Blog category: Linux

Comparsion of Ansible and Puppet exams by Red Hat

I had an opportunity to take both exams related to those two most popular automation and configuration management frameworks. Here are some thoughts about the Red Hat’s 405 (Puppet) and 407 (Ansible) exams.

My thoughts on RedHat's EX403 exam

I’ve recently gained the Certificate of Expertise in Enterprise Deployment and Systems Management after passing EX403 . I took the exam in the City of London as an individual session - this time on KOALA - Kiosk On A Laptop. On the RedHat’s site the exam is advertised to take three hours but after starting the exam I found that the clock shows four hours.

Packer, Ansible, CentOS and requiretty

If you’ve tried running Packer with CentOS on AWS, you probably noticed this:

    sudo: sorry, you must have a tty to run sudo

SELinux, confined users and Systemtap

While we’re waiting for CVE-2016-5195 to be patched, RedHat released a workaround for the most common form of the exploit being run in the wild. It uses systemtap to block access to mem_write function.

I wanted to apply it and started tests, only to find that stap returned EPERM while loading the module! As I’m running with SELinux enabled, I checked the /var/log/audit/audit.log. Surprisingly there was no AVCs with deny! Although most of the calls are audited, you can mark some to be silently dropped by audit. You can disable that filter using semanage dontaudit off. I run stap again and… bingo!