Skip to content

Instantly share code, notes, and snippets.

@RobbieClarken

RobbieClarken/SettingUpFedora.md

Last active September 16, 2017 14:36
Show Gist options
  • Save RobbieClarken/47a2aa203cbaa155b4a3 to your computer and use it in GitHub Desktop.
Save RobbieClarken/47a2aa203cbaa155b4a3 to your computer and use it in GitHub Desktop.
Download ZIP
Set up a new Fedora installation
Raw
SettingUpFedora.md

Server

Install Fedora with Minimal Install option.

MY_HOSTNAME='???'
MY_WIFI='???'
MY_WIFI_PASSWORD='???'
sudo hostnamectl set-hostname --static "$MY_HOSTNAME"
sudo dnf update
sudo dnf -y install NetworkManager-wifi
sudo systemctl restart NetworkManager
sudo nmcli dev wifi list
sudo nmcli dev wifi connect "$MY_WIFI" password "$MY_WIFI_PASSWORD"
sudo dnf -y install ntp tmux vim
sudo systemctl start ntpd
sudo systemctl enable ntpd

Docker

MY_USERNAME='???'
sudo tee /etc/yum.repos.d/docker.repo <<-'EOF'
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/fedora/$releasever/
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
EOF
sudo dnf update
sudo dnf -y install docker-engine
sudo systemctl start docker
sudo systemctl enable docker
sudo usermod -aG docker "$MY_USERNAME"

Local Registry

Follow instructions.

sudo mkdir -p /srv/docker-registry/{data,auth}
sudo chown -R :docker /srv/docker-registry
sudo chmod -R g+wx /srv/docker-registry
docker run --entrypoint htpasswd registry:2 -Bbn USERNAME PASSWORD > /srv/docker-registry/auth/htpasswd

Enabling TLS with Let's Encrypt

Configure router to forward ports 80 and 443.

DOMAIN='???'
EMAIL='???'
sudo systemctl stop firewalld
sudo systemctl restart docker
sudo docker run -it --rm -p 443:443 -p 80:80 --name letsencrypt \
            -v "/etc/letsencrypt:/etc/letsencrypt" \
            -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
            quay.io/letsencrypt/letsencrypt:latest \
            certonly --standalone --email "$EMAIL" -d "$DOMAIN"
sudo chown -R root:docker /etc/letsencrypt/
sudo find /etc/letsencrypt -type d -exec chmod g+rx {} \+
docker run -d -p 5000:5000 --restart=always --name registry \
           -v /srv/docker-registry/data:/var/lib/registry \
           -v /srv/docker-registry/auth:/auth \
           -e REGISTRY_AUTH=htpasswd \
           -e REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm" \
           -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
           -v "/etc/letsencrypt/archive/$DOMAIN":/certs \
           -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/fullchain1.pem \
           -e REGISTRY_HTTP_TLS_KEY=/certs/privkey1.pem \
           registry:2

Salt

MASTER='???'
sudo dnf -y --enablerepo=updates-testing install salt-minion
sudo sed -i'' 's/#master: salt/master: '"$MASTER"'/' /etc/salt/minion
sudo systemctl restart salt-minion
sudo systemctl enable salt-minion

Temporary until salt >= 2015.8.0 is in dnf:

sudo dnf -y groupinstall 'Development Tools'
sudo dnf -y install python-devel redhat-rpm-config yum-utils zeromq-devel
sudo pip install -U pip
sudo pip install -U docker-py salt
sudo systemctl restart salt-minion

Desktop

  • Add your user to the sudoers:

    su -c visudo

  • Update installed packages.

    sudo yum update

  • Install git, vim and a few other utilities and set vim as the default editor

    sudo yum install git vim wget xclip ctags

  • Install Chrome:

    cd ~/Downloads
wget https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm
sudo yum install google-chrome-stable_current_x86_64.rpm

  • Add ssh key to GitHub:

    • Generate key:

      ssh-keygen -t rsa

    • Copy contents of ~/.ssh/id_rsa.pub to GitHub SSH Keys page:

      xclip -selection c -i ~/.ssh/id_rsa.pub

  • Install dotfiles.

  • Install Dropbox:

    wget https://www.dropbox.com/download?dl=packages/fedora/nautilus-dropbox-1.6.2-1.fedora.x86_64.rpm -O ~/Downloads/dropbox.rpm
sudo yum install ~/Downloads/dropbox.rpm

  • Install other useful utilities and build tools:

    sudo yum install transmission

Python

sudo yum install xz-devel bzip2-devel ncurses-devel gdbm-devel sqlite-devel \
                 openssl-devel libpng-devel freetype-devel lapack-devel blas-devel \
                 readline-devel patch make
mkdir ~/src
cd ~/src
curl https://www.python.org/ftp/python/3.5.1/Python-3.5.1.tar.xz | tar -xJ
cd Python-3.5.1/
./configure
sudo make install
sudo pip3 install --upgrade distribute jupyter numpy matplotlib scipy pandas \
                            requests beautifulsoup4

EPICS

sudo yum -y install gcc-c++ perl-devel readline-devel perl-Pod-Checker
sudo ln -s /usr/bin/xsubpp /usr/share/perl5/ExtUtils/
cd /opt
sudo mkdir epics
sudo chown $USER:$USER epics
cd epics
wget -O - http://www.aps.anl.gov/epics/download/base/baseR3.14.12.4.tar.gz | tar -xzf -
ln -fs "$PWD/base-3.14.12.4" base
cd base
EPICS_HOST_ARCH=linux-x86_64
make

Allow EPICS through firewall:

This should work:

sudo firewall-cmd --permanent --zone=public --add-port=5064-5065/tcp
sudo firewall-cmd --permanent --zone=public --add-port=5064-5065/udp
sudo firewall-cmd --reload

If that fails:

sudo firewall-cmd --permanent --direct --add-rule ipv4 \
  filter INPUT 0 -s 10.0.0.0/8 -p udp --sport 5064 -j ACCEPT
sudo firewall-cmd --permanent --direct --add-rule ipv4 \
  filter INPUT 0 -s 10.0.0.0/8 -p udp --dport 5065 -j ACCEPT
sudo firewall-cmd --reload

If you are running an IOC you also need to run:

sudo firewall-cmd --permanent --direct --add-rule ipv4 \
  filter INPUT 0 -s 10.0.0.0/8 -p udp --dport 5064 -j ACCEPT
sudo firewall-cmd --permanent --direct --add-rule ipv4 \
  filter INPUT 0 -s 10.0.0.0/8 -p tcp --dport 5065 -j ACCEPT
sudo firewall-cmd --reload

List rules with:

sudo firewall-cmd --direct --get-rules ipv4 filter INPUT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment