Friday 31 October 2014

My tips for the Red Hat RHCE exam

Last week I attended the Red Hat RH300 course (fast track) in Amsterdam and did the RHCSA and RHCE exams on the final day. I passed both RHCSA (283/300 points) and RHCE (300/300 points). I had a great teacher because, apart from technical stuff, I also learned how to approach the exams.

The objectives for both RHCSA and RHCE are well documented on Red Hat’s site. You should start to make sure you know everything inside out. Practise, practise, practise. Learn to use the documentation that ships with RHEL, as this is the only help available: no internet access is provided during the exam. There are several books available that help prepare and Red Hat has very good courses as well, that I really recommend. I assume you should be able to study this all one way or the other.

One advise on this though: don’t try to remember everything but remember the references instead. If you know a man page has examples you can use, just remember the man page. If you know documentation is in a separate package, remember the package name. A references takes less ‘memory’ in your head, so you can remember more. This will speed up your work significantly.

But wait, technical knowledge is just one challenge. Watch out for the pitfalls:
Pitfall #1: Time
Most experienced Linux sysadmins will probably be able to pass the exam if there was no restriction on time. You could test, trial-and-error and read man pages all day long. Even start from scratch when you seriously broke something. Well, it’s time to wake up: in reality time on the exam is (very) limited. And yet many candidates do not manage their limited exam time.

A classic example: spending too much time on something that does not work right away. Instead, accept the fact it doesn’t work now and continue with other tasks or else time will run out. When you have given everything a first attempt, you can always return to a task that you skipped before.

Not only should you know immediately what to do when you read the tasks, you need to know the fastest way to configure something. Yes, the fastest way. Not the way you prefer to do it, or have been doing it until now. I’ve heard people complaining about the GUI/TUI tools. And I agree a GUI is not something you want on a server. But hey, if ‘system-config-authentication‘ has a ready to fill-in form and makes you configure LDAP with TLS and Kerberos in 60 seconds. Why would you want to go for the manual way on the exam? Yet, some feel they are better off configuring this on the command line. There’s simply no time for that approach, nor will it bring in more points. Be smart, take the fast track.

Pitfall #2: Your assumptions
Reading is a big problem because candidates tend not do read very well on the exam. Especially when aware of Pitfall #1, they will not spend the first few minutes reading instructions. A waste of time, right? But in reality this will cost precious time later on because assumptions are made, but never checked. Is it a good idea to start working on something, without seeing the bigger picture?

I don’t think so. Sometimes, tasks are related but not grouped together. When you read everything first, you might find that doing two tasks together is easier. Or you might choose a different approach based on all information, instead on just a single task. Reading ahead helps you understand the bigger picture.

Imagine you are asked to configure, let’s say, NTP. Some assume they have to sync to a time source that is provided and then have to setup a NTP server and serve time to the local network. But isn’t is a waste of time to configure a NTP server, when all you have to do is setup a NTP client? This also occurs with tweaking configurations more than is being asked for. Keep it simple and do exactly what is asked for.

How I avoided the pitfalls
Value your own work through the eyes of a customer. Example: if a web server is perfectly configured but a firewall prevents access to it, then this does not work for a client. Website is down: zero value. Red Hat might also values your work on the exam like this. Keep that in mind.
Structure is another important thing to work on. This was my approach on the exam:
1. Imagine you are working for a client that has written down everything they want from you. Read it all and try to understand the bigger picture. Then reorganize it: group together what belongs to each other.
2. Install everything at once. After step 1 you should have identified all packages you need to install. Do it now. Then ‘chkconfig on‘ every service you will configure later. Why? Because it is easy and it prevents forgetting it later on. Remember: a perfectly configured service that does not start at boot brings in zero points.
3. Then setup the firewall for the services you identified at step 1 and installed at step 2. You probably need to tweak this as you go through the tasks, but just setup the basics now. This will make it easier later on.
On my exam the first 3 steps took less than 20 minutes and provided a solid base to build on.
4. Work through all tasks and remember: Be smart, take the fast track. Also, skip any task that you are stuck on for more than 10 minutes.
Reboot a few times and recheck everything you have finished so far. Your work is reviewed after a reboot anyway, so you should make sure your changes survive a reboot. The sooner you find a problem, the sooner you will be able to solve it.
5. When everything is done, carefully check the items a final time. Then you’re done. And, you probably have some time left!


Monday 13 October 2014

RHCE Exam Objectives

RHCE exam candidates should be able to accomplish the following without assistance. These have been grouped into several categories.

System Configuration and Management

  • Route IP traffic and create static routes
  • Use iptables to implement packet filtering and configure network address translation (NAT)
  • Use /proc/sys and sysctl to modify and set kernel run-time parameters
  • Configure system to authenticate using Kerberos
  • Build a simple RPM that packages a single file
  • Configure a system as an iSCSI initiator that persistently mounts an iSCSI target
  • Produce and deliver reports on system utilization (processor, memory, disk, and network)
  • Use shell scripting to automate system maintenance tasks
  • Configure a system to log to a remote system
  • Configure a system to accept logging from a remote system

Network Services

Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:
  • Install the packages needed to provide the service
  • Configure SELinux to support the service
  • Configure the service to start when the system is booted
  • Configure the service for basic operation
  • Configure host-based and user-based security for the service
RHCE candidates should also be capable of meeting the following objectives associated with specific services:

HTTP/HTTPS

  • Configure a virtual host
  • Configure private directories
  • Deploy a basic CGI application
  • Configure group-managed content

DNS

  • Configure a caching-only name server
  • Configure a caching-only name server to forward DNS queries
  • Note: Candidates are not expected to configure master or slave name servers

FTP

  • Configure anonymous-only download

NFS

  • Provide network shares to specific clients
  • Provide network shares suitable for group collaboration

SMB

  • Provide network shares to specific clients
  • Provide network shares suitable for group collaboration

SMTP

  • Configure a mail transfer agent (MTA) to accept inbound email from other systems
  • Configure an MTA to forward (relay) email through a smart host

SSH

  • Configure key-based authentication
  • Configure additional options described in documentation
Reference:

Friday 10 October 2014

RHCSA: A New Base Level Certification From Red Hat

The new version of Red Hat Enterprise Linux 7 is now released and with this new arrival, certifications under RHEL 6will no longer be current. Red Hat Certified Technician (RHCT) exam is no longer offered by Red Hat. RHCT exam is now replaced by RHCSA (Red Hat Certified System Administrator). This article attempts to provide a clear picture about new changes in RHCE certification.

RHCSA is the new addition to the performance based certifications, to strengthen IT professionals with superior training and performance based assessments in the IT industry. The certification title itself indicates more precise description of the duties held by people with this certification. More over RHCSA is built with thorough analysis of the knowledge and skills needed for modern system administrators. This is an outcome of technical survey, task analysis and feed backs from professionals world wide. In effect RHCSA is similar to RHCT except with some additions to include the result of feed backs from professionals.

RHCSA is the base system administration certification. Now onwards those wishing to earn RHCE on RHEL 7 must get RHCSA and write separate exam for RHCE. RHCE is now upgraded as a higher level system administration certification. A current RHCE will remain as prerequisite for advanced level certifications from Red Hat.

The main changes with RHCE exam on RHEL 7 is that previous RHCE Exam will be replaced by RHCSA Exam  and updated RHCE Exam . These two exams are now separate and RHCSA is not embedded with RHCE as RHCT was earlier. It is not necessary that one must get RHCSA first, before being eligible to write RHCE exam. If one passes RHCE exam first, then their record will be retained and when they passes RHCSA the earlier RHCE will be clubbed and person will be then RHCSA and RHCE. RHCSA exam is also performance based which evaluates skills through hands-on lab based system.

Certifications from Red Hat provide validation of a professional's technical expertise and knowledge. Nowadays enterprises looking for employees can give more preference to certifications as an input into hiring, promotions and other allowances, as these certifications are obtained from performance based exams.

Monday 6 October 2014

First Look at RHCE for Red Hat Enterprise Linux 7

With the release of Red Hat Enterprise Linux 7, the RHCSA and RHCE certification exams have been changed and updated for the new version of the operating system.  There are some new testing elements that are included in the new exam.

The new exam objectives are available on Red Hat’s web site and one of the first things I’ve noticed is that the exam is now 4 hours whereas the RHCE 6 exam was 2 hours long.
Some of the new items I noticed are:

System configuration and management

  • Use network teaming or bonding to configure aggregated network links between two Red Hat Enterprise Linux systems.
  • Configure IPv6 addresses and perform basic IPv6 troubleshooting.
  • Use FirewallD, including Rich Rules, Zones and custom rules, to implement packet filtering and configure network address translation (NAT).

Network Services

  • Configure SELinux to support the service.
  • Use SELinux port labelling to allow services to use non-standard ports.
  • Configure the service to start when the system is booted.
  • Configure the service for basic operation.
  • Configure host-based and user-based security for the service.
HTTP/HTTPS
  • Configure TLS security

Database Services

  • Install and configure MariaDB.
  • Backup and restore a database.
  • Create a simple database schema.
  • Perform simple SQL queries against a database.
I like many of you are in need of passing this exam to keep my RHCE certification and plan on creating a comprehensive guide to cover these new topics and there others necessary to pass.  As always I would love to hear from you regarding any of these new topics and you you use them.  I will work to make regular updates until I have covered all of the RHCE 7 topics.