exec { "install-foo":
    command => "curl -s -o /tmp/foo.run http://example.com/foo.run \
                && chmod o+x /tmp/foo.run \
                && /tmp/foo.run ",
    creates => "/usr/local/bin/foo",
}

This is pretty straightforward. The “command” parameter downloads and installs the package, while the “creates” parameter tells Puppet not to execute the command again as long as “/usr/local/bin/foo” exists. This keeps Puppet from unnecessarily downloading and reinstalling the program over and over again, but what happens when there’s a new version of foo.run? How does puppet know when it’s time to upgrade?

There may be better ways of doing this, but here’s a simple approach that has worked well for me:

$serial = "2009092501"
$serialfile = "/var/log/puppet/foo.serial"
exec { "install-foo":
    command => "curl -s -o /tmp/foo.run http://example.com/foo.run \
                && chmod o+x /tmp/foo.run \
                && /tmp/foo.run \
                && echo \"$serial\" > \"$serialfile\"",",
    unless  => "test \"`cat $serialfile 2>/dev/null`\" = \"$serial\"",
}

Notice that after running the command, I echo the value of $serial into the file at $serialfile. Then I use the “unless” parameter to check if the contents of $serialfile equals the value stored in $serial. If the values match, the command will not be executed. But now when I want to upgrade the foo package, all I need to do is update the value of $serial.

You have chosen not to trust “Go Daddy Secure Certificate Authority”, the issuer of the server’s security certificate (SSL error 61).

The solution is to download the appropriate root certificates (Godaddy’s are here) and save them to /usr/lib/ICAClient/keystore/cacerts.

wget -P /usr/lib/ICAClient/keystore/cacerts --no-check-certificate https://certs.godaddy.com/repository/gd-class2-root.crt https://certs.godaddy.com/repository/gd_intermediate.crt https://certs.godaddy.com/repository/gd_cross_intermediate.crt

Edit: One of my co-workers has a script that will do this for you.

rename "s/foo/bar/" *.baz

The first parameter is a Perl expression. The second is a file glob. This command will replace the string foo with the string bar in all filenames ending in .baz.

The first thing you should know is that I had already been working professionally with Linux for ~10 years before I began studying for the exam. I doubt that so much experience is really necessary, but because the exam measures actual competency on live systems rather than your ability to memorize or “read between the lines,” I think it’s highly unlikely that someone with little or no working knowledge of Linux could successfully cram for this test. So I’d have to say that experience is an important prerequisite, but I’d also have to say that experience alone is almost certainly not enough. Considering the wide range of subject matter, it’s very likely that you’ll be tested on something you’ve never had to touch before.

In my opinion, the hardest thing about self-studying for the RHCE exam is knowing how much you need to know about each study point in the RHCE Prep Guide. In other words, when it says something like “you need to know basic configuration of x,” it’s hard to know exactly what “basic configuration” means. Although I’ve signed an NDA preventing me from revealing any details about the exam itself, I can tell you that nearly all of my study material came from two places:

1. RHCE Red Hat Certified Engineer Linux Study Guide by Michael Jang
2. Red Hat Deployment Guide

The rest of my study material came from search engines. I spent a lot of time comparing other people’s study notes to mine and reading anecdotes about the RHCE exam. While the result of this was usually a temporary blow to my confidence (there are a lot of horror stories out there!), I did find a few blogs and forum posts with some helpful information. Usually it was just an alternative way of doing something, but it was also nice to come across the occasional words of encouragement from a self-studied RHCE. Just knowing that other people had done it gave me a slight confidence boost (as I hope this post does for some of you).

The first thing I did was read Michael Jang’s book cover to cover, just trying to absorb what I considered to be the most important information from each chapter (i.e. concepts rather than commands). This took me a week or two. When I was done, I set up a test environment using VirtualBox. Then I decided it would help to have a condensed, single-page study guide to refer to, so I created a “wikified” version of the RHCE Prep Guide which I called my RHCE “cheat sheet”. For the next few weeks, I went through each study point on the “cheat sheet” and used my study material to test and document everything I thought I might need to know.

I found Michael Jang’s book to be a great study guide (the labs and example problems were a huge help), but I wasn’t completely happy with the amount of detail on some topics, as well as how it tends to follow the Red Hat course outlines rather than just sticking to the RHCE Prep Guide. I also found quite a few typos and just plain incorrect information, so that’s where the Red Hat Deployment Guide came in. While I was working on the RHCE “cheat sheet,” I would usually read the appropriate chapter(s) from Michael Jang’s book first, then I would supplement it with the appropriate chapter(s) from the Red Hat Deployment Guide. If I felt particularly weak in a certain area, I would also peruse the man pages and any HOWTOs I could find online. This was a long, arduous process, but it helped ensure that I wasn’t missing any important details.

For the last couple weeks, I tested myself by putting the “cheat sheet” away, doing a minimal install of CentOS in my test environment, and trying to configure everything I could without referring to any documentation whatsoever. Since the test takes place on a live system, I assumed from the beginning that the man pages would be available, but in order to save time, I wanted to make sure I could do everything off the top of my head. As a result, I ended up memorizing almost everything on the “cheat sheet,” which is probably why I was able to complete the exam so quickly.

Since I didn’t have a study partner, preparing for the troubleshooting section of the exam was a bit of a challenge. I did come across an interesting project called Trouble Maker which directly addresses this problem, but unfortunately, it has not been updated in several years and does not work on recent versions of CentOS. For a while, I actually considered writing my own trouble maker program, but I ultimately decided that this would be too much work. Luckily, I have a few friends who know enough about Linux to make a machine unbootable, so we made a game of it. I would give them my root password and challenge them to do something that would keep me from using my computer, then I would try to fix it as fast as I could.

When it was all said and done, I spent roughly six weeks (studying a few hours each day) to prepare for the RHCE. Considering how easy the exam was for me, I believe that I worked a lot harder than I needed to, but the results were clearly well worth the effort. The best advice I can give to prospective RHCEs is to take your time and practice until you can do everything in the RHCE Prep Guide off the top of your head. If you feel weak in anything, do yourself a favor and postpone the exam.

Even though I can do about 95% of the stuff on the RHCE Prep Guide off the top of my head, the horror stories I’ve been reading about this test are making me pretty nervous. Any tips from current RHCEs would be appreciated. Also, if anyone is interested in logging into my test machine at home and doing something to make it unbootable, that would help me practice for the troubleshooting part of the exam.

I’m scheduled to take the test in Philadelphia on September 4th, which coincidentally, is my birthday. I guess I won’t know if that’s a good thing or a bad thing until I get the test results.

_kerberos             IN  TXT  EXAMPLE.COM
_kerberos._udp        IN  SRV  0 0 88 server.example.com.
_kerberos._tcp        IN  SRV  0 0 88 server.example.com.
_kpasswd._udp         IN  SRV  0 0 464 server.example.com.
_kpasswd._tcp         IN  SRV  0 0 464 server.example.com.
_ldap._tcp.dc._msdcs  IN  SRV  0 0 389 server.example.com.

On your Linux box, set the fully-qualified hostname in /etc/sysconfig/network and /etc/hosts. Note that the first part of your hostname must be no longer than 15 characters and unique in the domain:

# /etc/sysconfig/network
HOSTNAME=myhostname.example.com

# /etc/hosts
127.0.0.1  myhostname.example.com  myhostname  localhost.localdomain localhost

Make sure your Linux box has a properly configured DNS client (probably pointing at your domain controllers):

search example.com
nameserver 192.168.1.10

Since Kerberos is very sensitive to clock drift, it’s a good idea to configure your Linux box as an NTP client to your domain controllers. Edit /etc/ntp.conf like so:

server server.example.com

Install Winbind and configure the service to start automatically:

yum install samba-common
chkconfig winbind on

Use Red hat’s authconfig command to configure Winbind authentication:

authconfig \
  --disablecache \
  --enablewinbind \
  --enablewinbindauth \
  --smbsecurity=ads \
  --smbworkgroup=EXAMPLE \
  --smbrealm=EXAMPLE.COM \
  --enablewinbindusedefaultdomain \
  --winbindtemplatehomedir=/home/%U \
  --winbindtemplateshell=/bin/bash \
  --enablekrb5 \
  --krb5realm=EXAMPLE.COM \
  --enablekrb5kdcdns \
  --enablekrb5realmdns \
  --enablelocauthorize \
  --enablemkhomedir \
  --enablepamaccess \
  --updateall

Now you should be able to join your Linux box to the domain:

net ads join -U Administrator

Start (or restart) the Winbind service:

service restart winbind

At this point, your Linux box should be participating on the Windows domain. You can test this by issuing wbinfo -u (to list all users in the domain), wbinfo -g (to list all groups in the domain), and getent passwd administrator (to list account information for the domain administrator).

To grow/extend a partition:

lvextend --size [size] [device]
resize2fs [device] [size]

To shrink/reduce a partition:

resize2fs [device] [size]
lvreduce --size [size] [device]

kernel.panic=60

This will automatically reboot your server 60 seconds after a kernel panic.

fish://your-server.com

It’s just like managing files on a remote Samba share, only it’s done completely over SSH!

Unfortunately, fish:// only works from within KDE applications, but that’s where SSHFS (Secure SHell FileSystem) comes in. With this tool, you can easily mount any remote filesystem over SSH for access by all of your applications. Goodbye FTP!

Some people may be interested in WinSCP, which provides similar functionality on Windows.