RHEL 7.4 officially released.

Today, Red Hat announced the official release of RHEL 7.4.

To know more about this new version you can read a summary of the RHEL 7.4 changes or the RHEL 7.4 Release Notes.

Several points can be highlighted:

  • docker overlay graph driver with SELinux in enforcing mode is now supported,
  • OpenSSL update (1.0.2k) brings support for ALPN & native HTTP/2,
  • System Security Services Daemon (SSSD) in a container is now fully supported,
  • Identity Management (IdM) server container is available as a Technology Preview feature,
  • OpenLDAP & Btrfs are deprecated and will be removed in future RHEL major versions.
Posted in RHEL7

Latest technical articles.

Over the past two weeks, the following technical articles have been published (or discovered):

Happy reading!

Posted in Others

New recent articles.

Many technical articles were published in the last two months:

Happy reading!

Note: Two objectives have recently been removed from the RHCSA exam:

  • Install RHEL using Kickstart,
  • Configure a physical machine to host virtual guests.

This means that you don’t need to learn KVM or Kickstart anymore to pass the RHCSA exam, using Virtual Box is enough.

Posted in Others

Available online Linux trainings.

Until one or two years there was almost no online trainings for the RHCSA & RHCE 7 certifications.

You had to take Red Hat classes or study by yourself through books.

Now, companies like EdX, Udemy and LinuxAcademy to name some of the most known have started to create good contents.

You can now find most of them in the dedicated RHEL 7 online training page.

Happy trainings!

Posted in RHEL7

Atomic Host.

If you like containers, at some point you will deploy them into production. And you will need a dedicated server to host them.
Atomic Host is the RedHat solution for this.
It is a lightweight version of RHEL/CentOS 7 (there is also a Fedora version) where :

  • only the /etc and /var directories are writable,
  • all the OS can be upgraded or rolled back atomically (hence the name) through the rpm-ostree mechanism,
  • there is no yum command nor man pages.

Take the time to discover this new animal through the Atomic Host tutorial.

Posted in RHEL7

RHEL 7 CPU governor.

I don’t know if you have already heard about CPU governor.

With the global warming, IT culture should integrate the various mechanisms available for reducing computer consumption.
In a perfect world, during the idle periods servers should adjust their clock frequency to get significant power saving. They should even stop through some scalability mechanisms if possible.

If you think a better understanding of technology can help our earth, have a look at the CPU governor tutorial.

Posted in RHEL7

RHEL 7.4 planned features and other news.

At the Red Hat annual summit the main planned features of RHEL 7.4 were disclosed.
You can find them in a dedicated page.
In addition, as of today, the RHEL 7.4 Beta has been released. Release notes are available here.

Also, new interesting Red Hat summit presentations were published this week:

Similarly, new Red Hat summit videos were released:

Of particular interest for exam candidates two labs were published:

Finally, several technical articles were recently posted:

Happy reading, watching, and labbing!

Posted in RHEL7

Red Hat Summit 2017.

The annual Red Hat summit 2017 happened last week.
The first videos are available on the Red Hat summit channel on Youtube.

Some presentations have already been published about:

Besides presentations you can also practice through:

More videos will progressively be released but be patient: last year it took Red Hat 3 months to publish most of the Red Hat Summit 2016 videos due to a problem with one of its subcontractors!

Posted in RHEL7

Do you know Cockpit?

Until recently I didn’t know what was exactly the Cockpit project.

I thought it was a new complicated panel for administrators looking for a GUI.

Difficult to install, to maintain, to understand …

In fact, it is just the contrary: easy to use with a zero memory and process footprint!

Take the time to discover the Cockpit project through the Cockpit tutorial, you won’t be disappointed.

Posted in RHEL7

What’s new with NetworkManager?

NetworkManager big update

From RHEL 7.2 to RHEL 7.3, NetworkManager moved from v1.0.6 to v1.4.0: a lot of things have changed.

Color is everywhere!

Use of colors in NetworkManager
NetworkManager now uses colors to match the status of a device or a connection and sorts the output for better clarity.


nmcli with ifconfig style
Invoking nmcli without argument displays all the network interfaces with an ifconfig style.

Also, connection add syntax is now consistent with connection modify.

Clever completion

When asking for completion, NetworkManager doesn’t propose inappropriate argument anymore: here the connection called Hotspot can’t be chosen because already inactive.

# nmcli con down [tab]
apath     id        path      virbr0    vlan40
help      Internet  uuid      vlan30


You need a bridge over VLAN? Software devices (bond, bridge, vlan, team, …) can now be stacked arbitrarily. The nmcli interface for creating master-slave relationships has been significantly improved by the use of ‘master’ argument to all link types.

IPv6 security improvements

IPv6 connection properties have been added like:

  • ipv6.addr-gen-mode: the stable privacy addressing is a tracking prevention mechanism implementing the RFC7217 (more details here); when enabled the property takes stable-privacy as value and eui64 when disabled,
  • ipv6.ip6-privacy: the privacy extension is a way to randomize MAC address as defined by the RFC4941 (more details here and here); when enabled the property takes 1 and 0 otherwise.

Wi-Fi improvements

  • Better security: several options have been added concerning the exposed MAC address of a Wi-Fi device during the scanning phase and after (see details here).
    The 802-11-wireless.cloned-mac-address property can now receive the following values:

    • A MAC address: this was already supported before 1.4.0 and allows to spoof a specific MAC address.
    • permanent: use the permanent MAC address of the device. Before 1.4.0, the permanent MAC address was used if the cloned-mac-address property was left empty, thus it was the default. In 1.4.0, it is still the default.
    • preserve: don’t change the MAC address of the device upon activation.
    • random: generate a randomized value upon each connect.
    • stable: generate a stable, hashed MAC address.
  • Better Wi-Fi scanning: with recent versions of wpa_supplicant, NetworkManager scanning behavior has been improved (see details here).
  • Wi-Fi power saving: Wi-Fi power saving can now be enabled globally or on a per-connection basis.

Various improvements

  • Support for more devices: NetworkManager can now manage tun, tap, macvlan, vxlan and IP tunnel devices.
  • More flexible VPN support: Many previous VPN restrictions have been removed. You can now import and export the VPN connection settings of most types of VPNs in the VPN’s native format using the nmcli connection export and nmcli connection import commands.
  • Compatibility with namespace-based containers: NetworkManager now runs fine in LXC and Docker.
  • Hostname management: hostname is now managed via systemd-hostnamed.
  • DHCP: timeout for DHCP requests can now be modified using the ipv4.dhcp-timeout property.
  • IPv4: support for detecting duplicate IPv4 addresses, with a timeout configurable through the ipv4.dad-timeout connection property, is now available.
  • Rollback: API for using configuration snapshots that automatically roll back after a timeout has been added. A remote network configuration tools like Cockpit can use this new feature to avoid situations where a mistake in the configuration makes the remote host unreachable.
  • DNS client: A new dns-priority property of ipv4 and ipv6 settings can be used to tweak the order of servers in resolv.conf. This will make things easier for users who often use multiple active connections.
  • Bandwidth monitoring: RX/TX counters of transferred bytes per interface are now exposed on D-Bus. With this, client applications can monitor the bandwidth.

There are still other improvements but they are too many to be all listed here!


Additional Resources

You can also read this Red Hat Article about setting up MACsec using wpa_supplicant and NetworkManager.
Support for OpenVSwitch bridge, bond and VLAN has been added to NetworkManager but is still not integrated in the RHEL 7.4 release.

Posted in RHEL7

Upcoming Events (CET)

  1. Mar

    1. 1:00 am - View Details
      CentOS: Dojo, Singapore.

RHCSA7: Task of the day

Allowed time: 5 minutes.
Add 100MB of swap space to the machine using a new logical volume.

RHCE7: Task of the day

Allowed time: 15 minutes.
Configure a Samba server called MYSERVER, belonging to the MYGROUP group, sharing the /shared directory with the name "shared".

Follow me on Twitter

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...