January 1, 2014 by Maxwell Spangler
This is my personal guide for transforming a fresh install of Fedora 20 Linux into a customized workstation environment tailored specifically for my needs.
The procedures listed in this guide could be scripted, but due to the constantly-changing nature of new Fedora releases, I'd spend more time updating the script than it's worth. So I update this guide and do my work by hand, for now.
First, Backup! Install Base Linux Environment Restore /home Filesystem Proxies (Corporate environment)At this point, reboot the system and verify that everything comes up clean and works correctly. Share and Enjoy!
I usually make 2-3 copies of my data prior to a major system upgrade. There is always a chance I'll accidentally erase everything on my system, so I like having several copies on a separate file server for safety.
Custom scripts backup most of this for me:
By hand, have Evolution produce a backup .tgz file of it's mail and configuration data.
Some basic notes on how I perform my installs:
| # | Description | Type | Size |
|---|---|---|---|
| 1 | Kernels and initrd images for booting | ext2 | 500 MB |
| 2 | All remaining space | LVM2 Physical Volume | All |
| Description | Mount point | Logical Volume Name | Type | Size |
|---|---|---|---|---|
| System files only, 32 is normally plenty | / | lv_root | ext4 | 32 GB |
| Log files and KVM virtual machines | /var | lv_var | ext4 | 4 - 128GB |
| User files | /home | lv_home | ext4 | Remaining space |
| Swap support | swap | lv_swap | swap | 1x - 2x memory |
| Unallocated LVM space for snapshots | Unallocated | n/a | n/a | 5% |
These tables act as a guide for what I normally configure on my systems. I adjust partition sizes based on the available storage and the desired functionality of the system.
There are a variety of ways to partition a Fedora system:
Depending on the circumstances, I do either of the last two when I'm working with a system I care about. Below is a rough guide to what I do so my system has partitions based on the tables above
The following additions to /etc/bashrc configure a more comfortable command line environment for all users.
# Bash: use vi editing set -o vi # aliases from my Unix days alias l="ls -l" alias lf="ls -CF" # uncomment this after vim-enhanced is installed #alias vi="vim"
These settings configure the vim editor to be more comfortable for my tastes.
# set tab space at 2 characters set tabstop=2 # Allows indent/unindent based on this many characters set shiftwidth=2 # enable line numbering set number syntax on
Maxwell's .vimrc (short now but expected to grow in the future)
For wired: Verify via Network Manager that a DHCP connection is established.
For wireless: Use Network Manager to select a wireless access point and provide WPA keys.
Both: Verify you can use Firefox to access any well known website.
If you have more than one network device, disable all except the primary interface leaving one working internet connection.
These are very technical details for one of my complicated systems, you may wish to skip over reading them.
When I use this guide to upgrade, I preserve the existing /home filesystem instead of re-formatting it.
For most users, this just means making an entry in /etc/fstab to mount a separate /home filesystem on the empty /home created during installation.
On my primary workstation things are much more complicated. The following layers must work together to make my /home data available.
| Layer | Description | Details | Configuration |
|---|---|---|---|
| Ext4 | Linux Filesystem | /home | Configured to mount by /etc/fstab |
| LVM2 (lv) | LVM Logical Volume | lv_elite_home | Presented by LVM |
| LVM2 (vg) | LVM Volume Group | vg_elite_home | Presented by LVM |
| LVM2 (pv) | LVM Physical Volume | /dev/mapper/open_lvm_elite_home | Presented by LVM |
| LUKS | Software Encryption | /dev/mapper/open_lvm_elite_home | Unlocked in /etc/crypttab |
| mdadm | Software RAID 0 - Stripe for Speed | /dev/md0 | Presented by md driver |
| Physical | SATA disks | 2 x 1 TB (sdb & sdc) | Presented by kernel |
The following commands work from the bottom up to test and configure the layers for use:
Verify that Linux sees the drives (physical), recognizes them as a raid array (mdadm) and is presenting them:
# root@elite [~] # cat /proc/mdstat
Personalities : [raid0]
md0 : active raid0 sdb1[0] sdc1[1]
1953520640 blocks super 1.2 512k chunks
unused devices:
Verify that the RAID contains an encrypted filesystem and note its UUID:
root@elite [~] # blkid | grep md0 /dev/md0: UUID="931b4709-bc06-4c92-8ed4-1f4901256585" TYPE="crypto_LUKS"
Configure /etc/crypttab to unlock and map this encrypted device during the boot process. I compare my backed-up copy of /etc/crypttab to the one that's running and add the missing line referencing open_lvm_elite_home.
# Configured by Fedora installer: Fedora Swap luks-400fff3f-6024-4318-919c-c5ad707bd182 UUID=400fff3f-6024-4318-919c-c5ad707bd182 none # Configured by Fedora installer: Fedora LVM for root filesystem. luks-b5052c1c-a627-4388-87b7-d294ace6f79f UUID=b5052c1c-a627-4388-87b7-d294ace6f79f none # Add this line for the encrypted home storage: open_lvm_elite_home UUID=931b4709-bc06-4c92-8ed4-1f4901256585 none
While booting this device will be unlocked by LUKS and mapped to /dev/mapper/open_lvm_elite_home for other layers to use.
The LVM system should identify it as a physical volume with a volume group and logical volumes on it.
Here's the physical volume:
root@elite [~] # pvdisplay /dev/mapper/open_lvm_elite_home --- Physical volume --- PV Name /dev/mapper/open_lvm_elite_home VG Name vg_elite_home PV Size 1.82 TiB / not usable 0 Allocatable yes PE Size 4.00 MiB Total PE 476933 Free PE 162565 Allocated PE 314368 PV UUID ErDNQj-gfM1-Dpzc-DeUu-Lxby-This-e5abGo
Here's the volume group:
root@elite [~] # vgdisplay vg_elite_home --- Volume group --- VG Name vg_elite_home System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 3 VG Access read/write VG Status resizable MAX LV 0 Cur LV 2 Open LV 2 Max PV 0 Cur PV 1 Act PV 1 VG Size 1.82 TiB PE Size 4.00 MiB Total PE 476933 Alloc PE / Size 314368 / 1.20 TiB Free PE / Size 162565 / 635.02 GiB VG UUID 42z1i3-9HfE-bYL8-1A6R-yq0V-ehqm-UvxmJ5
And the the logical volume:
root@elite [~] # lvdisplay /dev/vg_elite_home/lv_elite_home --- Logical volume --- LV Path /dev/vg_elite_home/lv_elite_home LV Name lv_elite_home VG Name vg_elite_home LV UUID 3vmu2c-MAln-rfWO-tLR9-hjEH-swo5-sh0ejb LV Write Access read/write LV Creation host, time localhost.localdomain, 2013-08-22 16:08:11 -0600 LV Status available # open 1 LV Size 1.07 TiB Current LE 281600 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 4096 Block device 253:6
You should now be able to simply add an entry to /etc/fstab to have your /home filesystem mounted at boot time.
/dev/mapper/vg_elite_home-lv_elite_home /home ext4 defaults,x-systemd.device-timeout=0 1 2
Reboot and ensure that your /home directory is the separate filesystem and not a freshly installed /home directory on the root filesystem.
root@elite [~] # mount | grep home /dev/mapper/vg_elite_home-lv_elite_home on /home type ext4 (rw,relatime,seclabel,stripe=256,data=ordered)
If there are problems, start with the lowest layer and debug upwards to find the problem.
Several steps are required to enable internet access when Fedora is used in an environment requiring proxy servers.
Optional - Proxy environments only!
Within Firefox, set http and https proxies to the local proxy that serves your traffic. Specify any local domains which should not be handled by the proxy.
BManual proxy configuration: my-proxy-server.network Port: 8080 SSL Proxy: my-proxy-server.network Port: 8080 FTP Proxy: (blank) Port: 0 SOCKS host: (blank) Port: 0 No proxy for: localhost, 127.0.0.1, .mynetwork, .labnetwork
Append these lines to /etc/bashrc when in a corporate environment requiring a proxy server. Some command line applications will observe these environment variables and use their proxy.
# proxy variables for command line programs. export http_proxy=proxy-server-id.company.com:8080 export https_proxy=$http_proxy export no_proxy=localhost,.subnet1,.subnet2,10.0.0.0/8 unset ftp_proxy
Of course, make sure you modify them to the proxy server and subnets of your own environment!
Navigate to the GNOME Network control panel applet and configure proxies for http and https traffic. Specify any local domains which should not be handled by the proxy.
Method: Manual HTTP Proxy: my-proxy-server.network Port: 8080 HTTPS Proxy: my-proxy-server.network Port: 8080 FTP Proxy: (blank) Port: 0 Socks host: (blank) Port: 0 No proxy for: localhost, 127.0.0.1, .mynetwork, .labnetwork
Insert the following line into the [main] section in /etc/yum.conf.
[main] proxy=https://proxy-server-id.company.com:8080/
A yum plugin called "yum-plugin-fastestmirror" selects the fastest Fedora repository mirror for your location and uses that mirror for all future updates. Download it now so all future work with yum is as quick as possible.
# yum -y install yum-plugin-fastestmirror
Rpmfusion.org provides repositories for packages not included in the Fedora distribution including packages with non-free components. Enable rpmfusion support now so packages can be installed from it later.
Enable the free and non-free repositories on rpmfusion.org
Click here to enable the free repository on rpmfusion.org
Click here to enable the non-free repository on rpmfusion.org
The packages installed using the installation media may have been replaced by updated versions with bug fixes or security enhancements. Run yum update now to update all packages.
# yum -y update
After installing the base OS from the LiveCD, LiveDVD or other media source, I add additional packages and remove a few of the unwanted base packages. I've written a script called fedora-desktop-packages to automate this for me.
fedora-desktop-packages contains a set of pre-defined packages to be installed or removed to a Linux system. When it runs, it examines what is already installed and takes action to install what is missing.
Right click on fedora-desktop-packages, save it locally then make it executable in order to run it:
$ chmod u+x fedora-desktop-packages
It removes these:
It installs these:
Critical Appplications
General Applications
Multimedia
Networking
Development
Utilities
Adminstration
Virtualization
Services
Application Dependencies
These commercial applications are provided directly from their vendors and require special steps to download and install.
VirtualBox has been my primary hypervisor for running Windows virtual machines.
Install VirtualBox using yum:
# yum -y localinstall ~/Downloads/VirtualBox
To complete the installation, run the VirtualBox application and install the license pack in File->Preferences->Extensions
I've used repositories for VirtualBox in the past, but recently found problems with their packages being tied to specific kernels. Periodic downloads from virtualbox.org is a simple way around this.
Install the Adobe x86_64 repo to enable easy access to flash player updates.
Or perform these two steps on the command line:
# rpm -ivh https://linuxdownload.adobe.com/adobe-release/adobe-release-x86_64-1.0-1.noarch.rpm # rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux
# yum -y install flash-plugin
# wget https://dl-ssl.google.com/linux/linux_signing_key.pub
# rpm --import linux_signing_key.pub
# yum localinstall google-chrome-stable*
Update: Looks like Google Earth has some Fedora 20 issues so as of January 2014, I'm leaving this one off my systems for a bit.
# yum localinstall google-earth*
Fedoraproject SELinux Project Pages with links to more information.
Fedoraproject: SELinux for Dummies with presentations on SELinux basics.
SELinux is a policy based security system included with Fedora and enabled by default in a restrictive mode called "Enforcing."
It has three modes: Enforcing, Permissive and Disabled. For years I ran in permissive so it would catch security issues and report them but not actually block anything. This let me watch and learn but not hit any obstacles. Users who didn't want to know could simply set SELinux to 'disabled' and not be bothered with it.
With Fedora 20, I'm going to keep SELinux in enforcing mode on my desktop in order to try it. If I can adapt to using it I'm sure it'll stick and it's a good thing to learn if you want secure systems.
You can change the configuration of SELinux simply by editing /etc/selinux/config and replace "enforcing" with "permissive" or "disabled":
SELINUX=permissive
SELinux will be in permissive mode when the system is rebooted.
Leave the firewall enabled if you can and open ports as needed.
Run the Firewall GUI application, select "Configuration: Permanent" and make these changes:
Then, Select Options -> Reload Firewall to make them active.
I use a variety of commercial fonts in addition to open source fonts provided by the installer.
To restore these, simply scp them from another system to /usr/share/Core Fonts and they will be automatically identified.
maxwell@elite [~] $ ls /usr/share/fonts abattis-cantarell gnu-free liberation stix Core Fonts google-crosextra-caladea msttcore tabish-eeyek default google-crosextra-carlito opensymbol vlgothic dejavu google-noto sil-mingzat
Having standard Windows fonts helps websites designed for Windows look accurate and helps with importing Microsoft Office documents.
Download this archive and place the contents in /usr/share/fonts
Please do not link directly to this file!
You may skip this if you're restoring a home directory where this is already set.
Set the minimum font size in firefox to between 14 and 16 points to make it easier to view small text on high resolution displays (especially laptops.)
Run Firefox. Go to Edit -> Preferences -> Content -> Fonts & Colors -> Advanced and configure what works best for you.
Install the official Adobe Acrobat Reader program to overcome small incompatabilities observed with the open source PDF readers.
Download the rpm from Adobe:
wget https://ardownload.adobe.com/pub/adobe/reader/unix/9.x/9.5.5/enu/AdbeRdr9.5.5-1_i486linux_enu.rpm
Install the rpm using yum:
# yum -y localinstall AdbeRdr9.5.5-1_i486linux_enu.rpm
Due to a few rare problems with OpenJDK in the past, I install Oracle Java and use it instead.
Use Firefox to download the 64-bit RPM version of Oracle Java from the Oracle JavaSE download page.
I prefer to download it and then use this command to install it:
# yum -y localinstall jre-7u45-linux-x64.rpm
Use these commands to configure Linux to use Oracle Java instead of OpenJDK Java:
# alternatives --install /usr/bin/java java /usr/java/latest/bin/java 200000 # alternatives --install /usr/bin/javaws javaws /usr/java/latest/bin/javaws 200000 # alternatives --install /usr/lib64/mozilla/plugins/libjavaplugin.so libjavaplugin.so.x86_64 /usr/java/latest/lib/amd64/libnpjp2.so 200000
Restart Firefox to make the plugin active then go to this Verify Java Version to verify Java is installed and working in your browser.
Also, append this to your /etc/bashrc file:
export JAVA_HOME="/usr/java/latest"
Java is regularly being updated to fix security issues, so revisit this step on a regular basis to keep your Java updated.
I have one system, an older laptop with an Nvidia graphics card, that overheats when I use the open source nouveau drivers. To overcome this obstacle, I install the Nvidia proprietary drivers which lowers the CPU speed and keeps it from overheating.
I use the akmod-nvidia package from the rpmfusion.org repository to easily disable the nouveau driver and replace it with the nvidia driver. This is much easier than installing the driver from nVidia's own website.
# yum -y install akmod-nvidia
When the driver is installed, reboot and test your graphics.
You'll notice the attractive, kernel-mode based graphical bootup is gone and your prompt for specifying storage system passwords is simple text instead of a nice graphical box.
You may skip this if you're restoring a home directory where this is already set.
I prefer to replace the default color schemes of Gnome Terminal and Vim with Solarized, a meticulously crafted low-contast color palette designed by Ethan Schoonover.
I roughly follow this guide to install it.
As my user, maxwell, not root, I make a projects directory where I can git clone solarized:
$ mkdir -p ~/projects/solarized
In that directory, git clone solarized:
$ cd ~/projects/solarized $ git clone https://github.com/sigurdga/gnome-terminal-colors-solarized.git
Run this script to configure Gnome Terminal for the Solarized "dark" theme.
$ gnome-terminal-colors-solarized/install.sh
This script will allow you to choose a light or dark theme and apply it to the default Gnome Terminal profile called 'Default'.
You may skip this if you're restoring a home directory where this is already set.
These steps will configure vim for Solarized based vim syntax highlighting.
These steps download the solarized file for vim and copy it in place.
$ mkdir -p ~/projects/solarized/vim $ cd ~/projects/solarized/vim $ git clone https://github.com/altercation/vim-colors-solarized.git $ mkdir -p ~/.vim/colors $ cp vim-colors-solarized/colors/solarized.vim ~/.vim/colors/
Then add the following to your ~/.vimrc
syntax enable set background=dark colorscheme solarized
I use a custom bash prompt that offers a simple design with subtle colors. If I'm in a directory that has a .git repository, it will show the current branch of that git repo's development.
My custom prompt is implemented as a variety of COLOR_ variables (for readability), two git functions borrowed from others on the web, and a function which lets me set the prompt to four styles of slight variation.
As my user, maxwell, I git clone a copy of my custom bash prompt:
$ mkdir -p ~/projects/ $ cd ~/projects/ $ git clone https://github.com/maxwax/prompt
Then, append it to my system's /etc/bashrc so all users (presumably this means 'maxwell' and 'root') get it:
# cat ~/projects/prompt/prompt >> /etc/bashrc
Login to a new terminal and you should see a new prompt.
Install the following Firefox plug-ins for a better firefox experience:
I install a Conserver client that can access a conserver server. The conserver system uses a central server to monitor production systems serial port output and brokers access from simultaneous clients. I only need the client on my Fedora systems. This was downloaded earlier and needs
Create a /etc/conserver/console.conf with the following information:
# default config for console
config * {
master my-conserver.company.com;
port 3109;
}
You may skip this if you're restoring a home directory where this is already set.
Pidgin provides me with a single chat client to all the accounts I use at home and work:
Run Pidgin, then use Accounts -> Manage Accounts to set these up individually through Pidgin's user interface.
OR, copy a previously created $HOME/.purple directory into the new home directory and see if Pidgin uses the old settings.
OpenVPN is used to access a variety of secure networks in my life. Configuration is simple:
Samba provides network file sharing services to Windows clients. A Samba server running on a host enables Windows virtual machines to access the host's files.
First, set a samba password for your user:
$ smbpasswd -a New SMB password: ******** Retype new SMB password: *******
Next, edit /etc/samba/smb.conf and make the following changes:
[global] workgroup = MY-SERVER-NAME-GROUP server string = My Fedora Samba Server interfaces = lo eth0 192.168.122.0/24 192.168.56.0/24 security = user
Remove eth0 from above if you wish to ONLY share files with the virtual machines on your host and not with other computers on your network.
[homes] comment = Home Directories browseable = no writeable = yes
Note that in Fedora 20, externally mounted drives are now at /run/media/(user)/(medianame) instead of /media/(medianame) so edit your old Samba files accordingly.
Music files shared from the host to others:
[music] comment = Music share path = /run/media/maxwell/music/ browseable = yes writeable = yes valid users = maxwell
This is a single folder in my home directory shared to VMs when I don't want to share my full home directory:
[vmxfer] comment = Virtual Machine Transfer folder path = /home/maxwell/vmxfer browseable = yes writeable = yes valid users = maxwell
As root, use systemctl to configure the system to start samba upon boot and issue two commands to start the services immediately for use.
# Configure the services to start # systemctl enable smb # systemctl enable nmb # Start the services # systemctl start smb # systemctl start nmb
I had to do the following adjustments to get Samba and SELinux to work on my Fedora 20 system:
# setsebool -P samba_enable_home_dirs 1
# restorecon -R -v /home
With a fresh install of Fedora 20 making a new /home directory, you shouldn't need to do step two.
In my case, my /home directory is a filesystem on a pair of separate disks using raid+luks+lvm and it was created by hand. So when it was created, I didn't label it with the proper SELinux context.
I used these simple Fedora docs on configuring SELinux with Samba
The following list finishes confguring VirtualBox for use. You'll need to reboot the system to activate its full networking and other features before testing restored virtual machines that use those host-only networking and USB support.
You can download the VirtualBox extensions pack from here then use Virtualbox -> Preferences -> Extensions to install it.
After you reboot to active all features, ensure that Virtualbox's internal network is working: The host 'vhostnet' device should have an IP address of 192.168.56.1:
# ifconfig
The Nemo file manager is a fork of the Gnome 2.x file manager that has featurs -- a tree view! -- that Gnome 3.x's Nautilus file manager does not. Naturally, I use Nemo.
When Nemo is run, it attempts to replace Gnome 3's desktop background with one of its own and ends up presenting a black desktop instead.
Fix this by changing a simple gnome registry setting:
$ dconf write /org/nemo/desktop/show-desktop-icons false
You can also use the dconf GUI to find this key and explore related values interactively.
These configuration changes can be made while the previous 'yum update' activity or 'packages' script activites are in progress.
The following activities can be performed interactively while other programs are being installed.
Run the System Settings program to make these changes:
Run the Advanced System Settings (aka Gnome Tweak Tool) program to make these changes:
If you restore a home directory where this is already set these may be set for you.
If you restore a home directory where this is already set these may be set for you.
I use the Gnome 2.x based Nemo file manager because the Gnome 3.x based Nautilus file manager doesn't have a Tree View. How can you now have a tree view in a file manager?
Use the Alacarte (aka GNOME "Main Menu") editor to use Nemo as the default file manager.
Gnome Shell Extensions are small but powerful javascript programs that change and enhance the Gnome Shell environment to suit your specific needs.
The right set of extensions turns a frustrating default Gnome Shell graphical environment into a highly tailored, powerful, graphical environment that is a true pleasure to use.
Extensions can be installed, enabled and disabled via the Gnome Extensions web page.
"Launch New Instance"This extension modifies the Gnome Dash (App dock) to launch new instances of each program when you click on an icon. The normal behavior is only launch one and focus on it if additional clicks occur. For many users like myself, this is vital to making Gnome comfortable |
"Weather by Neroth"Weather places a summary of the weather ("Clear Sky, 32 F") on the top bar and provides a well presented weather summary when you click on it. |
"Recent Items"Recent Items provides a small icon on the top bar that shows a list of recently used files when clicked. The quick access to a just-used file is very satisfying. |
"Media Player Indicator"This provides a top-bar drop down icon with information on media playing from programs like Rhythmbox |
"Advanced Volume Mixer"This provides quick access to mixer controls beyond just volume. It allows me to easily switch between HDMI speakers and headphone speakers very easily. |
"Music Integration"(Desired): Music Integration provides subtle notifications of tracks playing from several Linux audio players. |
"Monitor Status Indicator"(Optional): Monitor status provides a drop down menu for changing monitor layout from portrait to landscape. You might like this if you have a tilt-able monitor and occasionally switch from one mode to another. |
"Workspace Indicator"(Optional): Workspace Indicator shows the workspace your desktop is focused on as a numbered icon on the top right panel. I've been a heavy user of workspaces for years and I'm used to having a simple way to tell which workspace my desktop is currently focused on. |
"Easy Screen Cast"(Optional): Workspace Indicator shows the workspace your desktop is focused on as a numbered icon on the top right panel. I've been a heavy user of workspaces for years and I'm used to having a simple way to tell which workspace my desktop is currently focused on. |
At this point, I've built and configured a Fedora workstation with all the tools and settings to let me be comfortable and productive.
I'll now carefully copy or restore user files to my home directory and begin using the system.
For the first time, with Fedora 20, I've restored my entire /home directory from Fedora 19 and dropped it in place with all the new systems and applications of Fedora 20.
This is a common practice for other users but I've been reluctant to use this method in the past for fear that some new or bleeding edge application or system in Fedora will not like my old, existing config files.
So far with Fedora 20, dropping my old /home in place has worked wonderfully and saved a lot of time. Many of the configuration steps above can be completely skipped as their configurations are inherited from the old config files.