Installation Guide for Collectd and Collectd-Web to Monitor Server Resources in Linux

By

-

November 29, 2017

Collectd, a Unix daemon that collects statistics related to system performance and also provides means for storing the values in different formats like RRD (Round Robin Database) files. The statistics gathered by Collectd help to detect the current performance blocks and predict system load in future.

Collectd-web is a web-based front-end monitoring tool for RRD data gathered by Collectd. It is based on contrib/collection.cgi which is a demo CGI script included in Collectd. It interprets and generates the statistics in the form of graphical HTML page that can be executed by the Apache CGI gateway with minimum configurations needed on Apache web server side.

The graphical web interface with the produced stats can also be executed by the standalone web server provided by Python CGI HTTP Server script, a pre-installed script with the main Git repository.

In this tutorial, you will learn the installation process of Collectd service and Collectd-web interface on CentOS7/Fedora/RHEL and Ubuntu/Debian based systems with minimum configurations required to be done for running the services and enabling a Collectd service plug-in.

Step 1:- Install Collectd Service

The basic task of Collectd daemon is to collect and store data stats on the system that it runs on. You can download and install Collectd package from the default Debian based distribution repositories by running the following command –

On Ubuntu/Debian

# apt-get install collectd			[On Debian based Systems]

Image Source: tecmint.com

On RHEL/CentOS 6.x/5.x

If you have older RedHat base systems like Fedora/CentOS, you need to enable EPEL repository first on your system and then install Collectd package from it.

# yum install collectd

On RHEL/CentOS 7.x

You can install and enable EPEL repository from default yum repos as displayed below –

# yum install epel-release
# yum install collectd

Image Source: tecmint.com

Note: If you are a Fedora user, there is no need to enable any third-party repositories. Only type yum, to get the Collectd package from default yum repositories.

2. Once the installation of package is done on your system, to start the service run the below command –

# service collectd start			[On Debian based Systems]
# service collectd start                        [On RHEL/CentOS 6.x/5.x Systems]
# systemctl start collectd.service              [On RHEL/CentOS 7.x Systems]

Step2: Install Collectd-Web and Other Dependencies

3. Ensure that the Git software package and the below required dependencies are installed on your machine prior to importing the Collectd-web Git repository.

----------------- On Debian / Ubuntu systems -----------------
# apt-get install git
# apt-get install librrds-perl libjson-perl libhtml-parser-perl

Image Source: tecmint.com

----------------- On RedHat/CentOS/Fedora based systems -----------------
# yum install git
# yum install rrdtool rrdtool-devel rrdtool-perl perl-HTML-Parser perl-JSON

Image Source: tecmint.com

Step 3: Import Collectd-Web Git Repository and Modify Standalone Python Server

4. Next select and change the directory to a system path from the Linux tree hierarchy in order to import the Git project and then run the command below for cloning Collectd-web git repository –

# cd /usr/local/
# git clone https://github.com/httpdss/collectd-web.git

Image Source: tecmint.com

5. After the Git repository is imported on your system, enter the Collectd-web directory and list the contents for identifying the Python server script (runserver.py), which will be modified in the next step. Don’t miss to add execution permissions to the following CGI script: graphdefs.cgi.

# cd collectd-web/
# ls
# chmod +x cgi-bin/graphdefs.cgi

Image Source: tecmint.com

6. A by default configuration of Collectd-web standalone Python server script is set to run and bind only on loopback address (127.0.0.1).

If you want to access Colletd-web interface from a remote browser, edit the runserver.py script and change the above IP address to 0.0.0.0, to bind on all network interfaces IP addresses.

If you want to bind only to specific interface, use that interface’s IP address (don’t use this option if your network interface address is dynamically allocated by a DHCP server). Below is the screenshot for the appearance of the final runserver.py script –

# nano runserver.py

Image Source: tecmint.com

You can modify the PORT variable value in case you want to use another network port.

Step 4: Run Python CGI Standalone Server and Browse Collectd-web Interface

7. Once the standalone Python server script IP address binding is modified, start the server in the background with the below command –

# ./runserver.py &

Alternate method – Call the Python interpreter to start the server with the below command –

# python runserver.py &

Image Source: tecmint.com

8. You can view the Collectd-web interface and statistics about your host by simply pointing the URL at your server IP address and port 8888 using HTTP protocol.

http://192.168.1.211:8888

You will by default see several graphics about disk usage, CPU, network traffic, processes, RAM and other system resources when you click on the host name displayed on Hosts form.

Image Source: tecmint.com

9. If you want to stop the standalone Python server, cancel or stop the script by hitting Ctrl+c key or simply use the command below –

# killall python

Check out more about linux servers here – https://www.eukhost.com/vps-hosting/linux.php

How to Manage Your Cloud Identities

By

Kevin Korte

-

November 28, 2017

The need to securely authenticate and authorize users and services is not restricted to the traditional IT infrastructure. In the cloud, where it takes just a few clicks to sign up to a new service and roll it out for the whole company, staying in control of your own identities is of particular importance. Only centralized user accounts allow you to keep control of all passwords and policies and keep you solely responsible for preventing leaks of authentication data. Luckily, centrally managed accounts are one of the things users like as well. It gives them the option to log in to many cloud services with one single identity that they use for their workstations anyway.

Therefore, let us first explore the benefits of running your IdM before stepping into the technologies used to connect some of the favorite cloud services.

Why Stay in Control of Your Identities

Today many identity management systems are offered to big and small companies. Some are based on open source software while others are based on proprietary software. However, many of them have in common that you cannot easily migrate your identities to a different service, for example, if you are not any more happy with it. Only if you have access to the backend, as you have with UCS or other Open Source Solutions, in addition to the shiny interface, can you genuinely choose where you want to store your identities. Having access to the backend and platform and being able to determine where your IdM runs, gives you distinct advantages over a closed management system that only provides you with a frontend and some connectors.

Firstly, an open platform and a directory allow you to connect your identities to the services of your choice instead of connecting them to the services approved by your IdM vendor. While in many cases all will use the same underlying open protocols to facilitate the connection, it is all too easy for a provider to block connections if a competing offer gives a considerable incentive to do it.

Just imagine, you successfully migrated all your emails to a new email provider, and suddenly your IdM provider decides not to support this provider anymore. You then have to choose whether to migrate your emails and your identities or to accept the management overhead of having two separate systems.

Secondly, if you are in control of the backend, it becomes possible to support further protocols by combining different open source projects. As an example, UCS currently offers, among others, connectors to quickly provision and manage identities used within Office 365 and G-Suite. As the backend is well documented and accessible to anyone running a UCS instance, it only will take a few lines of python code to provision Dropbox with the same information already in use. Without access to the backend, it becomes impossible to do these changes.

Technologies for a Connected Cloud

After looking at the reasons why you would like an open Linux based identity management system, let us focus on the technology used to create a central user identity management system.

Traditional Authentication and Authorization Stack

Traditional authentication and authorization protocols, such as LDAP and Kerberos, have been designed to work over both unreliable and untrusted connections. Thus, they can be used for authentication in the cloud as well. And often you find them when connecting your services, sometimes under the name AD services. LDAP connections can offer both authentication and authorization protocols. Or it can only provide the authorization and user management part, leaving the user authentication to Kerberos.

The reason to utilize the combination of LDAP and Kerberos is that an LDAP connection is established only between the authentication source and the service. The user enters his credentials thus with the service, and the service is then using the LDAP connection to authenticate the user. This process allows any service to phish the credentials of your users.

Kerberos, while offering a secure and trusted way to verify the password, has the disadvantage that the user needs to be able to reach the KDC on a protocol and ports that public networks most often block.

Thus, both protocols are more commonly used in on premises scenarios where the IT department is in control of both the systems and the network. Of course, both offer an excellent choice as a backend for the more purpose-built protocols, a scenario which can also be found in UCS.

Purpose-Built Authentication Protocols

Alternatives to the traditional protocols are purpose-built languages that utilize many of the design ideas behind Kerberos but are working with HTTP connections and cookies for the communication between the user, the authentication source, and the service. The three most popular ones are the Security Assertion Markup Language, commonly known as SAML, the Central Authentication Service, in short CAS, and OpenID.

OpenID has its origin in a more web-like approach. Many independent notes trust each other to authenticate their users and provide parts of their user identities without releasing their passwords. What differentiates OpenID from the other two protocols is that there is no needed trust between the identity provider and the service provider. The basic idea was that you provide a unique URL from your identity provider to authenticate yourself and any service provider will accept your identity.

SAML and CAS, in contrast, rely on a controlled federation of service providers and identity sources. Usually, the administrator of the identity provider has to establish a trust relationship to a particular service before the user can authenticate with his account at that specific service.

The authentication itself is similar in most cases. The user goes to the website of the service and enters his ID, in most cases as an email address. Afterwards, the service redirects the user to the particular identity provider that was identified to belong to the address or domain. The user enters his credentials at the identity provider website and gets a token that authenticates him at the services. This description is only a general overview. There are numerous minor differences and possible enhancements that set the different languages apart from each other, but all identify the user and authorize him to use a particular service.

User Defining Attributes

Identifying users is an essential but only small part of managing your users. However, it is the better defined and standardized part. The more significant challenge often is to provision the users in a particular service and to provide well-known attributes associated with an account such as the name of the user or his email address.

Just think about the following scenario. The company uses the first letter of your first name, the first letter of your last name and a random identifier, e.g., KK987654@idp.univention.com as the identifier for authenticating the users. G-Suite will at least need your email and name to create a professionally looking sender in every email. Dropbox, on the other hand, might need your group memberships to add you to a specified folder but might also want your email to be able to notify you when one of your folders changes.

Unfortunately, most services provide their custom API, making connectors, such as our G-Suite connector, necessary for provisioning users within the respective applications. Of course, most services offer their toolkits for the integration. However, there is little standardization between these APIs, thus the need for many different connectors.

For some time it seemed that OAuth appeared to gain traction in overcoming this particular issue. OAuth thereby represents a standardized set of APIs that allow a user to share its identity and attributes without sharing the actual login. It is still common today, whenever you hit a button “Log in to Google” or “Log in to LinkedIn”, there is an OAuth data transfer happening in the background. However, this convenience does not extend beyond the handful of providers in the customer space.

Conclusion

Providing centralized identities in the cloud to your users, enables you to manage your users in one convenient location and provision them to different cloud services. The same applies for changing or deleting a user, adding to the convenience of managing your user base in a cloud-centric world.

Most importantly, however, it increases the comfort of your users who only need a single username and password without needing to worry that one hacked service would compromise all other logins.

Accordingly, a central identity management system, such as UCS, which encompasses your cloud services, should be a fundamental part of any IT department.

Java Microservices, Resiliency, and Istio

By

The Linux Foundation

-

November 28, 2017

This article is part of the KubeCon + CloudNativeCon North America 2017 series.

KubeCon + CloudNativeCon gathers all Cloud Native Computing Foundation (CNCF) projects under one roof to further the advancement of cloud native computing. At the upcoming event in Austin, Animesh Singh and Tommy Li of IBM will discuss how to build, deploy, and connect Java microservices with Istio service mesh. In this article, Singh offers a preview of their presentation.

Linux.com: Microservices and Java are being mentioned together very frequently. What’s the current state?

Animesh Singh: Microservices, Java! These two terms go together very well: there are excellent frameworks in place to support building epic microservices in Java. Microservices are containerized in one way or another, and there’s some movement in the Java ecosystem around how those containers are built. The Java community has been using Java EE within a microservices architecture for quite a while now, and it has resulted in multiple approaches, both in product implementations and design patterns.

You can pack everything into one “uber-jar” that you shove into a more generic Java container, or you can deploy a thinner WAR file into a more tailored image. The end goal for either approach is similar — a lightweight container with simple configuration that boots quickly using only essential components. Some frameworks that are becoming popular in this space include MicroProfile and Spring Boot.

Linux.com: Can you shed some light on MicroProfile microservices framework and where it is headed?

Singh: Sure. So what began as a collection of independent discussions and many innovative microservice efforts within existing Java EE projects — for example, WildFly Swarm, WebSphere Liberty, TomEE, and others — have finally coalesced around common ground to form MircoProfile. MicroProfile is a baseline platform definition that optimizes Enterprise Java for a microservices architecture.

Linux.com: So with these proliferation of microservices, where you can have 100s and 1000s of instances running, would`t resiliency and fault tolerance become very important? Do these frameworks provide and resiliency features?

Singh: Yes. Since we are talking about MicroProfile, MicroProfile 1.2 had recently added a lot of resiliency features like Circuit breakers, Health checks, Retries/Timeouts etc. which can be enabled by simple changes in code/configuration.

Linux.com: Nice. But what if you don’t want to change your application code? And if you are running polyglot microservices?

Singh: Great question. That`s where Service Mesh architecture shines. Istio provides an easy way to create this polyglot service mesh by deploying a control plane and injecting sidecar containers alongside your microservice. Istio adds fault-tolerance to your application without any changes to code. By injecting Envoy proxy servers into the network path between services, Istio provides sophisticated traffic management controls, such as load-balancing and fine-grained routing, as well resiliency and fault tolerant mechanisms

Linux.com: And finally where can I learn more about these?

Singh: Join our talk at Kube Con in Austin, as well as visit the IBM Code site to try our pattern we have created for Java and Istio resiliency.

Animesh Singh is an STSM and Lead for IBM Cloud, Containers and InfrastructureDeveloper Technology. He has led major initiatives for IBM Cloud and Bluemix and currently works with developers to design and develop cloud-computing solutions around Kubernetes, Docker, Serverless, OpenWhisk, OpenStack and Cloud Foundry.

Long-Term Linux Support Future Clarified

By

ZDNet

-

November 28, 2017

In October 2017, the Linux kernel team agreed to extend the next version of Linux’s Long Term Support (LTS) from two years to six years, Linux 4.14. This helps Android, embedded Linux, and Linux Internet of Things (IoT) developers. But this move did not mean all future Linux LTS versions will have a six-year lifespan.

As Konstantin Ryabitsev, The Linux Foundation‘s director of IT infrastructure security, explained in a Google+ post, “Despite what various news sites out there may have told you, kernel 4.14 LTS is not planned to be supported for 6 years. Just because Greg Kroah-Hartman is doing it for 4.4 does not mean that all LTS kernels from now on are going to be maintained for that long.”

The Structure of Day 2 Problems

By

Container Solutions

-

November 28, 2017

Companies who adopt Cloud Native technologies and principles sooner or later (often sooner) bump into Day 2 problems. This is not because the tooling is bad but rather the opposite – the tooling is excellent. This means that it’s easy to get started with and therefore easy to get into trouble with. In this blog, we’ll look at the dynamics that propel our customers forward on their Cloud Native journeys. We’ll also see that there is a structure for ‘getting into trouble’. To understand that, we’ll take a look at the Hero’s Journey focussing specifically on Perseus and his fight with the Kraken before we look at the Cloud Native Journey and the lessons it teaches us.

We know, nowadays, that we recall information more easily when it’s organised as a story. This quirk of our brains is why a the number of narrative patterns is limited, according to one writer, to only seven. One such pattern is the Hero’s Journey. We can see how this works by looking at the Grecian myth of Perseus.

containerd Namespaces for Docker, Kubernetes, and Beyond

By

Moby Project

-

November 28, 2017

Recently, we merged containerd 1.0 beta support into Moby. You can view the pull request https://github.com/moby/moby/pull/34895 for more information on the integration. The kubernetes team also released the first alpha release of cri-containerd with containerd 1.0 beta support a few weeks ago.

With multiple clients of containerd completing their integrations, it is a great time to talk about how multi-client support works in containerd and how we built containerd to handle multiple clients from the ground up, without having to worry about name collisions, resource management, and the scope of the API.

The Politics of the Linux Desktop

By

OpenSource.com

-

November 28, 2017

If, as I do, you believe in open source, and particularly if you work within the open source community or are employed by an open source organisation, I struggle to see why you would even consider not using Linux.

I’ve spoken to people about this (of course I have), and here are the most common reasons—or excuses—I’ve heard.

I’m more productive on Windows/Mac.
I can’t use app X on Linux, and I need it for my job.
I can’t game on Linux.
It’s what our customers use, so why we would alienate them?
“Open” means choice, and I prefer a proprietary desktop, so I use that.

8 Privacy-Oriented Alternative Search Engines in 2017

By

-

November 28, 2017

In this age of the internet, you can never be too careful with your privacy. Use these alternative search engines that do not track you.

Google – unquestionably being the best search engine out there, makes use of powerful and intelligent algorithms (including A.I. implementations) to let the users get the best out of a search engine with a personalized experience.

So, to address the netizens concerned about their privacy while using a search engine, I have curated a list of privacy oriented alternative search engines to Google.

Best 8 Privacy-Oriented Alternative Search Engines To Google

Do note that the alternatives mentioned in this article are not necessarily “better” than Google, but only focuses on protecting users privacy. Here we go!

Top 17 Photo Editing tools for Linux OS

By

Karl Johnson

-

November 28, 2017

In this graphical era, an operating system cannot handle professional image editing services, can you imagine? There is such a rumor about Linux. Linux is an operating system. Many people think that is it not so much rich in graphical works like photo editing. Even Adobe itself has not made any of their products for Linux. But still there are many photo editing tools that can be used in Linux for image manipulation purposes.

The tools discussed in this content below are either free or some of them are premium. But, you can use them even if you are a Linux user. To use some of the windows applications, you need to install WINE that will create a windows environment in your operating system

1.GIMP

GNU Image Manipulation Program (GIMP) is a free and open source image editing software that is compatible with most of the operating systems. But, it is specially created for the Linux. Since it is an open source tool, you can change its source code and distribute the changes. It is very rich with many tools and plugins which are very useful for the graphic designers, photographers, illustrators, scientists, etc. This tool will enable you to perform all types of image enhancements such as high quality photo retouching, restoring, cropping, resizing, drawing, creative photo manipulation, color correction, and many more. You can also create icons, graphical arts, UI components and mock-ups, and many mores.

2.Photoshop WINE

Normally you cannot use Adobe Photoshop in Linux. Yet there is something to do, if you want to use it in this operating system, you have to install WINE that will create a widows environment in Linux OS and thus you can use Photoshop as well as many other windows based tools. Photoshop is the most popular image editing tool that enables you to do all types of photo manipulation works.

3.Krita

It is a part of the KDE project. It is mainly a digital painting program that allows you to create art how you like. You can create art manually by your hand or you can use mouse and keyboard. It is a very rich tool kit which works well with Linux. It is capable to compete with the contemporary proprietary tools in the digital painting arena. Anyway, Krita can open PSD. It also can open various high resolution raw images and capable of exporting to JPG, PNG, and GIF.

4.Inkscape

This is a very powerful vector graphic tool that suits with Linux. This tool is best for creating logos and many types of digital graphics. You will get here many ways to draw the graphics you like because it offers you a path tool and a freehand drawing pencil. It has multiple pre-defined shape tools and texts, and you can import images and convert to vector graphics. You will get anti-aliased rendering and transparency in images. The file type Inkscape can read SVG, and it also can scan & edit PDF, PNG, PostScript, etc. Inkscape has a user-friendly interface that lets you handle its many tools & options skillfully.

5.Raw Therapee

This tool is for the photographers. They work with raw images to enhance their images. Raw Therapee can work with Linux and it works almost same as the Lightroom. This tool is very rich with a lot of tools and options that allows the photographer to edit their raw photos. They can edit colors, focus, light, and clean the visual artifacts. It can process high resolution images involving with most of the modern operating system and it has the ability to export JPG, PNG, and TIFF images. So, if you are a Linux user, you can use to edit your raw photographs.

6.Darktable

Like the Raw Therapee, this tool is also for the photographers. It can work with the raw images. Its most suitable issue is that it can work on the image without destroying the originals. This tool has GPU acceleration and it is much enriched with a lot of tools and option that will enable you for color adjustment of the images. It can make a raw photo flawless reduces all kinds of shortcoming. You can perform any kind of post-production work on your image with Darktable. It will provide you a wide range of tools to filter and modify your raw photograph.

7.Pinta

It is an open source and cross-platform tool. It is used to draw and edit bitmap image. This tool is same as the windows Paint.net program featuring with a plenty of drawing tools, filters, and color adjustment tools. Pinta is also rich with unlimited undo history, multiple language support, and a flexible arrangement of toolbar. It supports image layers. To use Pinta is simple and easy, and you can install this tool in your Linux OS for quick photo editing.

8.Digikam

You can install Digikam in your Linux OS as it is a free and open source image editing software and tag editor. This software supports almost all the major image file formats viz JPEG, PNG, and more than 200 RAW file formats. You can add captions, ratings, and tags. There are numerous plugin support for Digikam. You can direct export your images to many of the social and photo sharing sites. It is the only free tool for Linux that supports 16 bit/channel images.

9.ShowFOTO

One of the finest Linux software is ShowFOTO which is an image editor under the digiKam project. This tool is totally free and you can download and install in your Linux OS. It is much enriched with all the latest and standard image editing tools & options. For example transformation, adding effects, filtering, metadata editing, etc. are the basic functionalities of this software. This imaged manipulation tool is very light and it is fantastic that it doesn’t need any support of other software to be installed.

10.Fotoxx

It is a digital photo editing tool which lets you to access through a big image directory. It can create easily HDR images, Panoramas or 306⁰ photos, adjust color and brightness, image rotation, image cropping, sharpen, resize, etc. It is also capable of reducing noise, changing color depth, image stretching, and many mores. In short, all the color related shortcomings can be solved using this image editing tool that suits well in Linux. So, if you are a Linux OS user, don’t head bang for Adobe Photoshop Lightroom, install this software.

11.F-shot

This is an image editing tool that best suits in Linux OS. This full-featured tool can be utilized for your personal photo retouching. It enables you to retrieve, manage, edit digital images, and more. It will allow you to prepare slides hows, photo rotation, cropping, resizing, color adjustment, etc. You can also create Photo CDs. This software will provide you the facility of exporting images to the different websites like Flickr, Picasa, online photo gallery, etc.

12.UFRaw

Unidentified Flying Raw (UFRaw) is a raw image editing tool for the Linux users. It can read and manipulate RAW image files. It can be used as an individual software and you can also use this tool as a GIMP plugin. It can be very useful software for the photographers. They can edit any raw image quickly to correct any color related issue.

13.GTKRawGallery

This is also a free and open source image editing and retouching tool. It works with raw images using many tools such as Exiftool, Dcraw, Imagemagick, etc. By this software, you can edit post production images. You can add image tags and color management. This tool will give you a print support. You can upload your images into Dropbox using it. It has the option to publish your photos directly to the social sites like Facebook, Flickr, Picasa, etc.

14.LightZone

It is a photo editing tool that is free and open source. You can download and use in your Linux OS. It will produce non-destructive images. It can be used in various RAW image formats. LightZone is functionally very near to Photoshop Lightroom. It can produce JPEG with metadata.

15.Pixeluvo

This is a photo editing tool that offers two designs based on the usage complexity. One is easy and another is advance to use. You can manipulate your images using this software. It is non-destructive and you will get adjustment layers, color correction tools, realistic drawing tools, many image enhancement filters, etc. Anyway, Pixeluvo is a paid cross platform application. But, you can enjoy 30 days complete trial basis. You can install it in Linux alternative to Photoshop or Lightroom.

16.Photovi

If you are a Linux user, you can install Photovi on your machine because it is free and open source image editor. This tool allows RAW and bitmap file processing. It works under 16-bit processing and it is also a non-destructive tool. Using this software, you can do all kinds of color based image editing works. It needs a high performing computer and advanced level user, primarily is not for the beginners.

17.AfterShot Pro

This software is a commercial and proprietary raw photo manipulator which is created by Corel. AfterShot is based on the Bible and it is acquired by Corel. It is remarkable for offering a native and updated Linux version. Later, Corel publishes version 2 without the suffix ‘Pro’. This version is more limited and it has no longer tool “Perfectly Clear Noise Removal”.

Linux users can use these image editing tools for creating outstanding images. Though they cannot use Adobe products suited for windows without WINE, they have many high performing image processing software featured with a wide range of tools & options. These editors can be the alternative of Adobe products because they can also create high-res professional images.

’Big Four’ Linux Companies Shift Open-Source Licensing Policies

By

Linux.com Editorial Staff

-

November 27, 2017

Red Hat, Facebook, Google, and IBM commit to providing a fair cure period to correct open-source GPLv2 software license compliance issues.’

The GNU Public License version 2 (GPLv2) is arguably the most important open-source license for one reason: It’s the license Linux uses. On November 27, three Linux-using technology powers, Facebook, Google, and IBM, and the major Linux distributor Red Hat announced they would extend additional rights to help companies who’ve made GPLv2 open-source license compliance errors and mistakes.

This follows in the footsteps the Linux kernel project, which recently adopted this approach in its Linux Kernel Enforcement Statement, and the Free Software Foundation and Software Freedom Conservancy, which embodied the concept in their Principles of Community-Oriented GPL Enforcement.