Project: Connect LG 5K Display to PC

As I mentioned, I’m building a new Linux based desktop PC – currently running RHEL 8. Since I’m planning it as a primary desktop system for my home lab, I want to eventually migrate workflows from MacBook Pro to the new PC – and this means I want to use my existging LG 5K UltraFine 27″ display. This seemed like an interesting Unix Tutorial Project from the very start!

Work In Progress

WARNING: this is a work in progress article, I plan to revisit and update it in the next few weeks/months.

LG 5K UltraFine Display

This is a great 5K display that’s still one of the only few options available for getting 5K resolution display in macOS without buying an iMac or iMac Pro from Apple.

It’s great for photography and excellent for day-to-day use cause all the browser, documents and terminal windows are super crisp. You’ll get similar results on 4K displays available for PCs but LG 5K UltraFine has better colour gamut and screen brightness than most.

Here’s how it looks:

… on the back, as you can see, there are only USB-C format ports: 1 for input and 3 for additional devices:

Why Using LG 5K on a PC is Tricky

LG 5K is a stunning monitor, created by LG in collaboration with Apple, specifically for use with Apple laptops. This poses four complications for anyone planning to use LG 5K with non-Apple hardware:

  1. You need Thunderbolt over USB-C Connectivity
  2. You need drivers for supporting camera, microphone and ambient light sensor that are installed in the LG 5K display
  3. You need software support for LG 5K brightness controls (there are no control buttons on this display – I kid you not!)
  4. You need software/drivers support for the 5K display – it’s called display tiling support

LG 5K display in Linux

So far, I figured out Issue 1, kind of started looking into Issue 2, ignored Issue 3 altogether and spent considerable amount of time with no result on Issue 4.

WARNING: I haven’t completed this project yet, meaning I get output via USB-C connector into LG 5K Display, but it’s not 5K resolution yet.

Display Tiling for 5K+ resolutions

Because many interfaces simply don’t have the bandwidth to push all these 5K+ pixels at acceptable (30Hz or 60Hz) rates, there’s a commmon workaround in hi-res displays, called display tiling. Resolution of 5120×2880 pixels is very bandwidth hungry when it comes to video cable connection.

Display tiling means you connect your hi-res display over multiple ports. Each port appears to be a separate display of typically half the resolution of your screen. Each of these virtual displays is called a tile, and your graphics adapter, its driver and possibly OS software should all support this tiling concept for a seamless experience – meaning your display appears to have 5K resolution, with software cleverly stitching tiles together into a single image you see.

In LG 5K case, half the display is driven by one tile of 2560×2880 pixels and another half is driven by 2nd cable and 2nd tile over it. Combined together, they give you the 5K resolution: 5120×2880 pixesl. But if you have old software or driver, you may see just half the screen image or sub-5K resolution.

Connecting LG 5K to PC over Thunderbolt 3

In short, Issue 1 is: this monitor has only one input: USB-C cable that actually acts as a Thuderbolt 3 cable. The idea behind it is great: you plug this cable into a MacBook, and magic happens:

  • MacBook shows output onto beautiful 5K display, with HiDPI support etc
  • Display devices like camera start working for video calls, etc.
  • Any devices you have plugged via USB-C ports on the back of the LG 5K display are presented to MacBook – so 5K display becomes a USB-C hub
  • Best of all: MacBook is getting charged over the same cable

In practice, this is super useful: no messy cables, all the stationery devices like USB drives and printers are plugged neatly into the back ports of the display and don’t even have to be touched. I plug a single cable from monitor into laptop and it all just works together!

But if I want the same functionality from a non-Apple PC, there’s immediately quite a few issues:

  1. USB-C ports your PC has are not going to work – they’re most likely USB 3.1 ports for connecting storage devices, meaning they don’t have DisplayPort functionality – so you have the correct port but it doesn’t have the correct functionality – no picture will be shown on the display
  2. There are not that many graphics cards that have USB-C form-factor output that will work with such displays
  3. There are even fewer graphics cards that can drive 5K over a single port

Thunderbolt 3 Add-In Cards

So what is the solution? You need to get one of them Thunderbolt 3 Add-In Cards (AIC). This here is the one I got, Gigabyte GC-TITAN RIDGE AIC:

Gigabyte GC-TITAN RIDGE rev1.0 AIC

Specifically, there are ASUS, ASrock and Gigabyte ones that I could find:

  • Asus
  • Gigabyte
  • ASrock

What Does Titan Ridge TB3 AIC Card Do?

AIC card provides full Thunderbolt 3 functionality – multiple 40Gbit/sec connectivity channels via USB-C ports. It’s mostly meant to be a storage adapter (similar to SCSI or RAID expansion cards), in a sense that you can connect high-speed directly-attached storage (DAS) units to it like small or large disk arrays.

BUT as it turns out, most of Thunderbolt 3 Add-In Cards also help with graphics output via USB-C interface. So you have two USB-C outputs and even a DisplayPort on my model:

DisplayPort output on the left, 2 USB-C outputs, 2 minDisplayPort inputs

The way Titan Ridge TB3 card works for graphics output is that it takes one or two miniDisplayPort inputs, converts the signal (up to 8K resolution is supported, apparently!) and outputs it via USB-C cable to a compatible display.

What this approach means is you still need a proper graphics card (GPU) installed in your desktop, but instead of plugging display into it (which you can’t do for USB-C), you do the next best thing:

  1. you plug TB3 adapter into graphics card (most likely over 2 cables)
  2. you plug your fancy USB-C connected monitor into the Titan Ridge TB3 card

Here’s how connectors work (showing just 1 DisplayPort input for now):

On the left is the USB-C Thunderbolt cable going to LG 5K Display

For LG 5K, you need to be sure to get Thunderbolt 3 card and not Thunderbolt 2 card – again, older card would have correct ports but incorrect functionality for 5K display. So it must be Thunderbold 3 card. And you definitely need 2 DisplayPort connectors going from graphics card into the Thunderbolt 3 AIC card, otherwise you’ll be limited to 4K resolution.

If you’re shopping, look by the technology name, introduced by Intel. Alpine Ridge is the older model (not suitable for 5K), Titan Ridge is the one you need.

I got myself the Gigabyte GC-Titan Ridge TB3 card, because my new desktop PC has a Gigabyte motherboard.

Installing Titan Ridge AIC for LG 5K

Here are the steps I took to configure this TB3 AIC card in my desktop:

Inspect external ports on the card to confirm their order – where 1st miniDisplayPort goes, where 1st USB-C/Thunderbolt output is, etc:

IMPORTANT: for 5K signal you need 2 DisplayPort connectors, so it’s important that you get 1st DP output on GPU into 1st DP input on the TB3 AIC card, and 2nd DP output into 2nd DP input.

On the AIC card itself, you have a bunch of ports.:

From left to right on this photo:

  • Thunderbold USB-C header (goes to your motherboard)
  • USB 3 header (goes to another port on your motherboard)
  • 2 PCIe type Power connectors

I suggest you connect all of them if your motherboard and power supply allow, but in my case I ended up disabling Thunderbolt support in BIOS and letting the AIC card figure things out.

Put TB3 AIC Card into PCIx4 Port

Don’t know why, but most motherboards as super picky about where you should put your Thunderbolt 3 Add-In Card: it may work anywhere, but best is to check which port is recommended.

For my Gigabyte Titan Ridge TB3 AIC, there’s this reference suggesting PCIe slot for each Gigabyte motherboard supporting it:

Motherboards with GC-TITAN RIDGE support

Based on the above, I actually realised my GPU was installed in the PCIe x4 slot so I moved it closer to CPU, into the fasted x16 slot available. TB3 AIC card took the place in the leftmost slot, PCIe x4:

GC-Titan Ridge card in the left PCIe x4 slot, Radeon RX580 in the PCIe x16 slot on the right

Double-check BIOS Version

You may need to upgrade BIOS on your motherboard for TB3 support – check manual or get in touch with me if you need help.

Fine-Tune BIOS Settings

I ended up disabling Thunderbolt support (it’s called Discrete Thunderbolt) in my BIOS altogether. With it enabled I could get DisplayPort output from the TB3 AIC, but not over USB-C. So after disabling support in BIOS, things started working.

Current Results of LG 5K to Desktop Project

  • Video output works and image shows on the LG 5K display
  • Windows 10 fully supports 5K resolution
  • RHEL 8 still only shows 3K resolution – work in progress

That’s it for now! Hope you learned something new – I know I did! This whole buisiness of connecting my 2 year old 5K display to a brand new PC turned out to be way more involving and educational than I expected.

See Also

Attach Interface to Specific Firewall Zone in RHEL 8


One of the first things I had to do on my recently built RHEL 8 PC was to move the primary network interface from public (default) zone to home zone – to make sure any firewall ports I open stay private enough.

How To List Which Zones and Interfaces are Active

Using the get-active-zones option of the firewall-cmd command, it’s possible to confirm where eno1 interface is at the moment. It’s already in the home zone cause I made the update earlier:

root@redhat:~ # firewall-cmd --get-active-zones
  interfaces: eno1
  interfaces: virbr0

Attach Interface to a Firewall Zone

Here’s how one can move specified interface into a zone we want:

root@redhat:~ # firewall-cmd --zone=home --change-interface=eno1

Just to show how it works, I’m going to move eno1 into public zone and back to home one:

root@redhat:~ # firewall-cmd --zone=public --change-interface=eno1
root@redhat:~ # firewall-cmd --get-active-zones
  interfaces: virbr0
  interfaces: eno1

Making Sure Firewall Changes Are Permanent

Don’t forget that after confirming a working firewall configuration, you need to re-run the same command with permanent option – this will update necessary files to make sure your firewall changes can survive a reboot:

root@redhat:~ # firewall-cmd --zone=home --change-interface=eno1 --permanent
The interface is under control of NetworkManager, setting zone to 'home'.

That’s it for today. Am really enjoying RHEL 8 configuration and still have this feeling I barely scratch the surface with all the new improvements this Red Hat Enterprise Linux brings.

See Also

Hello, World in podman


Turns out it’s not that easy to install Docker CE in RHEL 8 just yet. Well, maybe there’s no immediate need since RHEL 8 comes with its own containerization stack based on podman?

Hello, World in podman

podman provides comprehensive compatibility with docker command, most non-Docker specific options are supported.

If you are familiar with docker command syntax, give it a try by just replacing docker with podman command. 

Let’s do the hello world exercise:

greys@redhat:~ $ podman run hello-world
Trying to pull…Failed
Trying to pull…Failed
Trying to pull…Getting image source signatures
Copying blob 1b930d010525: 977 B / 977 B [==================================] 0s
Copying config fce289e99eb9: 1.47 KiB / 1.47 KiB [==========================] 0s
Writing manifest to image destination
Storing signatures

Hello from Docker!

This message shows that your installation appears to be working correctly.

To try something more ambitious, you can run an Ubuntu container with:

$ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:

For more examples and ideas, visit:

As you can see, podman searches in Red Hat and Quay image repositories before moving on to Docker registry, but finally gets the hello-world image there.

Run Ubuntu image in podman

And if we want to follow Docker’s advice and try running the Ubuntu Docker image, we’ll replace

docker run -it ubuntu bash


podman run -it ubuntu bash

… It just works:

greys@redhat:~ $ podman run -it ubuntu bash
Trying to pull…Failed
Trying to pull…Failed
Trying to pull…Getting image source signatures
Copying blob 5667fdb72017: 25.45 MiB / 25.45 MiB [==========================] 3s
Copying blob d83811f270d5: 34.53 KiB / 34.53 KiB [==========================] 3s
Copying blob ee671aafb583: 850 B / 850 B [==================================] 3s
Copying blob 7fc152dfb3a6: 163 B / 163 B [==================================] 3s
Copying config 2ca708c1c9cc: 3.33 KiB / 3.33 KiB [==========================] 0s
Writing manifest to image destination
Storing signatures
root@686f0d85b4ad:/# uname -a
Linux 686f0d85b4ad 4.18.0-80.el8.x86_64 #1 SMP Wed Mar 13 12:02:46 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
root@686f0d85b4ad:/# cat /etc/lsb-release 

I think it’s pretty cool. Will definitely read up and post more about podman and containerization in Red Hat in the following weeks.

See Also

Confirm Firewall Configuration in RHEL 8

List Firewall Rules in RHEL 8

I’m fascinated by the improvements and new features in RHEL 8, plus it’s a primary distro used in most corporate environments – so expect to quite a number of posts related to it in the nearest future.

The default interface for managing firewalls in RHEL 8 is firewalld and specifically firewall-cmd command.

Show Active Zones in RHEL 8

There’s a concept of zones – security domains – in RHEL 8 firewalls. You assign each of available network interfaces on your Red Hat Enterprise Linux system to one or more of these domains.

That’s why the first step is to confirm these zones, to see which ones are actively managing access for each network device:

root@rhel8:~ # firewall-cmd --get-active-zones
interfaces: enp2s0
interfaces: virbr0

List All Rules for Firewall Zone in RHEL 8

I’m interested in the primary physical network interface – enp2s0. It belongs to the home zone as per previous command, so that’s the zone we’ll list all the rules fore:

root@rhel8:~ # firewall-cmd --list-all --zone=home
home (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp2s0
  services: cockpit dhcpv6-client mdns samba-client ssh
  ports: 5901/tcp
  masquerade: no
  rich rules: 

From the output below, I have highlighted additionally enabled ports – 5901 is the one for VNC client that allows me to access graphics desktop session on my RHEL 8 PC remotely.

That’s it for today! Thanks for stopping by and talk soon!

See Also

Skip Gathering Facts in Ansible

Red Hat Ansible
Red Hat Ansible

There are Ansible playbooks which depend on the most up-to-date information found on each node. That’s where fact gathering is a much needed help. But there are also simpler more predefined playbooks, which don’t need fact gathering and can therefore gain performance if no facts are collected.

Why Fact Gathering in Ansible Takes Time

Fact gathering means Ansible runs a number of commands to confirm the most recent values for important indicators and parameters.

Run against my freshly installed RHEL 8 based PC, this takes roughly 4 seconds. Part of this can be to how RHEL is configured (and that it’s still a work in progress), but part of this amount of time is defined by the sheer number of facts: more than 1000!

Typical Facts Collected By Ansible

This is not a complete list, I’m just giving you examples to indicate why facts collection may be time consuming:

  • hardware parameters of remote system
  • storage devices (types, models, sizes, capabilities)
  • filesystems and logical volume managers (objects, types, sizes)
  • OS distro information
  • network devices and full list of their capabilities
  • environment variables

Disable Fact Gathering in Ansible

Since I don’t really need to re-establish hardware specs or logical volumes layout of my RHEL 8 desktop every time I run some Ansible post-configuration, I decided to disable fact gathering and shave 4-5 sec at the start of each playbook run.

Simply specify this at the top of your Ansible playbook:

gather_facts: no

In on of my playbooks, this is how it looks:

- name: Baseline
  hosts: desktops
  gather_facts: no

This really made a noticeable difference. Have fun!

See Also

Setting Alternatives Path for Python Command in RHEL 8

alternatives: python to /usr/bin/python3

Red Hat Enterprise Linux 8 comes with support for both Python 2 and Python 3. But neither of them is invoked via running python command – you get “command not found” error.

Default Python Version in RHEL 8

Python 3.6 is the default and primary version of Python in RHEL 8. It may need to be istalled, but in my VirtualBox VM installation of RHEL 8 beta it came preinstalled.

Check Python 3 version

Just type python3 to see which version you have:

[greys@rhel8 ~]$ python3
Python 3.6.6 (default, Oct 16 2018, 01:53:53)
[GCC 8.2.1 20180905 (Red Hat 8.2.1-3)] on linux
Type "help", "copyright", "credits" or "license" for more information.

Python Command Not Found

If we type python instead of python3, we’ll get the following error:

[greys@rhel8 ~]$ python
bash: python: command not found…

Set Alternatives Path For Python to Python3

There’s a special alternatives method in Red Hat Linux and CentOS, it allows you to select the primary version of a tool when multiple versions are available. Among other things, alternatives command (must be run as root) can create default paths.

This command configures RHEL to invoke /usr/bin/python3 whenever you run python:

[greys@rhel8 ~]$ sudo alternatives --set python /usr/bin/python3
[sudo] password for greys:

That’s it! If you type python again, you’ll see python3 executed instead of getting an error:

[greys@rhel8 ~]$ python
Python 3.6.6 (default, Oct 16 2018, 01:53:53)
[GCC 8.2.1 20180905 (Red Hat 8.2.1-3)] on linux
Type "help", "copyright", "credits" or "license" for more information.

Have fun!

Web Console in RHEL8

I’m not a fan of web interfaces for managing Linux systems and usually don’t see them unless a hosting provider preinstalled something. But it seems my default Red Hat Enterprise Linux 8 in a VirtualBox VM got the web console enabled by default.

Accessing Web Console in RHEL8

I see reminder of the web console upon every SSH login into the VM:

Web console: https://rhel8:9090/ or https://192.168.X.Y:9090/

So, connection to the virtual machine’s IP address on port 9090 will open the RHEL8 web console:

Web console in RHEL8

Screenshots of Web Console in RHEL8

Here are just the screenshots of the web panel, it seems most of the common tasks can now be accomplished using the panel – from joining AD domain to managing users, updates, disk storage and subscriptions. Pretty cool!

What do you like most in Red Hat Enterprise Linux 8? Let me know!

See Also

List RHEL subscriptions

Screen Shot 2019-01-28 at 22.45.00.pngIf you’re lucky to be working with a recent enough version of Red Hat Enterprise Linux (RHEL) – namely, anything after RHEL 5.7 and RHEL 6.1, then you should know what software subscriptions are and how to list them.

List active subscriptions in Red Hat

subscription-manager is a Linux command in RHEL, you run it with the list option to show what current subscriptions are active for your server.

Here’s how this looks on my recently build RHEL8 beta virtual machine:

[root@rhel8 ~]# subscription-manager list
Installed Product Status
Product Name: Red Hat Enterprise Linux for x86_64 Beta
Product ID: 486
Version: 8.0 Beta
Arch: x86_64
Status: Subscribed
Status Details:
Starts: 23/11/18
Ends: 22/11/19

If you attempt running the same command as a regular user, you’ll probably need to authenticate (tell the root password) first:

[greys@rhel8 ~]$ subscription-manager list
You are attempting to run "subscription-manager" which requires administrative
privileges, but more information is needed in order to do so.
Authenticating as "root"

List all the available subscriptions in Red Hat

It may well be that you have multiple subsriptions available as part of your setup – for instance, you might have additional software installed that is maintained and supported by Red Hat, but uses separate subscription channel instead of being supplied with the default OS one.

You can use the same subscription-manager command to list all the available subscriptions:

[root@rhel8 ~]# subscription-manager list --available
Available Subscriptions
Subscription Name: Red Hat Developer Subscription
Provides: dotNET on RHEL Beta (for RHEL Server)
Red Hat Enterprise Linux for SAP
Red Hat Enterprise Linux Resilient Storage (for RHEL Server)
Red Hat Ansible Engine
RHEL for SAP HANA - Update Services for SAP Solutions
Red Hat Enterprise Linux Scalable File System (for RHEL Server) - Extended Update Support
RHEL for SAP HANA - Extended Update Support
Red Hat Container Images Beta
Red Hat Enterprise Linux Atomic Host Beta
Red Hat Container Images
Red Hat Enterprise Linux High Availability (for RHEL Server) - Extended Update Support
Red Hat Enterprise Linux Load Balancer (for RHEL Server)
Red Hat Container Development Kit
Red Hat Beta
Red Hat EUCJP Support (for RHEL Server) - Extended Update Support
RHEL for SAP (for IBM Power LE) - Update Services for SAP Solutions
MRG Realtime
Red Hat Enterprise Linux Load Balancer (for RHEL Server) - Extended Update Support
dotNET on RHEL (for RHEL Server)
Red Hat Enterprise Linux High Availability - Update Services for SAP Solutions
Oracle Java (for RHEL Server)
Red Hat Enterprise Linux Server - Update Services for SAP Solutions
Red Hat Software Collections (for RHEL Server)
Red Hat Enterprise Linux for ARM 64
Red Hat Enterprise Linux High Availability (for RHEL Server)
Red Hat Enterprise Linux High Performance Networking (for RHEL Server)
Red Hat Enterprise Linux Scalable File System (for RHEL Server)
Red Hat Enterprise Linux for Real Time
Red Hat Enterprise Linux High Performance Networking (for RHEL Server) - Extended Update Support
RHEL for SAP - Update Services for SAP Solutions
Oracle Java (for RHEL Server) - Extended Update Support
Red Hat Enterprise Linux Atomic Host
Red Hat Enterprise Linux Server - Extended Update Support
Red Hat Developer Tools (for RHEL Server)
Red Hat Software Collections Beta (for RHEL Server)
Red Hat Enterprise Linux Server
Red Hat Developer Tools Beta (for RHEL Server)
RHEL for SAP - Extended Update Support
Red Hat Developer Toolset (for RHEL Server)
Red Hat Enterprise Linux High Performance Networking (for RHEL Compute Node)
Red Hat Enterprise Linux Resilient Storage (for RHEL Server) - Extended Update Support
Red Hat Enterprise Linux for SAP Hana
Red Hat S-JIS Support (for RHEL Server) - Extended Update Support
SKU: RH00798
Pool ID: 8a85f99a65c8c8a1016698f9e87423fe
Provides Management: No
Available: 16
Suggested: 1
Service Level: Self-Support
Service Type:
Subscription Type: Standard
Starts: 21/10/18
Ends: 21/10/19
System Type: Physical

Pretty impressive, isn’t it? Can’t wait to try some of these out, Red Hat Developer Tools, Red Hat Container Images and Red Hat Enterprise Linux High Availability all sound fun!

See Also

How To: Disable SElinux

Screen Shot 2019-01-16 at 16.22.57.png
SElinux – Security Enhanced Linux

If you’re using RedHat or CentOS Linux distros (or sporting a Fedora Linux desktop), you probably have SELinux enabled by default. SELinux is a Security-Enhanced Linux – a framework for securely managing processes, users and files on your RedHat OS.

Confirm current SElinux mode

Just run the getenforce command to see what the story is. Most likely it will say “Enforcing” which is really good – means your OS is under solid protection:

[root@rhel8 ~]# getenforce

Temporarily Disable SELinux

If you need to disable SELinux just for a few minutes to debug some issue (mind you, there are better ways to debug than disabling SELinux!), you should use the setenforce command:

[root@rhel8 ~]# setenforce 0

As you can see, getenfore will now report that your system is running in a Permissive mode – not very safe:

[root@rhel8 ~]# getenforce

IMPORTANT: This change won’t survive a reboot, so next time you restart your system it will come back with SELinux enabled and enforcing again.

Permanently Disable SELinux

If you’re serious about disabling SELinux altogether, you’ll have to do two things:

  1. Update /etc/selinux.png/config file (change SELINUX=enforcing to SELINUX=disabled)
  2. Reboot your Linux system

See Also

screenFetch in RHEL 8

Look what I have finally installed in one of my VirtualBox 6.0 virtual machines yesterday:

Screen Shot 2019-01-16 at 16.01.08.png

Yes, you guessed it right – the installation steps for screenFetch CentOS work in Red Hat just fine!

Red Hat Enterprise Linux 8 beta

I’m surprised the screenFetch isn’t reporting release version. Had to use the hostnamectl command to do this:

[greys@rhel8 ~]$ hostnamectl
Static hostname: rhel8
Icon name: computer-vm
Chassis: vm
Machine ID: 02b5e17ce41846fbaa965ee1c3678162
Boot ID: b36e64b343934359843d2e76db34e8af
Virtualization: oracle
Operating System: Red Hat Enterprise Linux 8.0 Beta (Ootpa)
CPE OS Name: cpe:/o:redhat:enterprise_linux:8.0:beta
Kernel: Linux 4.18.0-32.el8.x86_64
Architecture: x86-64

See Also