Hello. Hope everyone is enjoying their Memorial Day weekend. I’m spending mine with my son and family for his upcoming graduation.
With that said, my son introduced me to Brutal Doom, a Doom Mod that makes the game play a little more modern. You get mouse look, aiming, jumping, and the graphics got a slight upgrade as well as the AI of the enemies is better, and they have new weapons. One thing that got me is the brutalness of the game. Blood everywhere, and it stays, and if you walk through it you leave foot prints. You can also rip enemies apart with you get the Berzerker mode which now stays active all level. You can grab enemies, use them as shields, and even throw them at enemies. Its an upgrade that makes the game that much better. And this blog entry will be how to get it up and running in Ubuntu.
So, first you need to download the Brutal Doom mod. You can get it from ModDB. Once you download it, you will also need a copy of the original Doom.WAD file or Doom2.WAD file. You can use a licensed version from Steam, like I did, or you can download it from the FreeDoom project on GitHub. Now that you have the required files, we need to install GZDoom. I use the snap version since it is easily available through the Ubuntu App Store, or you can install it via CLI:
sudo snap install gzdoom
Once it is installed, you need to run it once so that the snap will create the proper directories so that you can put the WAD files where the snap can access them. I just open the app through the Ubuntu desktop.
You will get an error that GZDoom can’t find the WAD files, this is normal, just click OK to close the app. Now in terminal lets copy the WAD files to the correct localtion:
Now the WAD files are where we need them, but we need to have the Brutal Doom file load at startup. To do this, I updated the gzdoom.ini file in the snap folder to load it.
vi ~/snap/gzdoom/current/.config/gzdoom/gzdoom.ini
File the section: [Global.Autoload] and add the following below:
Hello everyone! I hope you have all been well and staying safe. Today’s blog is one that I hope you find helpful.
So while I use KVM primarily for VM’s on my laptop and even on my servers, I still use VMware Workstation on my Laptop for quick testing. However, with the latest release (25H2 as of today), I was still running into issues where the vmmon and the vmnet modules would build, but not install properly. After looking through my logs, I found out that the reason they were not loading is because they were not signed. I use Secure Boot on my Laptop, and because of that, the kernel will not load unsigned modules into memory, thinking they are insecure. However, I have found a way to install the modules, and maintain security of the system. This blog will detail how to create a key, install the key, and sign the kernel modules after they have been compiled so that they will load properly.
So I download and install VMware Workstation from Broadcom’s support site. It’s free now for personal use. Once you download it, I had to change the permissions so that it was executable, and then ran the installer from the terminal:
After the installation, the kernel modules will be build, but they will not install. When you try to run a VM, it will fail saying it couldn’t load the vmmon module. When I tried to install the modules from the CLI, I was presented with the following error:
sudo modprobe vmmon
modprobe: ERROR: could not insert 'vmmon': Key was rejected by service
After a little searching, I found this was becuase I am using Secure Boot and the kernel modules are not signed. So I had to do the following to sign the modules.
First, I had to create a private key and a certificate to sign the modules. I had to create a Machine Owner Key (MOK). This also has to be added to the MOK database in Secure Boot to prove that the modules have been built and trusted by the system. I did the following to create the keys:
Now I had two files in my home directory, MOK.priv, the Private Key, and MOK.der, the DER formatted Certificate.
I now had to use the mokutil command to install the keys into the database:
sudo mokutil --import MOK.der
I had to create a password to install the certificate. Remember this password because when you reboot the machine, it will ask for this password to install the certificate. Do that and then log back in to the machine.
Once logged in, open a terminal and find the path for the modules:
modinfo -n vmmon
modinfo -n vmnet
They will be in the /lib/modules/$(uname -r)/misc directory, however we will be using this as a variable in the next command, which is what we will use to sign the modules:
You can then use the modprobe command to install the modules, but I normally just reboot my laptop to have everything start correctly, and then I can open VMware Workstation normally.
I hope this helps you, and this process can be used to sign any module that you may need to.
Hello everyone. I hope you are doing well and staying safe. Welcome to another blog entry on gaming on Linux, primarily Ubuntu 24.04.2.
I am a huge id Software fan. Have been since Wolfenstein 3-D in the early 90’s. However, one of my favorites is Quake 4. The story and everything about it is awesome. It’s a direct sequel to Quake 2, which is probably by second favorite Quake game in the series.
So, I wanted to install my copy that I have on DVD that has worked really well in the past, only to my chagrin did I find out that this is was going to be a journey. So if you are having issues setting up Quake 4 on your Ubuntu 24.04 machine, and getting it to run at all with sound included, read on and please like, share and comment so I know that this guide helped you as well.
So, I’ve installed Quake 4 on Linux many times. In fact, it’s one of the first things I install on Linux once everything is all setup. It’s like a reward for a job well done. So here is what I had to do to get it to work.
First thing I did was pull out the old DVD from my desk drawer, and put it in my DVD drive. On my Intel NUC, which is now my primary desktop machine now, I just plugged in a USB one and Ubuntu mounted the DVD with no issues. It was mounted in /media/wililupy/QUAKE4/ directory.
I then created the directory I wanted to install Quake 4 to, which is /usr/local/games/quake4. I have to copy all the pk4 files to this directory, so I opened a terminal and ran the following command:
This took about 10 minutes to copy all the pk4 files. I then needed to download the quake4 linux binaries. Luckily, I had a copy I previously downloaded because the id software FTP site is no longer online. For those of you in the same boat, here is a link to it off of this web server:
NOTE: Make sure you “right click” and Click Save link as: otherwise it will load this script in the web browser
I could then install the quake4 binaries by running the following command:
sudo sh ./quake4-linux-1.4.2.x86.run
I accepted all the licenses, and when it asked where I wanted to install Quake 4, I used the default path, which is where I uploaded the pk4 files:
/usr/local/games/quake4
I also installed Punkbuster, but I don’t think it is even still around, please comment if that is true or not.
Once it finished installing, I started Quake 4, and it failed to start. It appears that the included libraries are not compatible with Ubuntu 24.04.2, so I created a folder in the quake4 directory called temp and moved the lib files there:
cd /usr/local/games/quake4
sudo mkdir -p temp/
sudo mv lib* temp/
I then created symbolic links to the ones installed on my system to the quake4 directory:
I then ran quake4-smp to run and the game fired up with full audio. The only issue I had now was the game was in Spanish. To fix this I updated the Quake 4 configuration file in my home directory:
vi ~/.quake4/q4base/Quake4Config.cfg
I searched for sys_lang and changed it from "spanish" to "english" and saved the file and then restart Quake 4 and everything started and worked normally. I can now play my favorite Quake title on my favorite OS.
Now, these next few things are optional, but I like them because it makes playing the game a little more seamless. I like to have an icon in the Application Launcher for Gnome. Quake 4 comes with a bitmap icon, but the background is magenta and an eye sore. So I use GIMP to make the background transparent and remove the magenta color and then save it as a PNG file. Then I put this icon png file in /usr/share/icons and call it “quake4.png”
I have a link to the png I use here. You can download it and save it to /usr/share/icons and then it will be the icon when you create the desktop link file.
Next, I create an .desktop file called quake4.desktop and put this file in /usr/share/applications. Below are the contents of the file:
Hello everyone! Hope you all have been well. I’ve been messing around with AI and different models for my job as we are implementing AI in our software.
I wanted to learn more about this, and it just so happened that Deepseek R1 was announced and I decided to start there. I originally installed this on my Macbook Pro and I installed a smaller model, and for the hardware, it worked well. However, my son needed the laptop so that he could record music so I restored it back to MacOS and am now using my old Linux laptop that I used when I was at Canonical. This laptop is a beast. It’s a little on the older side, but here’s what it has under the hood:
Intel 7th Gen Core i7 processor, 8 core, 3.8 gHz
32 GB DDR4 Memory
256GB SSD
1TB HDD
Nvidia Geforce GTX 1050 with 4GB vRAM
So, these are the steps that I did to install Deepseek R1 and Open-WebUI as a docker container on my laptop for testing.
First thing I did was install Ollama, which is the LLM from Meta that works with Deepseek R1 Models.
First thing, you need to download and install Ollama. To do this all you need to do is run the following command:
curl -fsSL https://ollama.com/install.sh | sh
After this, I had to add an Environment variable to the systemd service. The systemd service is located in /etc/systemd/system/ollama.service
Under the [Service] section, add the following:
Environment="OLLAMA_HOST=0.0.0.0"
This will allow Ollama to listen and serve on all clients. Since I use Docker this works best. I kept running into issue getting Open-WebUI to connect to my Deepseek model without doing this.
Next, you need to reload the daemon and the Ollama Service:
Now, we need to load the model. I use the 8 Billion Parameter model since my laptop can handle that fairly easily. To load this model use the following command:
ollama run deepseek-r1:8b
There are other models you can use depending on your system. The 1.5 billion parameter is the smallest, and works farily well on most systems. I ran this model on Raspberry Pi’s and on my Mac Laptop with 16GB of and no GPU, and it ran well. To see the different models, you can check out the details on Ollama’s website here:
You will be dropped in to the Ollama shell where you can interact with the model here. To exit, just type /bye in the prompt and you will be back at the Linux shell.
Next, we need to install a nice Web front end. I use Open-WebUI since it works like ChatGPT, and is super simple to setup.
I use Open-WebUI as a Docker container on my laptop to keep it nice and clean. If I want to disable and stop using this, I can remove the container and my system is nice and clean. Plus updating the web front end is really easy with Docker containers.
Make sure you install Docker on your machine. You can use Snaps or Apt. I followed the instructions on Docker website. It’s pretty straight forward. After you install Docker, and add yourself to the docker group. After that, log out and log back in so that the group membership gets applied.
I also had to install the Nvidia Container Toolkit so that I could use the GPU in my containers. To do this run the following command to add the repo to Ubuntu and then use Apt to install:
On the landing page, setup a new Admin user and you done. Select your model from the pull down in the top left corner. Ask your new chatbot a question and your done.
Hello, Quite a quick turnaround for blog posts and me. This one is going to be helpful for those of us that use Wildcard Certificates in our environment and found out that our SSL provider changed their policies based on industry standards, but now their certificates cost 200x more than they used to so we are moving to an opensource and free solution.
For those of you that don’t know what the previous paragraph means, Google, and other major web site providers implemented that all communications on the Internet be secured. To do this, we use SSL or Secure Socket Layer certificates. These certificates verify and validate that the site you are on is the real one and any information that you provide on it will be encrypted and secure. SSL Certificate do this encrypting and signing to make sure everything is good. In the past, we used to have to spend $100’s, if not $1000’s (Like it did) to have this capability. LetsEncrypt came about to make this free and accessible to everyone. The downside is that the certificates are only valid for 90 days instead of a year, but you get what you pay for.
I am moving to this model because my vendor of SSL, Digicert changed their model and now I can’t renew certificates without spending another $600 on top of the $5k I’ve already spent. So I am moving to LetsEncrypt.
LetsEncrypt is a SSL company that uses a software package called certbot that can automatically create and install certificates that are trusted to systems.
My DNS host provider, however, is not one of their partners. However, they do allow me to edit records on the fly, which is important since that is how LetsEncrypt verifies that you own the domain and won’t generate a certificate if you don’t. This means that I can’t automate the deployment or the generation, and I have to run the following command to update my certificates every 90 days. Some of my systems can be automated, which those, like this one that runs my web server, can. However, I do have some systems like my Virtual Center server or my Email server that use Wildcard or a single certificate to cover multiple servers. This blog will discuss how to do this, mainly so that in 90 days I can remember how to do this.
So, on to how to do this.
First, install certbot on a machine. Since I’m a Linux person, and I used Ubuntu, I installed this on my local machine:
sudo apt update
sudo apt install letsencrypt
This installs the base LetsEncrypt software with no plugins. Since my DNS provider does not have a plugin, I have to do this manually.
I also had to add the wildcard, or “*” to my domain to prove I owned the domain, so I logged in to my DNS provider, and created an “A” record that pointed to my webserver with the *.lucaswilliams.net name. This will allow me to use this certificate on any of my server inside my lucaswilliams.net domain. Very useful for virtual server for VMware, email, and other servers that need HTTPS and SSL Certificates.
Once I created the wildcard domain entry in my DNS record. I then went to the terminal on my Linux machine and typed the following:
for the --server https://acme-v02.api.letsencrypt.org/directory line, you have to use this server to create the certificate as this is the only one that LetsEncrypt uses to for this requirement.
After hitting enter to start the process, I was presented a prompt asking if I wanted to share my information and details about the certificate, which I replied “N” but if you want you can.
The next prompt is the important one. It looks like the following:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:
_acme-challenge.domain.com.
with the following value:
q12yr1dyFyrh143HHRTe42HH_hf#1d7&ewftgs8H
Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.domain.com.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
I then logged into my DNS provider and created this TXT record and then hit enter in the terminal to complete the key generation. LetsEncrypt verified the record and created my certificates in /etc/letsencrypt/live/domain.com. You will need ‘root’ access for the live directory, so I ran sudo -i to change to root user and access the certificates.
I then copied the privekey.pem and fullchain.pem files to my servers and renamed them to what the system understands as the private key file and the certificate file.
The biggest takeaway from this is that LetsEncrypt will let us create certificates for our systems for free, however, they only are valid for 90 days which means that we have to do this every 3 months. Some systems can be fully automated if their names don’t change or the certificate is used only for validation and verification of the site and name, but more complex certificates, like email verification and signature signing, this is the way to go for that.
If any of you know of a better way of doing this, please let me know and I’ll share it and give you credit for the improvment!
Hello everyone! Been a moment since my last blog update. This is a special one that I have been wanting to write, but wanted to wait until I actually had to do it so I can show real world examples, and boy, is this one for the record books.
So, my secondary KVM server has a 5 disk hot swappable chassis that I bought on NewEgg about 7 years ago that allows you to install 5 SATA disks and these disks are connected to the mother board from the chassis into the 5 SATA ports. This allows me to hot swap the hard drives if they ever fail, and well, two of them did about a month ago. The system is setup as a RAID-5. So all of the disks are members of the RAID and then the 5th disk is a Hot Spare. Well, Disk 4 and 5 failed together. Basically, disk 4 failed, and while 5 was becoming the 4th disk, it failed. Luckily the Array was still good, but now I need to replace the failed disks.
I bought 2 new 2TB disks from NewEgg and installed them in the array. Unfortunately, the system does not automatically detect new drives installed or removed, so I had to run the following commands to get the disks recognized by the system.
I then listed the /dev/ directory to make sure that /dev/sdd and /dev/sde were no longer being seen as they have been removed. I also checked the raid configuration to make sure that they were not listed any longer:
mdadm -D /dev/md0
mdadm -D /dev/md1
Both arrays no longer listed the failed disks, so I’m ready to physically add the new disks.
I installed the new disks. Now I need to re-scan the bus for Linux to see the disks:
I then listed the /dev directory and I can now see the new disks, sdd and sde.
I then need to make sure that they have the correct format and partition layout to work with my existing array. For this I used the sfdisk command to copy a partition layout and then apply it to the new disks:
I then check the status of the array to make sure it is rebuilding:
mdadm -D /dev/md0
mdadm -D /dev/md1
The system shown it was rebuilding the arrays and at the current rate it was going to take about a day.
The next day I go and check the status, and low and behold I found out that disk 5 (sde) had failed and was no longer reporting in. I got a bad disk shipped to me. So I contacted NewEgg and they sent me out a replacement as soon as I sent them the failed disk. Luckily it was the hot spare so it didn’t have any impact on the system removing it or adding it back, but I did run the following command to remove the spare from the array and then re-scanned the bus so that the disk was fully removed from the server:
The MDADM reported that there was no longer a spare available and the listing of the /dev directory no longer shown /dev/sde. A week later, I got my new spare from NewEgg and installed it and ran the following:
I have a new blog entry on something I just noticed today.
So I typically don’t use LVM in my Linux Virtual Machines, mainly because I have had some issues in the past trying to migrate VM’s from one hypervisor type to another, for example, VMware to KVM or vice versa. I have found that if I use LVM, I have mapping issues and it takes some work to get the VM’s working again after converting the raw disk image from vmdk to qcow2 or vice versa.
However, since I don’t plan on doing that anymore (I’m sticking with KVM/Qemu for the time being) I have looked at using LVM again since I like how easy it is to grow the volume if I have to in the future. While growing a disk image is fairly easy, trying to grow a /dev/vda or /dev/sda is a little cumbersome, usually requiring me to boot my VM with a tool like PMagic or even the Ubuntu install media and using gparted to manipulate the size and then rebooting back into the VM after successfully growing it.
With LVM, this is much simpler. 3 commands and I’m done, and don’t need a reboot. Those commands:
pvdisplay
lvextend
resize2fs
Now, One thing I have noticed after a fresh install of Ubuntu Server 22.04.2, using LVM, I don’t get all my hard drive partition used. I noticed this after I installed, I ran df -h and noticed that my / folder was at 32%. I built the VM with a 50G hard drive, yet df was only seeing 23GB. I then ran
sudo pvdisplay
Sure enough, the device was 46GB in size. I then ran
Howdy everyone, been a while since I’ve had a post but this one is long overdue.
I’m still working in Networking, and every once in a while, I need to update the ONIE software on a switch, or even create a KVM version for GNS3 so that I can test latest versions of NOS’s.
Well, a lot has changed and improved since I had to do this. ONIE now has a build environment using DUE, or Dedicated User Environment. Cumulus has made this, and it is in the APT repos for Ubuntu and Debian. This does make building much easier as trying to build a build machine with today’s procedure from OCP’s GitHub repo is 100% broken and doesn’t work. They still ask to use Debian 9, which most of the servers hosting packages have been retired since Debian 9 has EOL’d. I’ve tried with Debian 10, only to have packages not be supported. So I found out about DUE and was having issues with that, but after much searching and reading, I finally found a way to build ONIE images successfully and consistently.
Just a slight Caution: At the rate of change with ONIE, this procedure can change again. I will either update this blog or create a new one when necessary.
So, lets get to building!
The first thing I did, was install Docker and DUE on my Ubuntu 22.04.4 server
This download and sets up the build environment to build ONIE based on Cumulus’s best practices. Once this process is complete, we now get into the environment with the following command:
due --run -i due-onie-build-debian-10:onie --dockerarg --privileged
You are now in the Docker Container running Debian 10 and has the prerequisites for building ONIE already installed. Now we need to clone the ONIE repo from GitHub and do some minor settings to make sure the build goes smoothly.
mkdir src
cd src
git clone https://github.com/opencomputeproject/onie.git
I then update the git global config to include my email address and name so that during the building process when it grabs other repos to build, it doesn’t choke out and die and tell me to do it later:
So, I am building for a KVM instance of ONIE for testing in GNS3. First thing I need to do is build the security key
cd onie/build-config/
make signing-keys-install MACHINE=kvm_x86_64
make -j4 MACHINE=kvm_x86_64 shim-self-sign
make -j4 MACHINE=kvm_x86_64 shim
make -j4 MACHINE=kvm_x86_64 shim-self-sign
make -j4 MACHINE=kvm_x86_64 shim
I had to run the shim-self-sign after the shim build option again to create self-signed shims after creating the shim, and then had to run shim again to install the signed shims in the correct directory so that ONIE build would get pass the missing shim files.
Now we are ready to actually build the KVM ONIE image.
make -j4 MACHINE=kvm_x86_64 all
Now, I’m not sure if this is a bug or what, but I actually had to run the previous command about 10 times after every time it completed, because it didn’t actually complete. I would just press UP on my keyboard arrow key to re-run the previous command, and I did this until I got the following output:
Added to ISO image: directory '/'='/home/wililupy/src/onie/build/kvm_x86_64-r0/recovery/iso-sysroot'
Created: /home/wililupy/src/onie/build/images/onie-updater-x86_64-kvm_x86_64-r0
=== Finished making onie-x86_64-kvm_x86_64-r0 master-06121636-dirty ===
$
I then ran ls ../build/images to verify that my recovery ISO file was there:
I then logged out of the DUE environment and my ISO was in my home directory under the src/onie/build/images/onie-recovery-x86_64-kvm_x86_64-r0.iso file. From here I was able to upload it to my GNS3 server and create a new ONIE template and map the ISO as the CD-ROM and created a blank qcow2 hard disk image to use the recovery and build the image to use on my GNS3.
One thing to note is that this procedure is for building the KVM version of ONIE. To build others, just change the MACHINE= variable to be what ever platform you are building for.
Good luck and let me know in the comments if this worked for you.
Hello everyone. It’s been a while, almost a year. I have an updated blog that I have written for my company I work for, BE Networks. The link is below. Please enjoy and please share and comment.
Hello everyone. I hope you are all doing well and staying safe!
I wanted to document this procedure for clearing out an email box in Zimbra. I recently had to update my Zimbra mail server and I noticed that my admin account was strangely full. Over 200,000 messages in the inbox. Looking at it, they ended up being storage alerts that the Core snap in my Ubuntu Server was out of disk space. This is normal for snaps since they are SquashFS file systems for the applications they run and that is how they are designed. However, the amount of alerts was quite amazing.
Since I’m not using snaps on this system, I removed the core snap and all of it’s revisions, and then removed snapd from the system so that the alerts would stop. I did this by doing the following:
$ sudo snap list --all
This listed all the snaps and revisions running on my mail server. I then noted the revision number and removed all the disabled snap versions of core by running the following:
$ sudo snap remove --revision=xxx core
where xxx is the revision number of the snap. I ran this twice since snaps only keep the previous two versions by default. I than deleted snapd from the system so that it won’t update and remove the core snap from the system:
$ sudo apt purge snapd
After this ran, I ran df -h to verify that the /dev/loop2 which is where core was mounted on my system was no longer mounted, which it wasn’t. Since I don’t plan on using snaps on this system, I have no issues.
Next, I needed to delete the over 200,000 alerts in the admin account. I tried to use the web UI to do this, but it was taking forever. After some Google searching and reading the Zimbra documents, I found out about the command zmmailbox.
Since I didn’t care about any of the email in the mailbox, I was ready to just delete the entire contents. Use the following commands to do it:
