-
Story
-
Resolution: Won't Do
-
Minor
-
None
-
RH254 - RHEL 7 2 20150427
-
None
-
ILT, ROLE, VT
-
en-US (English)
URL:
Reporter RHNID:
Section: -
Language: en-US (English)
Workaround:
Description: A student very recently took EX300 (having passed EX200 with high marks, and having taken and studied RH254 (ROLE). Said student feels that RH254 did not adequately prepare him for EX300.
The below is a cut/paste from an email, in the hope that the labs/content of RH254 can be strengthened. The described labs do require the student to go deeper into the material, and that, in and of itself, is probably a good thing.
==================
I'd say that the course as it is in ROLE (which I believe customers use the same content for the RHLS?) should be improved, otherwise I think a lot of customers will be disillusioned by the exam. It's one thing when I can take and retake the test for free when I'm benched as part of the job, but it's different when $700 comes off the training budget for a mid-sized company.
What I'd say is that the test asked questions that were not presented well in the Lab-practices for the course. Some basic material was covered, but nothing like to the depth that was required. Had I sat the exam on even a classroom experience of the material as-is, I do not believe I would have fared much better.
What I believe is missing are expanding exercises that push out beyond the boundaries of what is tested. And what I mean by that is that exercises should be provided outside of the lab paractice without nothing more than the givens and expected output - really what I recall going through in math classes for homework in Algebra and Calculus I. They were for us to expand our skills and to test ourselves.
For example (and I'll use things that I did not experience on the exam, but that I know could have been subject matter so I don't compromise the exam on anything I know):
Scripting:
a) Create a script called that reads this file and changes every instance of "file" to "directory".
<test input file>
<expected output file>
<diff output expected_output>
b) The below script should produce the following output when executed as follows:
bash /path/to/myscript.sh 1 2 3
output
> orange
> pineapple
> pear
It fails to - fix the script so that it produces the correct output.
c) ExampleCompany.com needs to create a user-template for their admins to create users in their database, .htaccess files, and the kerberos domain. The list of user information of new-hires is in /path/to/myusers.txt. It is a whitespace delimited file and contains all the required information.
Create from a script or set of scripts a set of files which can be fed to the Admin's tooling to automatically create and send users their credentials for each service, with one line per user. The username will be the first letter of their first name, and their last name.
So, Karen Fishwood would become "kfishwood".
Ignore fixing duplicates for the purposes of this exercise.
Kerberos:
<username>,<email@examplecompany.com>,<firstname>,<lastname>
Apache HTAccess
<username>,<email@examplecompany.com>
MySQL
<username>,<loginhostname>,<email@examplecompany.com>,<firstname>,<lastname>,<date-of-hire YYYY-MM-DD>
Network Access control:
a) Block access from this server 10.1.2.15 to the localhost on these ports.
- Do this with TCP Wrappers
- Do this with firewall-cmd direct rules
- Do this with firewall-cmd rich rules
<test by running this command - if it succeeds, it has not worked>
- As an extra, configure the <service> you are protected to deny the access itself, without using OS-level commands.
Login to host3 and run these commands after each exercise. If it succeeds, then your configuration is not blocking services correctly.
b) Setup a rate-limit for ftp-connections to host2 in the firewall to a maximum of 3 per minute.
run this command to test - if it returns greater than 4, then the rule failed.
(there are lots of variations of what needs to be tested here)
Kerberos
a) Configure an NTP service on host1 and link host2 to the host1 NTP server.
- this is a prerequisite to Kerberos functioning correctly.
b) Configure name looking resolution for the zone (either with DNS or /etc/hosts entries)
- if using DNS, configure host1 as the authoritative server for examplecompany.com.
- place entries on the zone examplecompany.com.zone and reverse-lookup zone examplecompany.com.revzone files for named
- make host1 on the NS and MX servers for the examplecompany.com domain.
- use 10.0.0.1 as the "gateway.examplecompany.com" host for the domain.
- if using /etc/hosts, configure name lookup so that it is consistent across both systems. Not that if using this, you will need to make alterations in exercise c) to adapt for not having this device.
c) Configure a Kerberos master server on host1
DNS has been preconfigured for this test
- create two principles on the domain for host1 and host2.
- create kfishwood and jdoe as users (same password as their username for this exercise).
- Configure SSH on host2 to accept kerberos authentication for that host.
Mail:
a) Create an authoritative Mail server for domain examplecompany.com using host1 as primary and host2 as backup MX records. (You must have DNS configured in DNS section for this to work)
- create entries in DNS for the hosts.
- configure host2 to use host1 as its relay.
- ensure that mail comes from examplecompany.com no matter which host is used to send the mail.
To verify, on host2, run this command:
echo "subject" | mailx -s "test subject" kfishwood@localhost.
On host1, look in /var/spool/mail/kfishwood or login as kfishwood on host1 and run the "mail" command to see if the message arrived correctly.
If you are having issues, check /path/to/logfile and /path/to/otherlogfile to help.
b) Your primary mail server has gone down, mail to continue flowing while host1 is being recovered. This depends on the MX records in the DNS section
- run systemctl stop <mailserver> to simulate this.
Configure the backup mailserver to handle the relay while the master server is down.
from host3, run this command, and make sure that /var/spool/mail/<username> receives the message.
For help, see this reference page in the Product documentation to assist.
I figure examples would make more sense - all of these services are hypothetically covered by the exam (and, again, I was not tested on it).
And, effectively, this is what I will be going through on my new set of 4 vagrant hosts I created just to allow me to study what I was weak on in the exam. But in my case, they'll be ad-hoc and I'll be coming up with my own exercises, but I think customers for the RHCE study course RH254 would get the value and breadth I think the RHCE wants from providing this kind of expanding exercises.