobe.d/nvidia-installer-disable-nouveau.conf update-initramfs -u grub-install --efi-directory=/boot/efi ``` - Reiniciamos y comprobamos que ya no está: ``` reboot lsmod |grep -i nouveau cat /etc/modprobe.d/blacklist-nvidia-nouveau.conf ``` ## Drivers Descargar los driver de https://ui.licensing.nvidia.com/software en este caso 15.0: ``` unzip -l NVIDIA-GRID-Ubuntu-KVM-525.60.12-525.60.13-527.41.zip unzip -j NVIDIA-GRID-Ubuntu-KVM-525.60.12-525.60.13-527.41.zip Host_Drivers/nvidia-vgpu-ubuntu-525_525.60.12_amd64.deb scp nvidia-vgpu-ubuntu-525_525.60.12_amd64.deb ubuntu@130.61.73.51:/home/ubuntu # Dentro del servidor apt install ./nvidia-vgpu-ubuntu-525_525.60.12_amd64.deb ``` ``` cat <<EOF > /root/gpus.sh #!/bin/bash echo "Starting sriov-manage..." attempt=1 while true do /usr/lib/nvidia/sriov-manage -e ALL if [ $? -eq 0 ] then echo "Enabled mdevs" break else echo "Error enabling mdevs" attempt=$(( $attempt + 1 )) sleep 5 fi done systemctl enable docker.service systemctl start docker.service cd /opt/isard/src docker compose up -d EOF ``` ``` chmod +x gpus.sh ``` ``` cat <<EOF > /root/sriov-manage.service [Unit] Description=Activate gpu After=network.target nvidia-vgpud.service nvidia-vgpu-mgr.service [Service] Type=oneshot ExecStart=/root/gpus.sh ExecStop=bash -c "cd /opt/isard/src; docker-compose down" RemainAfterExit=yes [Install] WantedBy=multi-user.target EOF ``` ``` ln -s /root/sriov-manage.service /etc/systemd/system/sriov-manage.service systemctl daemon-reload systemctl enable sriov-manage systemctl start sriov-manage ``` ``` reboot ```