Tips for installing the machine on FI
Here are some tips on how to properly set up your computer at FI. These tips will help you increase the speed, efficiency, or safety of your machine. Any suggestions to improve or expand this page go to
The following section applies to both personal computers and servers. Most recommendations also apply to virtual machines.
Consider separating system and user data
When sharing a disk, consider whether you want to connect
/home to a separate section. An advantage can be simple reinstalling of the system, a disadvantage of less efficient disk capacity utilization.
For your account on your machine, use faculty login
Print jobs must be sent from a user account whose login is identical to your faculty login. Therefore, we strongly recommend that you set up the login you use on the FI. See the documentation for details print on FI .
Use DHCP instead of static configuration to configure your network. An advantage is the possibility of central administration and easier collective change. The DHCP configuration for your managed devices can be set in the Faculty Administration in Device management (possibly completing / editing the list on request by UNIX Administrators). If you are interested in the IPv6 configuration, please also contact the UNIX Administrator.
Set the local distribution mirror
If your distribution mirror is available on FI -
, set this server as a mirror. Refer to the documentation for your distribution for instructions. If we do not mirror it and use it on multiple machines, you can try sending a mirror request to
Set up automatic security updates
To improve machine safety, it is important to install security updates to correct vulnerabilities. This can be automated, but the method differs depending on the distribution. Maybe in Ubuntu describes the procedure article AutomaticSecurityUpdates and for Fedora again article AutoUpdates .
Note: Ubuntu is already turned on after installation. And maybe in other distributions.
If you log in to other SSH machine machines from your machine, you can download the public keys of the faculty machines from the central repository (or use the auto download script) for added safety and convenience. See here: SSH Known Hosts .
Configuring the machine's mail system
Your machine may in some cases send mails (system updates, some daemon errors). With incorrect configuration, these mails can reach Unix administrators. Therefore, please check your configuration according to of our instructions .
Maily can also be sent directly from your machine if needed (for example, by using the command
Configuring the mail client
See the section for information Post in our technical documentation. Most clients are able to detect this configuration automatically.
Specifically, we only mention the mailing configuration where the SMTP server configuration is correct
relay.fi.muni.cz and port 465 (with SSL).
To ensure the exact time on the machine, verify that you have the time synchronization daemon (ntpd, chronyd) installed and use the local NTP server
time.fi.muni.cz . More detailed instructions can be found here:
The exact time in the FI network
In this section, you'll find tips that can be found primarily on servers.
In BIOS, you can set the computer to turn itself on again if a power failure occurs for some reason. For servers, this may be the desirable behavior. This entry is usually named
Restore on AC/Power Loss .
AHCI disk interfaces
In BIOS, make sure that you have the AHCI interface set for SATA drives. AHCI is a standard that supports, for example, hot-swap drives. Instead, the older IDE requires disc restart recognition by the system restart system.
Test your hardware
Some later complications can be avoided by testing the hardware before putting it into operation.
How to test memory can be found here: Memory testing: memtester .
The procedure for thorough disk testing is as follows:
- Determine the name of the test disk, and you will get a list of connected discs
- Save the output
smartctl -a /dev/sdX(replace X with something else)
- Run a long SMART test
smartctl -t long /dev/sdX
- The test will run for some time. When finished, save the output again
smartctl -a /dev/sdXand compare it with the status before the SMART test.
- If you have a magnetic disk, check the wrong blocks. Attention! This is a destructive test that will overwrite the entire disk:
badblocks -sw /dev/sdX
- Finally, check the output
dmesgand compare the current output
smartctl -a /dev/sdXwith an initial output (e.g.
Configure IPMI and serial console
Some IPMI servers are equipped with a dedicated, independent processor that is connected to the motherboard and the main processor and which allows hardware monitoring and control. This machine can be connected via a separate IP address, often on a dedicated network interface. The usual options include power management, machine status monitoring, BIOS configuration, and access to the operating system serial console. If your machine supports it (it can perform under different names: IPMI, iLO, iDRAC, BMC), we recommend that you use this option and configure IPMI.
Since this configuration is different for each hardware and BIOS manufacturer, general instructions can not be given here. Typically, however, it is advisable to set up a dedicated / dedicated Ethernet port, gain network configuration via DHCP (we assign addresses for security reasons from a non-public range available only from the agreed machines or the FI portion). Sometimes even a machine with a single (shared) Ethernet port can support IPMI. In this case, a VLAN tag can typically be set for IPMI - Unix Administrators will secure your connection to our infrastructure.
In any case, make sure you do not leave IPMI exposed to the world with the default password.
The serial console is also configured separately, for example, as follows:
Console redirection........Serial Port 1 Failsafe Baud Rate.........115200 Remote Terminal Type.......VT100/VT220 Redirection After Boot.....Enabled
In order to be functional, it is also necessary to properly configure the GRUB / kernel. Usually, simply add / modify these GRUB configuration parameters and then run them
update-grub . An example of how the configuration could look like:
GRUB_CMDLINE_LINUX="<původní parametry> console=tty0 console=ttyS0,115200n,8" GRUB_TERMINAL="serial console" # následující parametr je zde zalomen, ale v konfiguraci # musí být uveden v jednom řádku GRUB_SERIAL_COMMAND="serial --unit=0 --speed=115200; terminal --timeout=5 serial console"
Note that the console numbering in the BIOS and the kernel may vary, ie, the console in the BIOS is usually numbered 1, while in the kernel they are numbered from
If you want to help with the configuration, you can contact the faculty UNIX Administrator.
MCE Hardware Error Detection
Modern processors let the OS know about hardware errors. In Linux, this data can be retrieved using a daemon
mcelog , which logs the detected hardware errors into a file
/var/log/mcelog or it can be configured to respond to errors.
Update: This applies to Intel processors. For AMD, the old kernel module is edac_mce_amd and mcelog probably will not work.
Saving logs at syslog.fi.muni.cz
For security reasons, it is also useful to send logs to the central server. Another advantage is the ability to detect problems at the faculty network level by unix @ fi. If you are interested, talk to UNIX Administrators.
Watching discs via SMART
SMART is a monitoring system for hard disks. Tracking takes care of the demon
smartd , which is in the package
smartmontools . In configuration
/etc/smartd.conf we recommend commenting
DEVICESCAN and add one line for each disk, e.g.
# ata/sata disky /dev/sda -S on -d ata -o on -a -m MAIL -M once -s (S/../.././02|L/../../7/04) /dev/sdb -S on -d ata -o on -a -m MAIL -M once -s (S/../.././03|L/../../7/05)
-s that's the disk
/dev/sda will be checked by a short self-test every day at 2am and a long self-test once every 7 days at 4am. Although this load is not significant, we recommend running tests for individual drives at different times. For more details, see the documentation by using the command
man smartd.conf . Also, be sure to activate the daemon to run at system startup.
Disable sudo for regular users
If other users are logged on to your server, you probably do not want to give them root access. In some distributions, it is allowed to use the command
sudo for common users. This can be checked and possibly set in
Webserver and SSL settings
If you are planning to run a secure website on your machine, you should pay attention to the correct and secure SSL / TLS configuration. You can read about the secure connection settings on the page Webserver and SSL settings .