Yesterday, Red Hat released Red Hat Enterprise Linux 8.1. This update brings live Kernel patching to RHEL 8 (and RHEL 7.7). This will bring updates to a running system without needing to reboot it to load the new kernel. Red Hat will bring live patches to Kernels not older than one year.
Other enhancements can be found in Containers. It’s now possible to create custom SELinux rules for containers. A feature I’m very excited about is the option to run containers rootless. Containers running in user space are less vulnerable and need less privileges.
Other enhancements are:
- Chrony is rebased to version 4.5
- Tuned has been rebased to version 2.12
- PHP 7.3, Ruby 2.6 Node.js 12 and Nginx 1.16 are available via AppStream
- A command-line utility called healthcheck is available for IDM servers.
The complete release notes can be found here.
Last month, HashiCorp announced two certifications. One is for Terraform and the other for Vault. Let’s focus on Terraform, one of the fist and largest Infrastructure as Code (IaC) software providers out there. I am very excited about this method of validating my understanding and experience. For the Terraform exam, there are 9 objectives.
Both exams are Associate level, but since there is no equivalent exam for these products it’s basically the only way to ‘proof’ that you are familiar with the products HashiCorp is offering and many, many companies are using today. For a professional freelancer active in Linux infrastructure Solutions like myself it’s almost a must.
On the website adinermie.com all objectives can be found linking to the content you need to be familiar with. A good way to start learning. The HashiCorp exams will be taken proctored online. Price and availability yet to be announced.
After updating my Macbook to the latest OSX version Catalina, the xcode package wasn’t able to update anymore. After spending some time, this solution worked for me:
- Remove the xcode package by dragging it from the Applications folder to Trash
- In the Terminal, paste these two commands:
rm -rf ~/Library/Developer
rm -rf ~/Library/Caches/com.apple.dt.Xcode
- Reboot your machine
- Reinstall xcode from the App Store
This week I bought a Red Hat Learning Subscription. Training is a very important part for me as freelancer and you need to spend a minimum of 5% in time and budget on this every year. Since I have a long-term assignment, time is a bit of an issue. Yes. Learning needs to take place in the evenings and weekends. But since winter season is coming, it’s okay.
Both mu RHCSA and RHCE certifications are expired since a month or so. I was waiting for the RHEL8 exams to be ready but unfortunately I only had some days between release and expiry date. So I have to pass both again. RHCSA is easy. RHCE a bit more difficult for RHEL8, since Ansible is a big part of the exam. Since I’d already done EX407/Ansible in the past, RHCE shouldn’t be a big problem. But I do need to spend time in the lab in advanced. Red Hat exams are hands-on and setting up a Kerberised NFS share or iSCSI target isn’t daily routine (besides that: NetApp and 3PAR will take care of that).
So, RHCSA (easy), RHCE (more difficult) and EX407/Ansible need to be done again. With 4 more specialist exams I would achieve the Red Hat Certified Architect status. Unfortunately, getting the required training for – let’s say – Satellite or IPA is difficult. The products are licenced and the open source upstream isn’t always usable due to the integration with Red Hat products.
Getting training for a week will costs about 3.000 euro, but since I’m not able to work for that week, it will cost another 3.000 euro on income loss. So yes, a Red Hat learning subscription is expensive, but on the other hand really cheap. For the 7.000 euro you’d get access to all official training material and 5 exams of choice (and 2 retakes in total if needed).
For this year: RHCSA8, RHCE8 and EX407 (Certified Specialist in Ansible Automation). For next year I hope to do: EX403 (Red Hat Certified Specialist in Deployment and Systems Management), EX362 (Red Hat Certified Specialist in Identity Management), EX280 (Red Hat Certified Specialist in OpenShift Administration) and EX210 (Red Hat Certified System Administrator in Red Hat OpenStack).
I’m busy with the first CentOS 8 web server. Since I use DirectAdmin to make my live easier when it comes to hosting some websites the supplier of this web-based admin interface still has the Alpha-tag on the software. The main reason to be ready for CentOS 8 obviously is support for TLS1.3, which is a requirement for upcoming features like QUIC and http/3 support in the near future, making websites faster.
With the switch to CentOS 8 I’m also test-driving LiteSpeed as web server replacement for Nginx which is currently the frond-end used for Apache. And Apache is still needed for .htaccess and mod_rewrite support. I hope LiteSpeed (OpenLiteSpeed in this case) can replace both Apache and Nginx as a web server.
With these upgrade I’m also enabling DNSSEC extensions for the main domains used by the server, DNS and mail. The domain aklmedia.nl is already signed and IPv6 is enabled again. Due to some problems with my home provider I had to temporarily disable support in order to be able to access my own servers.
Earlier I wrote about the all-on-one messenger app Franz. I really liked the application, but unfortunately the developer is going way too commercial. The latest Franz version looks like a 1997 spareware application. So it was time to say goodby and goodluck.
There are multiple alternatives which I’ve tried. The best one is Station. It’s completely free, supports 500+ applications and as a bonus it has 1Password integration for those who use this as password manager. Now hope this developer isn’t going nuts and going to ask 6 euro/month.
This week I’ve ordered a Tesla Model 3 – Long Range (AWD). I’m going full electric. Main reason for this is that, as a business owner, you have to pay a tax addition for private use of your business owned vehicle. For normal cars this is 22% of the retail price, so about 350 Euro netto a month. For EV vehicles, this amount is only 4% (22% for all above 50k catalogus price). So it will save you about 52% in taxes paid.
While my main interest was actually a Kia e-Niro, delivery times for this vehicle exceed about one year. Tesla is more expensive but has many advantages. The Supercharger network for example, with very reasonable electricity pricing (25 cents/kWh). But also the larger range. Advertised with 560km the real range should be about 300 km if you drive 130 km/h on the highway.
Delivery should be somewhere end of september. Yes. That’s 5 weeks after the initial order. I don’t know how Tesla manages this but no other car vendor is able to deliver this fast.
Update 18-sep: Delivery is planned for Saturday 21 september. Meanwhile I’m busy changing the electricity network at home to prepare to switch from a single phase (230 Volts, 35A) to 3-phase (400 Volts, 25A) connection to the grid.
While Red Hat released RHEL 8.1 beta last month, the guys at the CentOS project finished building the packages and done the Q&A. It’s now time to release CentOS 8. I guess the ISO’s are available end of this month as well as the repositories.
If you can’t wait for CentOS 8 and need to start your RHCSA or RHCE study and have a home-lab, I’d suggest to create a free Red Hat Developer account. This gives you access to 1 Metal or a 12 VM license.
Update 14-sep: The CentOS team will focus on building the 7.7 packages first due to the larger customer base. After that, they will release CentOS 8.0.
Update 18-sep: CentOS 7.7 seems available. The CentOS website displays 24-sep as release date for CentOS 8.0.
While I’m still waiting for the CentOS 8 build, Red Hat released Enterprise Linux 7.7 this week as beta version. So far, the most important change is support for Python 3. Other changes include:
- The Samba package is rebased to version 4.9.1
- SSSD now fully supports sudo rules stored in AD
- The gcc-libraries are rebased to version 8.3.1
- Spectre V2 mitigation changed from IBRS to Retpoline
- The bind package is rebased to version 9.11
- NetworkManager now supports VLAN filtering on bridge interfaces
- NetworkManager now supports configuring policy routing rules
- The nss packages are updated for Firefox 60 ESR
- SCAP Security Guide supports Universal Base Image
- The chrony package is rebased to version 3.4
- The tuned package is rebased to version 2.11
- The web console (cockpit) is rebased to version 191
- The firewalld package is rebased to version 0.6.3
These services are now available in Technology Preview:
- Containerized Identity Management server
- Setting up IdM as a hidden replica
- DNSSEC (finally!)
- Use of AD and LDAP sudo providers
- Wayland desktop
- pNFS block layouts
- kexec to update running kernels
- YUM4, since Python 3 is now supported
- USB 3.0 support for KVM guests
The complete release notes can be found here on the Red Hat website.
Last week, Red Hat released Ansible 2.8. One of the major changes is the new become facility, which will deprecate many former sudo functions.
The deprecated CLI arguments for –sudo, –sudo-user, –ask-sudo-pass, -su, –su-user, and –ask-su-pass have been removed, in favor of the more generic –become, –become-user, –become-method, and –ask-become-pass. Check your ansible.cfg and start using the new syntax.Other (minor) changes:
Other changes I might check out:
Check out the complete Ansible 2.8 porting guide on this website.
Yesterday, Red Hat announced changes in the RHCE certification. As of RHEL8, the RHCE exam will include many parts of the EX407/Ansibe exam, since automation is getting more and more important. Current RHCE’s can recertify before the current RHCE (EX300) exam retires in June 2020.
More information can be found in this blogpost on the Red Hat website.