kickstart for Ubuntu/GPU server——GPU server environment configuration

1. Firewall Settings

You can check the firewall status by running the following command:

sudo ufw status
# 如果防火墙已启用，请通过运行以下命令来禁用它
sudo ufw disable
# 为了确保防火墙在下次启动时不会再次启用，请运行以下命令
systemctl disable ufw
systemctl stop ufw

2. Replace the apt source

Google search thu ubuntuis enough, if it is Baidu search 清华源 ubuntu.

Select the corresponding version, and then copy the mirror address.

cat > /etc/apt/sources.list <<-EOF
# 默认注释了源码镜像以提高 apt update 速度，如有需要可自行取消注释
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-updates main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-backports main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-backports main restricted universe multiverse

# deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-security main restricted universe multiverse
# # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-security main restricted universe multiverse

deb http://security.ubuntu.com/ubuntu/ jammy-security main restricted universe multiverse
EOF

3. Set proxy

If you need to use a proxy server to access the Internet, you can set the proxy by modifying ~/.bashrcand files. First, add the following content to the ~/.bashrc file to set the proxy ( the settings under the file will only take effect when the user is changed, and the settings under the file will take effect for all users):/etc/apt/apt.conf.d/99proxy
~/.bashrc/etc/bash.bashrc

cat >> ~/.bashrc <<-EOF
set_proxy() {
  export http_proxy=http://192.168.131.76:7890
  export https_proxy=http://192.168.131.76:7890
  export all_proxy=socks5h://192.168.131.76:7890
}

set_proxy
EOF
# 第一行的EOF是一个结束标识符，它可以是任意字符串，只要确保它与重定向到文件的内容中不存在即可
# 使用这种方式来追加内容还可以避免缩进问题
# 最后的EOF标志着重定向到文件的内容已经彻底结束

source ~/.bashrc
# 将.bashrc中设置的环境变量导出到当前shell环境，`. ~/bashrc`也是等价的
# 此时，尝试`sudo apt update`查看apt是否成功使用环境变量
# apt需要使用socks5h协议的代理，h表示支持DNS解析
# > As the man page says, socks5h, not socks5, 
# is supported by apt, which means socks5 proxy with DNS resolving ability.

Then, add the following to /etc/apt/apt.conf.d/99proxythe file to set the proxy in apt:

cat >> /etc/apt/apt.conf.d/99proxy << EOF
Acquire::https::Verify-Peer "false";
// Do not verify that certificate name matches server name
Acquire::https::Verify-Host "false";
// proxy
Acquire::http::Proxy "socks5h://192.168.131.76:7890";
Acquire::https::Proxy "socks5h://192.168.131.76:7890";
EOF

4. Update packages

# 更新索引
sudo apt update
# 更新所有软件包
sudo apt upgrade

5. Install the GPU driver

Before officially installing CUDA, you need to install the Nvidia driver first , or you can directly download the corresponding driver.
Open it, select Latest Production Branch Version, and download it sudo sh NVIDIA-Linux-x86_64-$DRIVER_VERSION.run(Runfile installation method).
Or try the following command (package management method):

sudo ubuntu-drivers autoinstall
sudo apt search nvidia-driver
sudo apt install nvidia-driver-525-server -y

6. Install CUDA

Take the Ubuntu 18.04 system of X86_64 as an example (check the version cat /etc/*release), to install CUDA Toolkit, you can follow the steps below:

Visit the CUDA Toolkit Downloads web page.
Select the appropriate operating system, architecture, and distribution. In this example, select the Linux operating system, the X86_64 architecture, and the Ubuntu 18.04 distribution.
Further down the page, find the "Installation Instructions" section and copy the installation commands provided.
Paste the copied installation command in a terminal window and follow the command line prompts.

Run the following command to automatically install the latest version of the GPU driver:

wget https://developer.download.nvidia.com/compute/cuda/repos/ubuntu1804/x86_64/cuda-ubuntu1804.pin
sudo mv cuda-ubuntu1804.pin /etc/apt/preferences.d/cuda-repository-pin-600
wget https://developer.download.nvidia.com/compute/cuda/12.1.0/local_installers/cuda-repo-ubuntu1804-12-1-local_12.1.0-530.30.02-1_amd64.deb
sudo dpkg -i cuda-repo-ubuntu1804-12-1-local_12.1.0-530.30.02-1_amd64.deb
sudo cp /var/cuda-repo-ubuntu1804-12-1-local/cuda-*-keyring.gpg /usr/share/keyrings/
sudo apt-get update
sudo apt-get -y install cuda

# 如上命令为英伟达官方提供
# 安装完成后，可以尝试`sudo apt autoremove`清理已经需要的依赖包
# 尝试重启设备
sudo reboot

Always remember to restart your device.
After restarting the device, try to run nvidia-smithe test driver and see if CUDA is installed successfully.

nvidia-smi

7. conda installation

Google search thu condais enough, if it is Baidu, search and 清华源 condaselect Tsinghua University open source software mirror station .
Download Miniconda first, enter the following page, search for the appropriate package (for example, search for 2023, select the appropriate cpython version and architecture amd64/x86-64), and copy the download link.

Miniconda is a lightweight alternative to Anaconda. It only includes python and conda by default, but you can install the required packages through pip and conda.

wget https://mirrors.tuna.tsinghua.edu.cn/anaconda/miniconda/Miniconda3-py310_22.11.1-1-Linux-x86_64.sh
bash Miniconda3*.sh
# 安装过程中，需要明确回复yes同意licenses，并同意执行conda init·	
# 安装完成之后，需要`bash`一下进入新的bash，确认自动激活conda环境

conda initcommand is a command in the Anaconda/Miniconda package manager to initialize a conda environment in the Bash shell. It modifies the configuration file of the Bash shell to ensure that conda environment variables and functions are properly loaded into the environment every time Bash is started.

For different shell environments, you need to execute the corresponding init operation. For example, in the powershell environment of windows, it needs to be executed conda init pwsh.
conda initAfter that, you need to activate a new shell environment, for bashexample, or reconnect.
After completing the conda installation, you need to configure the conda source and the pip source, which are independent.

conda source configuration

Refer to .condarcthe configuration that can be completed.

cat > ~/.condarc <<-EOF
channels:
  - defaults
show_channel_urls: true
default_channels:
  - https://mirrors.tuna.tsinghua.edu.cn/anaconda/pkgs/main
  - https://mirrors.tuna.tsinghua.edu.cn/anaconda/pkgs/r
  - https://mirrors.tuna.tsinghua.edu.cn/anaconda/pkgs/msys2
custom_channels:
  conda-forge: https://mirrors.tuna.tsinghua.edu.cn/anaconda/cloud
  msys2: https://mirrors.tuna.tsinghua.edu.cn/anaconda/cloud
  bioconda: https://mirrors.tuna.tsinghua.edu.cn/anaconda/cloud
  menpo: https://mirrors.tuna.tsinghua.edu.cn/anaconda/cloud
  pytorch: https://mirrors.tuna.tsinghua.edu.cn/anaconda/cloud
  pytorch-lts: https://mirrors.tuna.tsinghua.edu.cn/anaconda/cloud
  simpleitk: https://mirrors.tuna.tsinghua.edu.cn/anaconda/cloud
EOF

pip source configuration

mkdir ~/.pip/
cat >> ~/.pip/pip.conf <<-EOF
[global]
index-url=http://mirrors.aliyun.com/pypi/simple/
[install]
trusted-host=mirrors.aliyun.com
EOF

Create a virtual environment

conda clean -i
conda create -n torch
# 如果需要指定python版本，则可以在创建环境时指定，conda create -n torch python=3.8
conda activate torch

Just search on Google pytorch, click Get Started , select the corresponding version, copy the command and execute it.

8. Configure ssh password-free login

The SSH service consists of a server and a client (commonly SSH (Linux)/SecureCRT/Putty/Xshell). By default, the SSH service uses port 22 to provide services and supports two incompatible SSH protocol versions: 1.x and 2.x.
The SSH server is a daemon process that runs in the background and responds to connection requests from clients. The process named "SSHD" is responsible for monitoring the connection request of the remote SSH client in real time and processing it. What is handled usually includes public key authentication, key exchange, symmetric key encryption, and non-secure connections. The SSH service is one of the boot self-starting services reserved in the Linux basic system optimization.
Note: Ubuntu usually does not allow root to log in remotely. You need to modify /etc/ssh/sshd_configthe configuration and change #PermitRootLogin prohibit-passwordto PermitRootLogin yes.
From the perspective of the SSH client, the SSH service mainly provides two secure login modes, as follows.

1. Password-based security verification

For password-based security verification, as long as you know the server's SSH connection account and password (of course you also need to know the corresponding server's IP and open SSH port, the default is 22), you can log in to this remote host through the SSH client. At this time, all data transmitted during the online process is encrypted.

ssh -p22 user@ip

2. Key-based security verification

The key-based security verification method needs to rely on the key, that is, a key pair must be established in advance, and then the public key (lock head) is placed on the target server that needs to be accessed. In addition, the private key (key) needs to be placed on the server. Go to the SSH client or the corresponding client server.

At this time, if you want to connect to the SSH server with the public key, the client SSH software or the client server will send a request to the SSH server, requesting to use the online user key for security verification. After the SSH server receives the request, it will first search for the public key of the corresponding user that has been placed in the home directory of the user connected to the SSH server, and then compare it with the public key sent by the connected SSH client .
If the two keys match, the SSH server encrypts the "challenge" with the public key and sends it to the SSH client. After receiving the "challenge", the SSH client can decrypt it with its own private key, and then send it to the SSH server. Using this method, you need to know the key file of the online user. Compared with the first password-based authentication method, the second method does not need to transmit passwords and passwords on the network, so the security is higher. At this time, we should also pay attention to protecting our key files, especially the private key files , Once obtained by hackers, the danger is great.

How to configure password-free login?

dpkg -l | grep openssh-server

The user creates their key pair by running ssh-keygen(1). This stores the private key in ~/.ssh/id_dsa (DSA), ~/.ssh/id_ecdsa (ECDSA), ~/.ssh/id_ecdsa_sk (authenticator-hosted ECDSA), ~/.ssh/id_ed25519 (Ed25519), ~/.ssh/id_ed25519_sk (authenticator-hosted Ed25519), or ~/.ssh/id_rsa (RSA) and stores the public key in ~/.ssh/id_dsa.pub (DSA), ~/.ssh/id_ecdsa.pub (ECDSA), ~/.ssh/id_ecdsa_sk.pub (authenticator-hosted ECDSA), ~/.ssh/id_ed25519.pub (Ed25519), ~/.ssh/id_ed25519_sk.pub (authenticator-hosted Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user’s home directory. The user should then copy the public key to ~/.ssh/authorized_keys in their home directory on the remote machine. The authorized_keys file corresponds to the conventional ~/.rhosts file, and has one key per line, though the lines can be very long. After this, the user can log in without giving the password.

Related files involved in ssh login:

~/.ssh/config: This is the per-user configuration file. The file format and configuration options are described in ssh_config(5). Because of the potential for abuse, this file must have strict permissions: read/write for the user, and not writable by others. It may be group-writable provided that the group in question contains only the user.
~/.ssh/authorized_keys: Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used for logging in as this user. The format of this file is described in the sshd(8) manual page. This file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others.

We can view the relevant configuration through man ssh_config, the common configuration is as follows:

Host done-qcloud
  HostName ip/doamin
  User user
  Port 12321
  PreferredAuthentications publickey
  IdentityFile ~/.ssh/id_rsa_login

Among them, IdentityFile specifies its corresponding private key, and if the port is not 22, it is marked Port ***and PreferredAuthentications publickeycan be omitted.
The specific steps are as follows (reference):

ssh-keygen -t rsaGenerate a public-private key pair;
ssh-copy-id -i ~/.ssh/id_rsa user@hostCopy the public key to the host. At this time, there is no need to indicate the .pub suffix, or cat .ssh/id_ras.pubpaste and copy the file to the remote host later ~/.ssh/authorized_keys;
Configure the file of this machine ~/.ssh/configand modify it according to the above configuration;
Pass ssh done-qcloudto test. If password-free login, it is correct.