Well, when I took the test last time I received a 130 score. Total possible is 300 and 210 is passing so not all that good. Studying was mainly for the extra stuff we don’t do; selinux and firewalld, and stuff we don’t do often like manage systems through yum (package manager), NFS, and Samba. And you have to break in to the system (reset root’s password) in order to proceed. I was beating my head trying to figure that one out.
Since then I’ve built a replacement firewall for my home environment using firewalld so I’m more familiar with it and at work we’ve started working with Satellite and yum to manage systems so I’m a lot more familiar with that.
Okay, study deeper this time. I have a more robust environment and can set up and use the same sorts of tools that will be used on the exam. I snagged a book to study and did a few blog posts here to document how things actually worked for me. I memorized how to accomplish some tasks in the ‘Red Hat Way’ vs just editing a file to make a change. Installed selinux on all servers and configured firewalld.
Took the test. 193 score. Sooo close.
Observations:
First main observation after discussing it with Jeanne. I really don’t study for these sorts of things. I’m validating my own knowledge. So testing on things we don’t do will be my blind spot. In this case I did hit the books more over the two weeks prior to the test but clearly that wasn’t enough.
For example, I set up a kerberos server and client several times in the 2 weeks prior to the test. Had that down without a problem. One of the tasks is to set up a kerberos server. Running kadmin builds the keyfile, a random hash used to encrypt sessions. It can take minutes to generate as it’s pulling information from random this or that, /dev/urandom and things like that. In the test, they simply provided the key file. The problem? Where does the file go??? As I don’t use Kerberos to actually manage users, I really didn’t know where the file belongs. Didn’t even know where to look for the information. I set up the configurations on the server and client including the NFS kerberos configuration but had no idea if it would have worked.
There were other odd things that slowed me down. One of the requirements is to set up a bonded/teamed interface. The systems have three interfaces; eth0, eth1, and eth2. eth0 is the main interface and eth1 and eth2 are to be bonded. The bond should work if either interface is down. Standard bonding. I’ve been doing it at work for the past 9 years including Solaris IPMI. But I’m trying to use the RH7 commands so nmcli con add but I added eth0. Rats. Use nmcli to reconfigure eth0 and then properly configure bond0 with eth1 and eth2. Unfortunately, and it took minutes for me to figure it out, eth0 wasn’t managed using nmcli. I had to check the other system’s ifcfg-eth0 file to recreate the first systems ifcfg-eth0 file and move forward. Plus there was some issue with eth2.
Same things with IPv6. Change the following IPs on eth0. I know the commands for nmcli but not what the actual keywords are. Is it IPADDR6 (that didn’t work) or what? Blah!
I got the iSCSI server set up but couldn’t get the client talking to it. It was using a block device, which I did get working on my home sandbox. Troubleshooting it was a pain, especially when you can’t pop out to google to query some log messages (if there were any).
Heck, I even got the NFS mount working with selinux (semanage fcontext -a -t public_content_rw_t “/shared(/.*)?” top of my head; I’ll check the page to be sure 🙂 ).
Anyway, signed up for another test and I’ll beat on the sandbox again even harder.