Chapter 1: It`s probably as easy as RHCE… No it isn`t!

The first one was EX333. It is a two part exam and I think it’s the most tiring. It lasts 6 hours and requires you to solve many tasks. Of course I can’t tell you what kind of tasks – just look at prep guide available at Red Hat website.
My tip for those learning for this exam is trivial – be thorough and patient. Read tasks few times and read it as a whole. Of course check result not twice, but at least three times. I caught myself on finding small typo which could lead to a fail. And a final tip as always for all Red Hat exams – reboot your systems before final checking. Don’t trust yourself – “it should work” is not a way to go.

Chapter 2: Clusters are fun

Yes, they are. And so is my second exam – EX436. I was having fun playing with Red Hat Cluster Suite. It’s a really nice product and if correctly configured can work like a charm. Learning GFS was also a pleasure. Generally I find EX436 as my favourite exam from RHCA path.
And my tip – have fun and experiment with your clusters as I did. They are neat feature and is recognized as a solid rock piece of software.

Chapter 3: LDAP administration has never been so easy

I’ve been using ldap from couple of years, but Red Hat Directory Server and EX423 showed me how easy administration of ldap structure can be. Especially when it comes to high availability solutions like mulit-master replication – it can be configured from gui or cli if you like (choose the former for exam).
Tip for EX423: for me it was very similar to EX436, as it focuses on Red Hat product – in this case it’s Red Hat Directory Server. So tips are the same – play and expertiment.

Chapter 4: Can I have my own satellite please? If not I’m gonna have a spacewalk on my own then…

EX401 was my fourth exam. Prep guide shows it’s not hard and in common opinion is recognized as the easiest one (from RHCA path). But there’s a tricky part included – everything is based on Red Hat Network Satellite Server which is not freely available. It is only for registered clients/partners and if you want to test it`s all features you have to request evaluation certificate directly from Red Hat. It is annoying, especially for people like me who doesn’t attend RH401 classes. So if you do not succeed in getting RHN Satellite iso there’s an alternative – it’s Spacewalk. This project is aim to be the same as Fedora is to RHEL – a development field for new features before they become stable and are put into RHN Satellite. And that’s not all – when using spacewalk you can play only with your custom distros (centos and fedora) and not Red Hat Channels among other things that are available on RHN Satellite only and are a part of EX401 exam objectives.
My tip is simple – get yourself your own RHN Satellite. Probably the best way of doing it is to contact Red Hat representative or sales partner and ask for an evaluation version.

Chapter 5: Finall battle

My last exam is EX442. Yes, I’m aware it’s the most difficult and challenging one and that’s why I’m preparing for it longer and more thoroughly than to any previous one. I find EX442 objectives most advanced and practical. It is an essential skill for system administrator to diagnose, monitor, troubleshoot and perform tuning of his systems. I’m taking an opportunity to deep into linux internals – kernel scheduling, IO schedulers, network performance and using whole bunch of available statistics I’ve never used before. It’s most fascinating part of my work on becoming RHCA.

I see the light in the tunnel or maybe it’s a train that’s gonna crush me?

And this is my first tip – use these guides and follow all of objectives. For example if there`s a task about iSCSI initiator then learn and make some exercises. You have to follow all of these objectives. It`s especially important to people like me who didn`t take any course before, because it`s harder to make yourself some excercises. I was using two virtual machines for this purpose – one of them was a server with some services (nfs, ldap, iscsi target, etc..) and one was a client.

Second thing – don`t forget about SELinux. All of services must be SELinux enabled. Do not turn this off during your study. If you`re not familiar with SELinux then read this documentation – it`s really good and helpful. I recommend reading it at least twice and check all of described commands/tools.

Documentation. I think that Red Hat guys did a really good job creating a bunch of nice docs available on their site.  I recommend reading all of them as they describe most of exam objectives with nice examples. Unfortunately it`s not available during the exam and you must also know how to use manual pages (e.g. man httpd_selinux – describes options on selinux configuration of httpd service) and use it. Also config examples in /usr/shared/doc/* are pretty useful. That`s a very nice thing in Red Hat exams – when you forgot some detail you can always use built-in documentation. They don`t require you to remember all of options although you must know how particular services work. So my tip is this – learn how to find info on something using documentation available in you system rather than just ask google like you (probably) always do

And last but not least tip – get yourself a good sleep night before exam. I didn`t take any notes nor my laptop – try to relax and think positive. If you learn  and practice then everything will go smoothly.

Of course I have passed both exams and got both RHCSA and RHCE certificates In my personal opinion I consider RHCSA to be more challenging than RHCE – just look at exam objectives. RHCE adds SElinux and some basic configuration of network services while RHCSA covers a lot of other things. I recommend taking two exams on one day – it`s not that scary as you think.

Good luck to all of you preparing and studying! I`m starting preparation for RHCA exams. I`ll try to write some tips on them too. Stay tuned.

I created self-signed certificate:

openssl req -new -x509 -nodes -out /etc/pki/tls/certs/slapd.crt -keyout /etc/pki/tls/certs/slapd.key -days 365

and added following lines to /etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif

olcTLSCACertificateFile: /etc/pki/tls/certs/slapd.crt
olcTLSCertificateKeyFile: /etc/pki/tls/certs/slapd.key

Everything seemed to work fine, but I couldn`t query ldap using ldaps uri – I got the following error message:

ldapsearch -x  -H ldaps://localhost -b 'dc=example,dc=com'
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

After short and intensive investigation, reading dozens of howto pages I founded the cause – it turned out that in RHEL6 you can`t use self-signed certificates. Well, maybe it`s not that they forbid you to do this, but it`s not as simple as it was in previous versions. Now you have to explicitly add your certificate so that is no longer unknown. There`s even more – you have to configure your Common Name field of the certificate so it matches exactly your server`s name.

So eventually to solve this issue I had to confgure ldap tools/clients and add path to server`s certificate to /etc/openldap/ldap.conf:

TLS_CACERT /etc/pki/tls/certs/slapd.crt

So nothing is the same now – RHEL6 brings new features, new tools and new problems It`s time to learn and adapt.

root (hd0,0)
setup (hd0)
 Checking if "/boot/grub/stage1" exists... no
 Checking if "/grub/stage1" exists... no

then I have a solution for you. If you checked dozens of pages (like I did) that say there`s a problem with your grub files and you checked them hundred times that everything is fine (files were there, you can still install grub on the source system using exactly the same set of files) then do not loose hope You might want to check if your grub is able to read your filesystem. Maybe you created fs using newer tools. I was moving Fedora Core 3 using sysrescuecd. I created partition and filesystem using tools available on that system. It seems that probably there were minor changes between ext3 fs created on FC3 and sysrecurecd and therefore after chrooting to FC3 environment I couldn`t install grub.

The solution is quite simple – do it outside chroot environment!

Once you have mounted your root partition with /boot install mbr using grub from your livecd environment. In my case I had it mounted on /mnt/custom so I had to enter the following command to install grub on /dev/sda:

grub-install --root-directory=/mnt/custom /dev/sda

I didn`t find a way to do this using grub command line, but using grub-install I was able to boot my system and that was what I needed.

dpkg-query -W -f='${Installed-Size} ${Package}\n'

And here`s a rpm version:

rpm -qa --queryformat '%{SIZE} %{NAME}\n'


mount: xxx:/yyy failed, reason given by server: Permission denied


I checked the configuration dozens of times – it was good, and the nfs server granted access to the share. The following info appeared in logs:


.. authenticated mount request from 1.1.1.1 for /yyy


So everything looked ok, but it didn`t work. The problem was a pseudo filesystem nfsd which should be mounted in /proc/fs/nfsd, but for some reason it wasn`t. I`ve added the following entry to /etc/fstab


none /proc/fs/nfsd nfsd defaults 0 0


and mounted it:


mount /proc/fs/nfsd


After that I was able to mount the nfs share. It took me some time to figure it out and I think that there should be more specific error messages, because the one with permission denied is quite confusing.

gunzip -c mydbdump.sql.gz|mysql -umyuser -pmypass mydb

But then I found another problem – in my dump there was hardcoded database name. I wasn`t recovering that database, but just wanted to load it to a diffrent one. Names weren`t the same so it failed to load. I looked at the begining of that file using head command, as opening so huge file in vi(m) would probably kill the server. I found that there was two sql commands that creates database itself and use it (sql use command). So with a little help of sed I managed to modify my command so it looked like this:

gunzip -c mydbdump.sql.gz| sed -e '1,30s/old_dbname/mydb/'| mysql -umyuser -pmypass mydb

I limited sed`s search&replace to first 30 lines, because database name was at the start of the dump file and I didn`t want to mess with the rest of the file

In order to configure virtual hosting based on above assumptions I used apache http server as a proxy to tomcat.
First you need to add wildcard records to your domain (example.com) so that records of all its subdomains can be resolved to IP address of your server. Following record should be added to your bind server zone config:

*   IN   A   1.2.3.4

where 1.2.3.4 is IP address of your server.

Next you need to configure httpd server. Please make sure that you have ajp proxy module installed on your server, as connections to tomcat are based on AJP protocol. On CentOS/RHEL 5 this module is included in standard httpd package (see /etc/httpd/conf.d/proxy_ajp.conf).
Now you need to create configuration for your virual hosts. I created a new file /etc/httpd/conf.d/tomcat-vhosting.conf:

UseCanonicalName Off
RewriteEngine On

# vhost map using perl script
RewriteMap vhost prg:/usr/local/bin/apache-getvhost.pl

# do no rewrite restricted names
RewriteCond %{SERVER_NAME} !^docs\.
RewriteCond %{SERVER_NAME} !^examples\.
RewriteCond %{SERVER_NAME} !^host-manager\.
RewriteCond %{SERVER_NAME} !^ROOT\.

# rewrite it
RewriteRule ^/(.*)$ ajp://localhost:8009/${vhost:%{SERVER_NAME}}/$1 [P]

Quite simple and cool, isn`t it? I`m sure that you probably expected VirtualHost directives, but all you need is a powerfull rewriting feature of apache. This configuration allows to access myapp application located in tomcat`s webapps directory via http://myapp.example.com.
I used custom rewrite map which is a simple perl script. All it does is extract subdomain from server name based on URL.

Put the following in /usr/local/bin/apache-getvhost.pl

#!/usr/bin/perl

$| = 1;

while (<STDIN>) {
  if (/(.*?)\.example\.com/)      {
      print $1."\n";
  } else {
      print $_."\n";
  }
}

and make it executable

chmod +x /usr/local/bin/apache-getvhost.pl

Now all you need to do is provide some applications to tomcat.

Recently I had to rename volume group in one of my virtual machines. It is based on CentOS (both dom0 and domU) and it was paravirtualized. I couldn`t do it on running system because root partition was on logical volume. I had to boot the machine in rescue mode. I had no idea how to boot from CD/DVD iso image – AFAIK it is impossible on pv guests. I had to boot vm directly from kernel and initrd used in installation (both are xen aware). So I copied  them to /tmp/xen from /images/xen/ on CD/DVD installation disc.

Then I had to comment out the following line from vm`s config file to bypass pygrub bootloader:

#bootloader = "/usr/bin/pygrub"


Now I needed to tell my vm to use kernel and initrd I had previously copied so I added the following lines:

kernel = "/tmp/xen/vmlinuz"
ramdisk = "/tmp/xen/initrd.img"
extra = "rescue method=http://192.168.0.2/install/centos/"


The last line passes extra arguments to kernel. There is a rescue keyword and a method which tells anaconda installer to get install files from my http server.

After that I was able to boot vm in rescue and rename my LVM virtual group.