Passed – RH423 Red Hat Enterprise Directory Services and Authentication

This week I had the “Red Hat Enterprise Directory Services and Authentication” course and exam in Amsterdam.

In the course we had some very nice stuff, like Red Hat DS and at the end Red Hat Enterprise IPA… all very cool… but today I had the exam (due to the RedHat NDA I am not allowed to say anything about the exam, so I won’t do it)… but a few hours after the exam I received my results… and I passed the exam :-D

Why is the script slow…

For a project I am working on migrating UNIX applications to Linux. Most of the scripting work supposed to be done in India, and that is where the issues came in. First you have a developer who knows how to work with M$ Technet and never worked with PERL before (at least 80% of the scripts is written in PERL).

First of all I introduced the user Net::LDAP within PERL, because they first did a ldapsearch, put the output into a ASCII file… and with a PERL script they structured the data… and loaded it into a Oracle database… so that was the first improvement.

Next there were several issues, like not good reading or understanding LDAP/PERL at all…

But at a certain moment, they start complaining about the fact that one of the scripts was slow… on the old system the script had a run time of 4 hours… and now it is up to 28 hours(!!!) :-( So they requested me to investigate this.

First I found a ‘main’ kornshell script doing the next thing:

for VAR in a b d e f g i j k m n o p q r s t u v w x y z
   for NAME in “‘” a b c d e f g h i j k l m n o p q r s t u v w x y z
   do $NAME $VAR

The content of the was something like:

use Net::LDAP;
$ldap = Net::LDAP->new($LDAP_SERVER);
$ldap->bind($LDAP_DN, password=>$LDAP_PASSWD) or die “Cannot connect”;
$mesg = $ldap->search(base=>$LDAP_BASE,
                     ) or die “Cannot connect”;

I thought that this costs a lot… loading PERL script, connecting to server, binding to it… et cetera… :-( And this was done in the original script > 2000 times :-|

So… I removed the loop out of the mainscript… and implemented it into the PERL-script, like this:


use Net::LDAP;

$ldap = Net::LDAP->new($LDAP_SERVER);
       “p”,”q”,”r”,”s”,”t”,”u”,”v”,”w”,”x”,”y”,”z”, “‘”);

$ldap->bind($LDAP_DN, password=>$LDAP_PASSWD) or die “Cannot connect”;

foreach $LOOP1 (@LOOP)
  foreach $LOOP2 (@LOOP)
     $mesg = $ldap->search(base=>$LDAP_BASE,
                          ) or die “Cannot connect”;


And this runs within 3 hours!!! And it is flying! :-D

There can be done more performance tuning… but that will be another project!

Did pass ITIL, LPIC201 and LPIC202

As I wrote before, I did pass RHCE, RHCT and LPIC1. After a few weeks of study I also passed LPIC2 and ITIL :-P

The results for ITIL:

Passing score: 65
Your score…: 67
Grade……..: PASSED

Section Title                          Score
————————————– —–
General                                 66
Service Desk                            66
Incident Management                     25
Problem Management                      80
Change Management                       80
Configuration Management                75
Release Management                     100
Service Level Management                66
Availability Management                  0
Capacity Management                     50
IT Service Continuity Management       100
Financial Management for IT Services   100
Other ITIL Topics                      100
Relationships                           50

During the exam I start mixing up ‘Availability management’ and ‘IT Service Continuity Management’, which resulted into a score of 0 for Availability management :-|

But I also passed LPIC 201 en LPIC 202.

LPIC 201 results:

Required score: 500
Your score….: 750
Status……..: PASS

Section                              Percent Correct
———————————— —————
Linux Kernel                               90%
System startup                             87%
Filesystem                                100%
Hardware                                   75%
File and Service Sharing                   87%
System Maintenance                         83%
System Customization & Automation          66%
Troubleshooting                            50%

LPIC 202 results:

Required score: 500
Your score….: 740
Status……..: PASS

Section                              Percent Correct

———————————— —————
Networking configuration                 85%
Mail & News                              92%
DNS                                      80%
Web Services                            100%
Network Client Management                66%
System Security                          80%
Network Troubleshooting                 100%

Maintain config-files using subversion

Every sysop might recognize this… I changed a config file some while ago… but what did I change and what is the history of that file. Besides of the changes, I want to have them in a backup :-)

So I decided to setup a config-file repository, where the servers can commit automaticly their changes using SVN over SSH. I use SSH to have no password prompts but certificates. Only the user svn-backup can commit files to the repository. On both server I only checked out the repository-part concerning them.

[root@tank] svn co
svn+ssh://[email protected]/repos/config-files/tank

And in the crontab for the user root, we have the next entry:

45 * * * */usr/local/backup/

And in the svn-backup script we have the next lines:

# Subversion script to backup configfiles
# Written by Pieter de Rijk <pieter -at->


cp -R /usr/local/etc/ $SVN_BACKUP_PATH/usr/local/etc/ > /dev/null 2> /dev/null
cp -R /etc/
$SVN_BACKUP_PATH/etc/ > /dev/null 2> /dev/null
rm -rf $SVN_BACKUP_PATH/usr/local/etc/squid/errors
rm -rf $SVN_BACKUP_PATH/usr/local/etc/squid/icons/*.jpg
rm -rf $SVN_BACKUP_PATH/usr/local/etc/squid/icons/*.gif
/usr/local/bin/svn up > /dev/null 2> /dev/null
for files in “`/usr/local/bin/svn status $SVN_BACKUP_PATH | grep ^?`”;
   ADD_FILE=`echo $files | awk ‘{ print $2 }’`
   if [ ! -z $ADD_FILE ];
     /usr/local/bin/svn add $ADD_FILE
/usr/local/bin/svn commit -m “[`hostname -s`] Config changes `date`”

And when something change I receive a message :-P

Only users in the wheel group can checkout the repositories, but are not allowed to commit :-D

make -j 32 bzImage

As I wrote before some vendor promissed me a 16-core machine…. and indeed we received it. Now I have my ‘toy’ placed in the basement. Besides of some trouble putting a modified version of RHEL 4.5 on it, it works fine. At this moment I’ve insta…