Install recent Lyx version ubuntu/mint

sudo add-apt-repository ppa:lyx-devel/release
sudo apt-get update

sudo apt-get install lyx

sudo apt-get install gnome-themes-standard
sudo apt-get install texlive-latex-recommended texlive-pictures
sudo apt-get install texlive-pictures texlive-latex-base texlive-base texlive-latex-recommended
sudo apt-get install texlive-latex-extra
sudo apt-get install texlive-fonts-recommended
sudo apt-get install qpdfview

Nagios Active Checks (check_ncpa.py)

Nagios Active Checks (check_ncpa.py)

 
Nagios plugin:
https://assets.nagios.com/downloads/ncpa/check_ncpa.tar.gz
 
Copy check_ncpa.py  to /usr/local/nagios/libexec (plugin directory) or /usr/lib64/nagios/plugins/ (plugin directory Centos 6.9)
 
ln -s check_ncpa.py check_ncpa
 
Define new check_ncpa command by adding following lines to /usr/local/nagios/etc/objects/commands.cfg
 
define command {
    command_name    check_ncpa
    command_line    $USER1$/check_ncpa.py -H $HOSTADDRESS$ $ARG1$
}
 
or
 
 
define command {
    command_name    check_ncpa
    command_line    $USER1$/check_ncpa -H $HOSTADDRESS$ $ARG1$
}
 
 
Create ncpa.cfg file  in /usr/local/nagios/etc/objects
touch /usr/local/nagios/etc/objects/ncpa.cfg
 
Add following lines in ncpa.cfg to define host and monitoring services
 
define host {
    host_name               NCPA 2 Host
    address                 192.168.1.10
    check_command           check_ncpa!-t 'mytoken' -P 5693 -M system/agent_version
    max_check_attempts      5
    check_interval          5
    retry_interval          1
    check_period            24×7
    contacts                nagiosadmin
    notification_interval   60
    notification_period     24×7
    notifications_enabled   1
    icon_image              ncpa.png
    statusmap_image         ncpa.png
    register                1
}
 
define service {
    host_name               NCPA 2 Host
    service_description     CPU Usage
    check_command           check_ncpa!-t 'mytoken' -P 5693 -M cpu/percent -w 20 -c 40 -q 'aggregate=avg'
    max_check_attempts      5
    check_interval          5
    retry_interval          1
    check_period            24×7
    notification_interval   60
    notification_period     24×7
    contacts                nagiosadmin
    register                1
}
 
define service {
    host_name               NCPA 2 Host
    service_description     Memory Usage
    check_command           check_ncpa!-t 'mytoken' -P 5693 -M memory/virtual -w 50 -c 80 -u G
    max_check_attempts      5
    check_interval          5
    retry_interval          1
    check_period            24×7
    notification_interval   60
    notification_period     24×7
    contacts                nagiosadmin
    register                1
}
 
define service {
    host_name               NCPA 2 Host
    service_description     Process Count
    check_command           check_ncpa!-t 'mytoken' -P 5693 -M processes -w 150 -c 200
    max_check_attempts      5
    check_interval          5
    retry_interval          1
    check_period            24×7
    notification_interval   60
    notification_period     24×7
    contacts                nagiosadmin
    register                1
}
 
 
And finaly, tell Nagios to add monitoring from new configuration file by adding new cfg_file line to nagios.cfg file.
 
 
Change icon_image and statusmap_image  in ncpa.cfg file by choosing some png files from
/usr/local/nagios/share/images folder.

 
For example, instead ncpa.png (in ncpa.cfg) choose workstation.png
 
More info: https://assets.nagios.com/downloads/nagioscore/docs/nagioscore/4/en/monitoring-windows.html

Credits: https://milanorlovic.blogspot.pt/2017/09/nagios-active-checks-checkncpapy.html

 

Deleting non-free Software from Debian GNU/Linux

if you use Debian or Debian based like Ubuntu, you can check if you have installed non-free software via Debian way. By Default Debian does not install it unless you put non-free on your apt repo, so delete it first if it exists.

Install the tool vrms (virtual Richard M. Stallman)

# apt-get install vrms

or

# aptitude install vrms

Then, delete all non-free software, mandatory if you want to be a 100% Free Software guy, also to make happy RMS ๐Ÿ™‚

# apt-get remove –purge `vrms -s | xargs echo -n && echo`

or

# aptitude purge `vrms -s | xargs echo -n && echo`

 

Credits

 

Fedora with Freed-ora

Pimping Fedora can in no way substitute for the real BLAG experience, but it works – and is less cumbersome than liberating *buntu, as described in a previous post.

Here we go:

  • Dump your Fedora .iso on a USB stick or such. Run and install.
  • Check and install any updates.
  • Install FSFLA’s libre kernels as described here: http://www.fsfla.org/ikiwiki/selibre/linux-libre/freed-ora.en.html.
  • Installing the package freed-ora-freedom will prevent most non-free stuff from being added by accident. However, freed-ora-freedom will not install until all non-free on your system is removed – so before attempting this, reboot with a libre kernel. If your system is running fine, remove Fedora’s kernels and linux-firmware. You will find libre firmware, kernel headers, modules and such in the freed-ora repo. While you are at it, also remove other non-free firmware and the package microcode-ctl if installed. Don’t worry – freed-ora-freedom will complain about specific packages until they are gone. When ready, go ahead and install freed-ora-freedom.

Believe it or not – that’s it!

You may wish to disable selinux on startup. This can be achieved by opening the file /etc/selinux/config as root, and setting the value “SELINUX=” to “SELINUX=disabled”. Someone has yet to find a backdoor in selinux, but it is after all developed by the NSA – and not very useful on most desktops.

You may also want to install the *free* part of RPM Fusion as described here for extra codecs, media players and such. **

** Note: The free section contains programs that are licensed with the Fedora Project but have a portion of code that is subject to software patents (prohibited in free software in the United States).

 

Credits 01 | Credits 02

Fedora libvirt family tools for virtualization solution

Fedora 22 to current:

For Fedora 21 or previous installations, replace "dnf" with "yum." Yum is now a deprecated package manager and is replaced by DNF on installations of Fedora 22 and onward.

su -c "dnf install @virtualization"

This will install below Mandatory and Default packages.

$ dnf groupinfo virtualization

Group: Virtualisation
 Group-Id: virtualization
 Description: These packages provide a virtualisation environment.
 Mandatory Packages:
   =virt-install
 Default Packages:
   =libvirt-daemon-config-network
   =libvirt-daemon-kvm
   =qemu-kvm
   =virt-manager
   =virt-viewer
 Optional Packages:
   guestfs-browser
   libguestfs-tools
   python-libguestfs
   virt-top

This will install Mandatory, Default and Optional Packages.

su -c "dnf group install with-optional virtualization"

To start the service:

su -c "systemctl start libvirtd"

To start the service on boot:

su -c "systemctl enable libvirtd"

Verify that the kvm kernel modules were properly loaded:

$ lsmod | grep kvm
kvm_amd                55563  0 
kvm                   419458  1 kvm_amd

If that command did not list kvm_intel or kvm_amd, KVM is not properly configured. See Ensuring system is KVM capable for troubleshooting tips.

Networking Support

By default libvirt will create a private network for your guests on the host machine. This private network will use a 192.168.x.x subnet and not be reachable directly from the network the host machine is on, but virtual guests can use the host machine as a gateway and can connect out via it. If you need to provide services on your guests that are reachable via other machines on your host network you can use iptables DNAT rules to forward in specific ports, or you can setup a Bridged env.

Creating a Fedora guest

The installation of Fedora guests using anaconda is supported. The installation can be started on the command line via the virt-install program or in the GUI program virt-manager.

Creating a guest with virt-install

virt-install is a command line based tool for creating virtualized guests. Refer to http://virt-tools.org/learning/install-with-command-line/ for understanding how to use this tool. Execute virt-install --help for command line help.

virt-install can use kickstart files, for example virt-install -x ks=kickstart-file-name.ks.

If graphics were enabled, a VNC window will open and present the graphical installer. If graphics were not enabled, a text installer will appear. Proceed with the fedora installation.

Creating a guest with virt-manager

Start the GUI Virtual Machine Manager by selecting it from the "Applications–>System Tools" menu, or by running the following command:

su -c "virt-manager"

If you encounter an error along the lines of "Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash", trying running virt-manager not as root (without the su -c). The GUI will prompt for the root password.

  1. Open a connection to a hypervisor by choosing File–>Add connection…
  2. Choose "qemu" for KVM, or "Xen" for Xen.
  3. Choose "local" or select a method to connect to a remote hypervisor
  4. After a connection is opened, click the new icon next to the hypervisor, or right click on the active hypervisor and select "New" (Note – the new icon is going to be improved to make it easier to see)
  5. A wizard will present the same questions as appear with the virt-install command-line utility (see descriptions above). The wizard assumes that a graphical installation is desired and does not prompt for this option.
  6. On the last page of the wizard there is a "Finish" button. When this is clicked, the guest OS is provisioned. After a few moments a VNC window should appear. Proceed with the installation as normal.

Managing guests with virsh

The virsh command line utility that allows you to manage virtual machines. Guests can be managed on the command line with the virsh utility. The virsh utility is built around the libvirt management APIl:

  • virsh has a stable set of commands whose syntax and semantics are preserved across updates to the underlying virtualization platform.
  • virsh can be used as an unprivileged user for read-only operations (e.g. listing domains, listing domain statistics).
  • virsh can manage domains running under Xen, Qemu/KVM, esx or other backends with no perceptible difference to the user

To start a virtual machine:

su -c "virsh create <name of virtual machine>"

To list the virtual machines currently running:

su -c "virsh list"

To list all virtual machines, running or not:

su -c "virsh list --all"

To gracefully power off a guest:

su -c "virsh shutdown <virtual machine (name | id | uuid)>"

To non gracefully power off a guest:

su -c "virsh destroy <virtual machine (name | id | uuid)>"

To save a snapshot of the machine to a file:

su -c "virsh save <virtual machine (name | id | uuid)> <filename>"

To restore a previously saved snapshot:

su -c "virsh restore <filename>"

To export the configuration file of a virtual machine:

su -c "virsh dumpxml <virtual machine (name | id | uuid)"

For a complete list of commands available for use with virsh:

su -c "virsh help"

Credits

Updating the Free Linux Kernel on Trisquel GNU / Linux-libre

Linux as distributed by kernel.org contains proprietary software, and it induces you to install additional proprietary software that it doesn't contain.

Linux-libre is a modified version of Linux with all of the binary blobs, obfuscated code and portions of code under proprietary licenses removed.

The resulting combination of the GNU Operating System and the kernel named Linux is the GNU/Linux operating system, although many (incorrectly) refer to it as "Linux."

This repository contains .debs of Linux-libre compiled for 32- and 64-bit x86 CPUs. It should work with most any GNU/Linux distribution that uses APT. It's known to be compatible with Trisquel, gNewSense, Debian, Ubuntu, Devuan and their respective derivatives. Please contact me if you need support for additional CPU architectures or other GNU/Linux distributions.

I hope that this repository will make software freedom easier for more people, either by allowing you to replace the kernel in your existing GNU/Linux distribution with one that is entirely freedom-respecting, or for people already using fully-free GNU/Linux distributions to more easily get a newer kernel version if you need it for some reason.

To use this repository first add it to your system. Run this command:

$ sudo apt edit-sources

And add the line:

deb http://linux-libre.fsfla.org/pub/linux-libre/freesh/ freesh main

You should also fetch and install the GPG key with which the repository is signed:

Now you will now be able to update your package manager and install Linux-libre:

$ sudo apt update

The exact command to run next depends on how you want things to work. Please review all of the information below.

Current and upcoming kernel versions to know about:

Version

Status

Released

Supported Until

4.13

Future version, expected in September 2017.

4.12

Latest released version.

July 2017

September 2017

4.9

Current long-term support (LTS) version.

December 2016

January 2019

4.1

Previous long-term support (LTS) version, but still supported.

June 2015

September 2017

Please keep in mind that a new long-term support version is selected roughly once each year and then supported for at least two years. The next one will 4.14, which is expected in November 2017.

To determine if your CPU supports PAE (which is good to know for the chart below) run this command:

  $ grep –color=always -i PAE /proc/cpuinfo

If pae is highlighted in the output then your system supports PAE. Otherwise it does not.

Please continue reading to find the use case that most closely describes what you want.

Use Case

Command

"I always want the latest version of Linux-libre. No matter what."

sudo apt install linux-libre

Same as above, but I have an older computer that doesn't support PAE. (See the earlier note about PAE.)

sudo apt install linux-libre-nonpae

"I want the latest version of Linux-libre, but when 4.13 comes out as the next major new release I want to wait a bit before upgrading so that any problems can get sorted out. I'll decide when I'm ready to upgrade to 4.13, but I still want to get updates for 4.12 while I'm waiting."

sudo apt install linux-libre-4.12

Same as above, but I have an older computer that doesn't support PAE. (See the earlier note about PAE.)

sudo apt install linux-libre-4.12-nonpae

"I always want to be using the current long-term support (LTS) version of Linux-libre. No matter what."

sudo apt install linux-libre-lts

Same as above, but I have an older computer that doesn't support PAE. (See the earlier note about PAE.)

sudo apt install linux-libre-lts-nonpae

"I want to use the current long-term support (LTS) version of Linux-libre but when the next one (4.14) comes out in November 2017 I don't want to upgrade to it. I want to stay with the current LTS (4.9) until I decide otherwise."

sudo apt install linux-libre-4.9

Same as above, but I have an older computer that doesn't support PAE. (See the earlier note about PAE.)

sudo apt install linux-libre-4.9-nonpae

"I know that the current long-term support (LTS) version of Linux-libre is 4.9 but I want to keep using the previous LTS version (4.1) until I decide otherwise."

sudo apt install linux-libre-4.1

Same as above, but I have an older computer that doesn't support PAE. (See the earlier note about PAE.)

sudo apt install linux-libre-4.1-nonpae

If you use libreboot make sure to do this. If you do not use libreboot, skip this step.

$ cd /boot/grub
$ sudo ln -s grub.cfg libreboot_grub.cfg

 

Credits 01 | Credits 02

Quick Tip โ€“ Fix gpg: canโ€™t connect to the agent: IPC connect call failed error

I was configuring GPG renderers on  and I ran into the following error while generating the PGP key (pair) that would be used to encrypt secrets before adding them their respective pillars:
gpg: can't connect to the agent: IPC connect call failed
gpg: problem with the agent: No agent running
gpg: can't connect to the agent: IPC connect call failed
gpg: problem with the agent: No agent running
gpg: Key generation canceled.

Eventually, this error was being caused by a GPG agent that was already running , which my GPG command was unable to access. To fix this error kill the running agent with the following command:
kill -9 gpg-agent

Next, restart the agent with the following command:
source &lt;(gpg-agent –daemon)

You should now be able to re-run the GPG command you’re using to generate the key-pair and connect to the curses version of pinentry to input your passphrase.

Credits

Squid Caching Configuration

Caching Configuration

Squid proxy server supports two types of caching – RAM caching and hardware caching. While configuring you should keep in mind that caching may either accelerate query processing or slow it down, in case configuration parameters are wrong. Another important point is that caching results in additional load on server, e.g. excessive cache in RAM is able to paralyze sever causing lack of RAM.

Squid standard configuration provides RAM cache only with memory usage of 256 Mbyte. You may increase cache volume and set maximum volume of a cached object using the following directives:

cache_mem 1024 MB #volume of the memory available for casing
maximum_object_size_in_memory 512 KB #maximum volume of a cached object 

Also, one should take into account that cache is reset every time sever restarts or turns off, so the results of configuration change will be perceptible only over time. 

HDD cache usage is controlled by cache_dirdirective: 

cache_dir storage_type path_to_storage volume L1 L2

cache_dir ufs /var/squid_cache 1024 16 256 

Cache volume on hardware is counted in Mbytes. In the example below cache with maximum volume of 1 Gbyte is stored in /var/squid_cache. ufs storage type is standard. Parameters 16 and 256 denote the number of first and second level directories, these volumes are standard, too. 

You may also specify the cached object maximum volume:

maximum_object_size 2 MB

Credits