wsl2 - installation and configuration
most of it is explained in an internal blog entry.
To display windows version: winver.exe
I use version 20H2 build 19042.1415
installation
It is now as easy as to run wsl --install
in powershell as admin.
Full detail at MS WSL doc
Other commands:
# list all wsl distributions installed and their WSL version
wsl --list --verbose
# list all distributions available
wsl --list --online
Voici la liste des distributions valides qui peuvent être installées.
Installer à l’aide de « wsl --install -d <Distribution> ».
NAME FRIENDLY NAME
Ubuntu Ubuntu
Debian Debian GNU/Linux
kali-linux Kali Linux Rolling
openSUSE-42 openSUSE Leap 42
SLES-12 SUSE Linux Enterprise Server v12
Ubuntu-16.04 Ubuntu 16.04 LTS
Ubuntu-18.04 Ubuntu 18.04 LTS
Ubuntu-20.04 Ubuntu 20.04 LTS
# install Linux distributions
wsl --install -d <Distribution Name>
# shutdown wsl: shutdown all
wsl --shutdown
# define default wsl distribution to use with wsl
wsl -s <DistributionName>
installation in a non-system drive
and here is a more advanced config to install in a non system drive (D: instead of C:)
#from powershell
New-Item D:\WSL\Ubuntu-20.04 -ItemType Directory
Set-Location D:\WSL\Ubuntu-20.04
#list+link of distributions in https://docs.microsoft.com/en-us/windows/wsl/install-manual#downloading-distributions
Invoke-WebRequest -Uri https://aka.ms/wslubuntu2004 -OutFile Ubuntu-20.04.appx -UseBasicParsing
Rename-Item .\Ubuntu-20.04.appx Ubuntu-20.04.zip
Expand-Archive .\Ubuntu-20.04.zip -Verbose
# and then run Ubuntu_2004.2021.825.0_x64.appx
I don’t know yet where the WSL disk is located (is it a .vhdx file?)
Disks are located at %USERPROFILE%\AppData\Local\Packages\[distro name]
2 ditros used:
wsl1 ubuntu 18.04: CanonicalGroupLimited.Ubuntu18.04onWindows_79rhkp1fndgsc
wsl2 ubuntu 20.04: CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc
So disks are still in C:
Guess I have to use move-wsl.
Set-Location 'D:\Program Files (x86)\move-wsl\'
.\move-wsl.ps1
PS D:\Program Files (x86)\move-wsl> .\move-wsl.ps1
Getting distros...
Select distro to move:
1: Ubuntu-18.04
2: Ubuntu
2
Enter WSL target directory:
D:\wsl\Ubuntu-20.04
Move Ubuntu to "D:\wsl\Ubuntu-20.04"? (Y|n): Y
Exporting VHDX to "D:\wsl\Ubuntu-20.04\Ubuntu.tar" ...
And after that, have to create file/etc/wsl.conf
guillaume@LL11LPC0PQARQ:~$ cat /etc/wsl.conf
[user]
default=guillaume
configuration
wsl-vpnkit
It is nicely explained in the Michelin blog entry. DNS resolution is kind of broken (I think due to internal protections we use on our corporate PC)
vpnkit provides a secured solution to make it work. And sakai135 has packaged it for wsl: wsl-vpnkit
The steps to install wsl-vpn kit are:
- Create a working directory on your windows workspace and download this packaging of wsl-vpnkit inside.
- Now, open a powershell and go to the location of wsl-vpnkit.tar.gz, downloaded during the previous step
- On your powershell terminal, launch:
#/!\ in powserhsell
wsl --import wsl-vpnkit $env:USERPROFILE\wsl-vpnkit wsl-vpnkit.tar.gz
wsl -d wsl-vpnkit
- You can now exit your powershell
- For the last step, to ensure all wsl reboot good communication, we will write in .profile file of your ubuntu user wsl-vpnkit initialization command:
echo 'wsl.exe -d wsl-vpnkit service wsl-vpnkit start' >> ~/.profile
- Relaunch your WSL terminal
git configuration
create a SSH key pair under your distribution
ssh-keygen -t rsa -b 4096 -C "WSL2"
Integrate into gitlab using gitlab doc. (copy id_rsa.pub
into gitlab > preferences > SSH Keys)cat .s
Add corporate CA certificates
Michelin SI is behind an ssl proxy with his proper PKI for certificates delivering. That is why, your subsystem must add this pki in her recognized authorities.
To do this, we will clone a repository with the certificates in the subsystem and copy them to ca-certificates:
git clone git@gitlab.michelin.com:devops-foundation/devops_environment.git /tmp/devops_environment
sudo cp /tmp/devops_environment/certs/* /usr/local/share/ca-certificates/
sudo update-ca-certificates
If everything is ok, terminal notify you that certificates has been added.
You can now clean the temp working folder:
rm -rf /tmp/devops_environment
we can have similar approach to update CA certifcates for Python. 1st step is to locate cacert.pem of your active python environment.
import certifi
certifi.where() >> '/home/guillaume/miniconda3/envs/fastai/lib/python3.9/site-packages/certifi/cacert.pem'
TO BE FIXED
After having run update-ca-certifcates
, there is an updated ca file at /etc/ssl/certs/ca-certificates.crt
. Let’s concatenate it to our cacert.pem
.
cp /etc/ssl/certs/ca-certificates.crt /tmp/ca-certificates.crt
openssl x509 -in /tmp/ca-certificates.crt -out /tmp/ca-certificates.pem -outform PEM
cat /tmp/ca-certificates.pem | tee -a /home/guillaume/miniconda3/envs/fastai/lib/python3.9/site-packages/certifi/cacert.pem
Configure APT
The last step, to have a subsystem ready to use, is to have an apt with Michelin trusted sources configured. Ubuntu based package repositories can’t be used behind Michelin proxy.
Michelin offers its own apt server with artifactory. To configure apt to use artifactory, launch these commands:
echo 'Acquire { http::User-Agent "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:13.37) Gecko/20100101 Firefox/31.33.7"; };' | sudo tee /etc/apt/apt.conf.d/90globalprotectconf
sudo sed -i 's@^\(deb \)http://archive.ubuntu.com/ubuntu/\( focal\(-updates\)\?.*\)$@\1https://artifactory.michelin.com/artifactory/ubuntu-archive-remote\2\n# &@' /etc/apt/sources.list
sudo sed -i 's@^\(deb \)http://security.ubuntu.com/ubuntu/\( focal\(-updates\)\?.*\)$@\1https://artifactory.michelin.com/artifactory/ubuntu-security-remote\2\n# &@' /etc/apt/sources.list
Check if your WSL distribution is working correctly
To verify if everything is OK on your distribution:
- This command must return google ip:
host google.fr
- This command must return artifactory ip:
host artifactory.michelin.com
- You are able to update your distribution without error:
sudo apt update
sudo apt upgrade -y
Conda Mamba - installation and configuration
conda installation
tmpdir=$(mktemp -d)
cd $tmpdir
wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh
chmod +x Miniconda3-latest-Linux-x86_64.sh
# answer yes to question Do you wish the installer to initialize Miniconda3 by running conda init?
bash Miniconda3-latest-Linux-x86_64.sh -p $HOME/miniconda3
>> ==> For changes to take effect, close and re-open your current shell. <==
With this configuration, conda will be activate at startup. If you’d prefer that conda’s base environment not be activated on startup, set the auto_activate_base parameter to false: conda config --set auto_activate_base false
conda configuration
As we have in-house CA certificates, and conda uses its own CA certificates (in ~/miniconda3/ssl
)
We have to change this behaviour and ask conda to use system CA certifcates.
At the end of .bash_rc
, add export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
mamba installation
conda install mamba -n base -c conda-forge
mamba init
installation jupyter notebook, nb_conda_kernels, jupyter lab
mamba install nb_conda_kernels
mamba install -c conda-forge jupyterlab jupyterlab-git
create conda envt - fastai (v2.5.3) (optional)
mamba create --name fastai
mamba activate fastai
mamba install -c fastai -c pytorch fastai
mamba install ipykernel
Jupyter
Start jupyter (lab or notebook) from base environment, and switch to desired python environment.
modify jupyter config
#create jupyter config file in ~.jupyter
jupyter notebook --generate-config
And activate jupyter config file to change #c.NotebookApp.use_redirect_file = True
to c.NotebookApp.use_redirect_file = False