Advance your open source career with LPI
Linux Professional Institute (LPI) is the global certification standard and career support organization for open source professionals. With more than 175,000 certification holders, it’s the world’s first and largest vendor-neutral Linux and open source certification body. LPI has certified professionals in over 180 countries, delivers exams in multiple languages, and has hundreds of training partners. ECCS Africa is an LPI Approved Training Partner covering the Indian Ocean and African Region delivering Classroom Based Instructor Led, On-site, Virtual and Online Courses in English and French.
Linux Professional Institute Courses:
The Linux Essentials certificate is a great way to show employers that you have the foundational skills required for your next job or promotion. It also serves as an ideal stepping stone to the more advanced LPIC Professional Certification track for Linux Systems Administrators.
Linux adoption continues to rise world-wide as individual users, government entities and industries ranging from automotive to space exploration embrace open source technologies. This expansion of open source in enterprise is redefining traditional Information and Communication Technology (ICT) job roles to require more Linux skills. Whether you’re starting your career in open source, or looking for advancement, independently verifying your skill set can help you stand out to hiring managers or your management team.
The Linux Essential educational certificate also serves as a great introduction to the more complete and advanced Linux Professional certification track.
Current Version: 1.6 (Exam code 010-160)
Objectives: 010-160
Prerequisites: There are no prerequisites for this certification
Requirements: Passing the Linux Essentials 010 exam
Validity Period: Lifetime
Languages: English or French
To receive the Linux Essentials Certificate the candidate must:
- have an understanding of the Linux and open source industry and knowledge of the most popular open source Applications;
- understand the major components of the Linux operating system, and have the technical proficiency to work on the Linux command line; and
- have a basic understanding of security and administration related topics such as user/group management, working on the command line, and permissions.
LPIC-1 is the first certification in LPI’s multi-level Linux professional certification program. The LPIC-1 will validate the candidate’s ability to perform maintenance tasks on the command line, install and configure a computer running Linux and configure basic networking.
The LPIC-1 is designed to reflect current research and validate a candidate’s proficiency in real world system administration. The objectives are tied to real-world job skills, which we determine through job task analysis surveying during exam development.
Current version: 5.0 (Exam codes 101-500 and 102-500)
Prerequisites: There are no prerequisites for this certification.
Requirements: Passing the 101 and 102 exams. Each 90-minute exam is 60 multiple-choice and fill-in-the-blank questions.
Validity period: 5 years unless retaken or higher level is achieved.
Languages for exam available in VUE test centers: English, German, Japanese, Portuguese (Brazilian), Chinese (Simplified), Chinese (Traditional) and Spanish (Modern)
Languages for exam available online via OnVUE: English, Japanese
To become LPIC-1 certified the candidate must be able to:
- understand the architecture of a Linux system;
- install and maintain a Linux workstation, including X11 and setup it up as a network client;
- work at the Linux command line, including common GNU and Unix commands;
- handle files and access permissions as well as system security; and
- perform easy maintenance tasks: help users, add users to a larger system, backup and restore, shutdown and reboot.
Current Version: 5.0 (Exam codes 101-500 and 102-500)
Objectives: 101-500, 102-500
Prerequisites: There are no prerequisites for this certification
Requirements: Passing exams 101 and 102
Validity Period: 5 years
Languages: English, or French
To become LPIC-1 certified the candidate must be able to:
- understand the architecture of a Linux system;
- install and maintain a Linux workstation, including X11 and setup it up as a network client;
- work at the Linux command line, including common GNU and Unix commands;
- handle files and access permissions as well as system security; and
- perform easy maintenance tasks: help users, add users to a larger system, backup and restore, shutdown and reboot.
LPIC-2 is the second certification in LPI’s multi-level professional certification program. The LPIC-2 will validate the candidate’s ability to administer small to medium–sized mixed networks.
Current Version: 4.5 (Exam codes 201-450 and 202-450)
Objectives: 201-450, 202-450
Prerequisites: The candidate must have an active LPIC-1 certification to receive LPIC-2 certification
Requirements: Passing exams 201 and 202. Each 90-minute exam is 60 multiple-choice and fill-in-the-blank questions.
Validity Period: 5 years unless retaken or higher level is achieved.
Languages: English, French
To become LPIC-2 certified the candidate must be able to:
- perform advanced system administration, including common tasks regarding the Linux kernel, system startup and maintenance;
- perform advanced Management of block storage and file systems as well as advanced networking and authentication and system security, including firewall and VPN;
- install and configure fundamental network services, including DHCP, DNS, SSH, Web servers, file servers using FTP, NFS and Samba, email delivery; and
- supervise assistants and advise management on automation and purchases.
Current Version: 1.6 (Exam code 010-160)
Objectives: 010-160
Prerequisites: There are no prerequisites for this certification
Requirements: Passing the Linux Essentials 010 exam
Validity Period: Lifetime
Languages: English or French
To receive the Linux Essentials Certificate the candidate must:
- have an understanding of the Linux and open source industry and knowledge of the most popular open source Applications;
- understand the major components of the Linux operating system, and have the technical proficiency to work on the Linux command line; and
- have a basic understanding of security and administration related topics such as user/group management, working on the command line, and permissions.
The LPIC-3 certification is the culmination of LPI’s multi-level professional certification program. LPIC-3 is designed for the enterprise-level Linux professional and represents the highest level of professional, distribution-neutral Linux certification within the industry. Three separate LPIC-3 specialty certifications are available. Passing any one of the three exams will grant the LPIC-3 certification for that specialty.
The LPIC-3 300: Mixed Environment certification covers the administration of Linux systems enterprise-wide in a mixed environment.
Current Version: 1.0 (Exam code 300-100)
Objectives: 300-100
Prerequisites: The candidate must have an active LPIC-2 certification to receive LPIC-3 certification
Requirements: Passing the 300 exam. The 90-minute exam is 60 multiple-choice and fill-in-the-blank questions.
Validity Period: 5 years
Languages: English, French
Current Version: 1.6 (Exam code 010-160)
Objectives: 010-160
Prerequisites: There are no prerequisites for this certification
Requirements: Passing the Linux Essentials 010 exam
Validity Period: Lifetime
Languages: English or French
To receive the Linux Essentials Certificate the candidate must:
- have an understanding of the Linux and open source industry and knowledge of the most popular open source Applications;
- understand the major components of the Linux operating system, and have the technical proficiency to work on the Linux command line; and
- have a basic understanding of security and administration related topics such as user/group management, working on the command line, and permissions.
The LPIC-3 certification is the culmination of LPI’s multi-level professional certification program. LPIC-3 is designed for the enterprise-level Linux professional and represents the highest level of professional, distribution-neutral Linux certification within the industry. Three separate LPIC-3 specialty certifications are available. Passing any one of the three exams will grant the LPIC-3 certification for that specialty.
The LPIC-3 303: Security certification covers the administration of Linux systems enterprise-wide with an emphasis on security.
Current Version: 2.0 (Exam code 303-200)
Objectives: 303-200
Prerequisites: The candidate must have an active LPIC-2 certification to receive LPIC-3 certification
Requirements: Passing the 303 exam. The 90-minute exam is 60 multiple-choice and fill in the blank questions.
Validity Period: 5 years
Languages: English, French
Topic 325: Cryptography
325.1 X.509 Certificates and Public Key Infrastructures
Weight: 5
Description: Candidates should understand X.509 certificates and public key infrastructures. They should know how to configure and use OpenSSL to implement certification authorities and issue SSL certificates for various purposes.
Key Knowledge Areas:
Understand X.509 certificates, X.509 certificate lifecycle, X.509 certificate fields and X.509v3 certificate extensions
Understand trust chains and public key infrastructures
Generate and manage public and private keys
Create, operate and secure a certification authority
Request, sign and manage server and client certificates
Revoke certificates and certification authorities
The following is a partial list of the used files, terms and utilities:
openssl, including relevant subcommands
OpenSSL configuration
PEM, DER, PKCS
CSR
CRL
OCSP
325.2 X.509 Certificates for Encryption, Signing and Authentication
Weight: 4
Description: Candidates should know how to use X.509 certificates for both server and client authentication. Candidates should be able to implement user and server authentication for Apache HTTPD. The version of Apache HTTPD covered is 2.4 or higher.
Key Knowledge Areas:
Understand SSL, TLS and protocol versions
Understand common transport layer security threats, for example Man-in-the-Middle
Configure Apache HTTPD with mod_ssl to provide HTTPS service, including SNI and HSTS
Configure Apache HTTPD with mod_ssl to authenticate users using certificates
Configure Apache HTTPD with mod_ssl to provide OCSP stapling
Use OpenSSL for SSL/TLS client and server tests
Terms and Utilities:
Intermediate certification authorities
Cipher configuration (no cipher-specific knowledge)
httpd.conf
mod_ssl
openssl
325.3 Encrypted File Systems
Weight: 3
Description: Candidates should be able to setup and configure encrypted file systems.
Key Knowledge Areas:
Understand block device and file system encryption
Use dm-crypt with LUKS to encrypt block devices
Use eCryptfs to encrypt file systems, including home directories and
PAM integration
Be aware of plain dm-crypt and EncFS
Terms and Utilities:
cryptsetup
cryptmount
/etc/crypttab
ecryptfsd
ecryptfs-* commands
mount.ecryptfs, umount.ecryptfs
pam_ecryptfs
325.4 DNS and Cryptography
Weight: 5
Description: Candidates should have experience and knowledge of cryptography in the context of DNS and its implementation using BIND. The version of BIND covered is 9.7 or higher.
Key Knowledge Areas:
Understanding of DNSSEC and DANE
Configure and troubleshoot BIND as an authoritative name server serving DNSSEC secured zones
Configure BIND as an recursive name server that performs DNSSEC validation on behalf of its clients
Key Signing Key, Zone Signing Key, Key Tag
Key generation, key storage, key management and key rollover
Maintenance and re-signing of zones
Use DANE to publish X.509 certificate information in DNS
Use TSIG for secure communication with BIND
Terms and Utilities:
DNS, EDNS, Zones, Resource Records
DNS resource records: DS, DNSKEY, RRSIG, NSEC, NSEC3, NSEC3PARAM, TLSA
DO-Bit, AD-Bit
TSIG
named.conf
dnssec-keygen
dnssec-signzone
dnssec-settime
dnssec-dsfromkey
rndc
dig
delv
openssl
Topic 326: Host Security
326.1 Host Hardening
Weight: 3
Description: Candidates should be able to secure computers running Linux against common threats. This includes kernel and software configuration.
Key Knowledge Areas:
- Configure BIOS and boot loader (GRUB 2) security
- Disable useless software and services
- Use sysctl for security related kernel configuration, particularly ASLR, Exec-Shield and IP / ICMP configuration
- Exec-Shield and IP / ICMP configuration
- Limit resource usage
- Work with chroot environments
- Drop unnecessary capabilities
- Be aware of the security advantages of virtualization
Terms and Utilities:
- grub.cfg
- chkconfig, systemctl
- ulimit
- /etc/security/limits.conf
- pam_limits.so
- chroot
- sysctl
- /etc/sysctl.conf
326.2 Host Intrusion Detection
Weight: 4
Description: Candidates should be familiar with the use and configuration of common host intrusion detection software. This includes updates and maintenance as well as automated host scans.
Key Knowledge Areas:
- Use and configure the Linux Audit system
- Use chkrootkit
- Use and configure rkhunter, including updates
- Use Linux Malware Detect
- Automate host scans using cron
- Configure and use AIDE, including rule management
- Be aware of OpenSCAP
Terms and Utilities:
- auditd
- auditctl
- ausearch, aureport
- auditd.conf
- auditd.rules
- pam_tty_audit.so
- chkrootkit
- rkhunter
- /etc/rkhunter.conf
- maldet
- conf.maldet
- aide
- /etc/aide/aide.conf
326.3 User Management and Authentication
Weight: 5
Description: Candidates should be familiar with management and authentication of user accounts. This includes configuration and use of NSS, PAM, SSSD and Kerberos for both local and remote directories and authentication mechanisms as well as enforcing a password policy.
Key Knowledge Areas:
- Understand and configure NSS
- Understand and configure PAM
- Enforce password complexity policies and periodic password changes
- Lock accounts automatically after failed login attempts
- Configure and use SSSD
- Configure NSS and PAM for use with SSSD
- Configure SSSD authentication against Active Directory, IPA, LDAP, Kerberos and local domains
- Kerberos and local domains
- Obtain and manage Kerberos tickets
Terms and Utilities:
- nsswitch.conf
- /etc/login.defs
- pam_cracklib.so
- chage
- pam_tally.so, pam_tally2.so
- faillog
- pam_sss.so
- sssd
- sssd.conf
- sss_* commands
- krb5.conf
- kinit, klist, kdestroy
326.4 FreeIPA Installation and Samba Integration
Weight: 4
Description: Candidates should be familiar with FreeIPA v4.x. This includes installation and maintenance of a server instance with a FreeIPA domain as well as integration of FreeIPA with Active Directory.
Key Knowledge Areas:
- Understand FreeIPA, including its architecture and components
- Understand system and configuration prerequisites for installing FreeIPA
- Install and manage a FreeIPA server and domain
- Understand and configure Active Directory replication and Kerberos cross-realm trusts
- Be aware of sudo, autofs, SSH and SELinux integration in FreeIPA
Terms and Utilities:
- 389 Directory Server, MIT Kerberos, Dogtag Certificate System, NTP, DNS, SSSD, certmonger
- ipa, including relevant subcommands
- ipa-server-install, ipa-client-install, ipa-replica-install
- ipa-replica-prepare, ipa-replica-manage
Topic 327: Access Control
327.1 Discretionary Access Control
Weight: 3
Description: Candidates are required to understand Discretionary Access Control and know how to implement it using Access Control Lists. Additionally, candidates are required to understand and know how to use Extended Attributes.
Key Knowledge Areas:
- Understand and manage file ownership and permissions, including SUID and SGID
- Understand and manage access control lists
- Understand and manage extended attributes and attribute classes
Terms and Utilities:
- getfacl
- setfacl
- getfattr
- setfattr
327.2 Mandatory Access Control
Weight: 4
Description: Candidates should be familiar with Mandatory Access Control systems for Linux. Specifically, candidates should have a thorough knowledge of SELinux. Also, candidates should be aware of other Mandatory Access Control systems for Linux. This includes major features of these systems but not configuration and use.
Key Knowledge Areas:
- Understand the concepts of TE, RBAC, MAC and DAC
- Configure, manage and use SELinux
- Be aware of AppArmor and Smack
Terms and Utilities:
- getenforce, setenforce, selinuxenabled
- getsebool, setsebool, togglesebool
- fixfiles, restorecon, setfiles
- newrole, runcon
- semanage
- sestatus, seinfo
- apol
- seaudit, seaudit-report, audit2why, audit2allow
- /etc/selinux/*
327.3 Network File Systems
Weight: 3
Description: Candidates should have experience and knowledge of security issues in use and configuration of NFSv4 clients and servers as well as CIFS client services. Earlier versions of NFS are not required knowledge.
Key Knowledge Areas:
- Understand NFSv4 security issues and improvements
- Configure NFSv4 server and clients
- Understand and configure NFSv4 authentication mechanisms (LIPKEY, SPKM, Kerberos)
- Understand and use NFSv4 pseudo file system
- Understand and use NFSv4 ACLs
- Configure CIFS clients
- Understand and use CIFS Unix Extensions
- Understand and configure CIFS security modes (NTLM, Kerberos)
- Understand and manage mapping and handling of CIFS ACLs and SIDs in a Linux system
Terms and Utilities:
- /etc/exports
- /etc/idmap.conf
- nfs4acl
- mount.cifs parameters related to ownership, permissions and security modes
- winbind
- getcifsacl, setcifsacl
Topic 328: Network Security
328.1 Network Hardening
Weight: 4
Description: Candidates should be able to secure networks against common threats. This includes verification of the effectiveness of security measures.
Key Knowledge Areas:
Configure FreeRADIUS to authenticate network nodes
Use nmap to scan networks and hosts, including different scan methods
Use Wireshark to analyze network traffic, including filters and statistics
Identify and deal with rogue router advertisements and DHCP messages
Terms and Utilities:
radiusd
radmin
radtest, radclient
radlast, radwho
radiusd.conf
/etc/raddb/*
nmap
wireshark
tshark
tcpdump
ndpmon
328.2 Network Intrusion Detection
Weight: 4
Description: Candidates should be familiar with the use and configuration of network security scanning, network monitoring and network intrusion detection software. This includes updating and maintaining the security scanners.
Key Knowledge Areas:
Implement bandwidth usage monitoring
Configure and use Snort, including rule management
Configure and use OpenVAS, including NASL
Terms and Utilities:
ntop
Cacti
snort
snort-stat
/etc/snort/*
openvas-adduser, openvas-rmuser
openvas-nvt-sync
openvassd
openvas-mkcert
/etc/openvas/*
328.3 Packet Filtering
Weight: 5
Description: Candidates should be familiar with the use and configuration of packet filters. This includes netfilter, iptables and ip6tables as well as basic knowledge of nftables, nft and ebtables.
Key Knowledge Areas:
Understand common firewall architectures, including DMZ
Understand and use netfilter, iptables and ip6tables, including standard modules, tests and targets
Implement packet filtering for both IPv4 and IPv6
Implement connection tracking and network address translation
Define IP sets and use them in netfilter rules
Have basic knowledge of nftables and nft
Have basic knowledge of ebtables
Be aware of conntrackd
Terms and Utilities:
iptables
ip6tables
iptables-save, iptables-restore
ip6tables-save, ip6tables-restore
ipset
nft
ebtables
328.4 Virtual Private Networks
Weight: 4
Description: Candidates should be familiar with the use of OpenVPN and IPsec.
Key Knowledge Areas:
Configure and operate OpenVPN server and clients for both bridged and routed VPN networks
Configure and operate IPsec server and clients for routed VPN networks using IPsec-Tools / racoon
Awareness of L2TP
Terms and Utilities:
/etc/openvpn/*
openvpn server and client
setkey
/etc/ipsec-tools.conf
/etc/racoon/racoon.conf
The LPIC-3 certification is the culmination of LPI’s multi-level professional certification program. LPIC-3 is designed for the enterprise-level Linux professional and represents the highest level of professional, distribution-neutral Linux certification within the industry. Three separate LPIC-3 specialty certifications are available. Passing any one of the three exams will grant the LPIC-3 certification for that specialty.
The LPIC-3 304: Virtualization and High Availability certification covers the administration of Linux systems enterprise-wide with an emphasis on Virtualization & High Availability.
Current Version: 2.0 (Exam code 304-200)
Objectives: 304-200
Prerequisites: The candidate must have an active LPIC-2 certification to receive LPIC-3 certification
Requirements: Passing the 304 exam. The 90-minute exam is 60 multiple-choice and fill in the blank questions.
Validity Period: 5 years
Languages: English, French
Topic 330: Virtualization
330.1 Virtualization Concepts and Theory
Weight: 8
Description: Candidates should know and understand the general concepts, theory and terminology of Virtualization. This includes Xen, KVM and libvirt terminology.
Key Knowledge Areas:
Terminology
Pros and Cons of Virtualization
Variations of Virtual Machine Monitors
Migration of Physical to Virtual Machines
Migration of Virtual Machines between Host systems
Cloud Computing
The following is a partial list of the used files, terms and utilities:
Hypervisor
Hardware Virtual Machine (HVM)
Paravirtualization (PV)
Container Virtualization
Emulation and Simulation
CPU flags
/proc/cpuinfo
Migration (P2V, V2V)
IaaS, PaaS, SaaS
330.2 Xen
Weight: 9
Description: Candidates should be able to install, configure, maintain, migrate and troubleshoot Xen installations. The focus is on Xen version 4.x.
Key Knowledge Areas:
Xen architecture, networking and storage
Xen configuration
Xen utilities
Troubleshooting Xen installations
Basic knowledge of XAPI
Awareness of XenStore
Awareness of Xen Boot Parameters
Awareness of the xm utility
Terms and Utilities:
Domain0 (Dom0), DomainU (DomU)
PV-DomU, HVM-DomU
/etc/xen/
xl
xl.cfg
xl.conf
xe
xentop
330.3 KVM
Weight: 9
Description: Candidates should be able to install, configure, maintain, migrate and troubleshoot KVM installations.
Key Knowledge Areas:
KVM architecture, networking and storage
KVM configuration
KVM utilities
Troubleshooting KVM installations
Terms and Utilities:
Kernel modules: kvm, kvm-intel and kvm-amd
/etc/kvm/
/dev/kvm
kvm
KVM monitor
qemu
qemu-img
330.4 Other Virtualization Solutions
Weight: 3
Description: Candidates should have some basic knowledge and experience with alternatives to Xen and KVM.
Key Knowledge Areas:
Basic knowledge of OpenVZ and LXC
Awareness of other virtualization technologies
Basic knowledge of virtualization provisioning tools
Terms and Utilities:
OpenVZ
VirtualBox
LXC
docker
packer
vagrant
330.5 Libvirt and Related Tools
Weight: 5
Description: Candidates should have basic knowledge and experience with the libvirt library and commonly available tools.
Key Knowledge Areas:
libvirt architecture, networking and storage
Basic technical knowledge of libvirt and virsh
Awareness of oVirt
Terms and Utilities:
libvirtd
/etc/libvirt/
virsh
oVirt
330.6 Cloud Management Tools
Weight: 2
Description: Candidates should have basic feature knowledge of commonly available cloud management tools.
Key Knowledge Areas:
Basic feature knowledge of OpenStack and CloudStack
Awareness of Eucalyptus and OpenNebula
Terms and Utilities:
OpenStack
CloudStack
Eucalyptus
OpenNebula
Topic 334: High Availability Cluster Management
334.1 High Availability Concepts and Theory
Weight: 5
Description: Candidates should understand the properties and design approaches of high availability clusters.
Key Knowledge Areas:
- Understand the most important cluster architectures
- Understand recovery and cluster reorganization mechanisms
- Design an appropriate cluster architecture for a given purpose
- Application aspects of high availability
- Operational considerations of high availability
Terms and Utilities:
- Active/Passive Cluster, Active/Active Cluster
- Failover Cluster, Load Balanced Cluster
- Shared-Nothing Cluster, Shared-Disk Cluster
- Cluster resources
- Cluster services
- Quorum
- Fencing
- Split brain
- Redundancy
- Mean Time Before Failure (MTBF)
- Mean Time To Repair (MTTR)
- Service Level Agreement (SLA)
- Disaster Recovery
- Replication
- Session handling
334.2 Load Balanced Clusters
Weight: 6
Description: Candidates should know how to install, configure, maintain and troubleshoot LVS. This includes the configuration and use of keepalived and ldirectord. Candidates should further be able to install, configure, maintain and troubleshoot HAProxy.
Key Knowledge Areas:
- Understanding of LVS / IPVS
- Basic knowledge of VRRP
- Configuration of keepalived
- Configuration of ldirectord
- Backend server network configuration
- Understanding of HAProxy
- Configuration of HAProxy
Terms and Utilities:
- ipvsadm
- syncd
- LVS Forwarding (NAT, Direct Routing, Tunneling, Local Node)
- connection scheduling algorithms
- keepalived configuration file
- ldirectord configuration file
- genhash
- HAProxy configuration file
- load balancing algorithms
- ACLs
334.3 Failover Clusters
Weight: 6
Description: Candidates should have experience in the installation, configuration, maintenance and troubleshooting of a Pacemaker cluster. This includes the use of Corosync. The focus is on Pacemaker 1.1 for Corosync 2.x.
Key Knowledge Areas:
- Pacemaker architecture and components (CIB, CRMd, PEngine, LRMd, DC, STONITHd)
- Pacemaker cluster configuration
- Resource classes (OCF, LSB, Systemd, Upstart, Service, STONITH, Nagios)
- Resource rules and constraints (location, order, colocation)
- Advanced resource features (templates, groups, clone resources, multi-state resources)
- Pacemaker management using pcs
- Pacemaker management using crmsh
- Configuration and Management of corosync in conjunction with Pacemaker
- Awareness of other cluster engines (OpenAIS, Heartbeat, CMAN)
Terms and Utilities:
- pcs
- crm
- crm_mon
- crm_verify
- crm_simulate
- crm_shadow
- crm_resource
- crm_attribute
- crm_node
- crm_standby
- cibadmin
- corosync.conf
- authkey
- corosync-cfgtool
- corosync-cmapctl
- corosync-quorumtool
- stonith_admin
334.4 High Availability in Enterprise Linux Distributions
Weight: 1
Description: Candidates should be aware of how enterprise Linux distributions integrate High Availability technologies.
Key Knowledge Areas:
- Basic knowledge of Red Hat Enterprise Linux High Availability Add-On
- Basic knowledge of SUSE Linux Enterprise High Availability Extension
Terms and Utilities:
- Distribution specific configuration tools
- Integration of cluster engines, load balancers, storage technology, cluster filesystems, etc.
Topic 335: High Availability Cluster Storage
335.1 DRBD / cLVM
Weight: 3
Description: Candidates are expected to have the experience and knowledge to install, configure, maintain and troubleshoot DRBD devices. This includes integration with Pacemaker. DRBD configuration of version 8.4.x is covered. Candidates are further expected to be able to manage LVM configuration within a shared storage cluster.
Key Knowledge Areas:
Understanding of DRBD resources, states and replication modes
Configuration of DRBD resources, networking, disks and devices
Configuration of DRBD automatic recovery and error handling
Management of DRBD using drbdadm
Basic knowledge of drbdsetup and drbdmeta
Integration of DRBD with Pacemaker
cLVM
Integration of cLVM with Pacemaker
Terms and Utilities:
Protocol A, B and C
Primary, Secondary
Three-way replication
drbd kernel module
drbdadm
drbdsetup
drbdmeta
/etc/drbd.conf
/proc/drbd
LVM2
clvmd
vgchange, vgs
335.2 Clustered File Systems
Weight: 3
Description: Candidates should know how to install, maintain and troubleshoot installations using GFS2 and OCFS2. This includes integration with Pacemaker as well as awareness of other clustered filesystems available in a Linux environment.
Key Knowledge Areas:
Understand the principles of cluster file systems
Create, maintain and troubleshoot GFS2 file systems in a cluster
Create, maintain and troubleshoot OCFS2 file systems in a cluster
Integration of GFS2 and OCFS2 with Pacemaker
Awareness of the O2CB cluster stack
Awareness of other commonly used clustered file systems
Terms and Utilities:
Distributed Lock Manager (DLM)
mkfs.gfs2
mount.gfs2
fsck.gfs2
gfs2_grow
gfs2_edit
gfs2_jadd
mkfs.ocfs2
mount.ocfs2
fsck.ocfs2
tunefs.ocfs2
mounted.ocfs2
o2info
o2image
CephFS
GlusterFS
AFS
Businesses across the globe are increasingly implementing DevOps practices to optimize daily systems administration and software development tasks. As a result, businesses across industries are hiring IT professionals that can effectively apply DevOps to reduce delivery time and improve quality in the development of new software products.
To meet this growing need for qualified professionals, LPI developed the Linux Professional Institute DevOps Tools Engineer certification which verifies the skills needed to use the tools that enhance collaboration in workflows throughout system administration and software development.
In developing the Linux Professional Institute DevOps Tools Engineer certification, LPI reviewed the DevOps tools landscape and defined a set of essential skills when applying DevOps. As such, the certification exam focuses on the practical skills required to work successfully in a DevOps environment – focusing on the skills needed to use the most prominent DevOps tools. The result is a certification that covers the intersection between development and operations, making it relevant for all IT professionals working in the field of DevOps.
Current Version: 1.0 (Exam code 701-100)
Objectives: 701-100
Prerequisites: There are no prerequisites for this certification.
Requirements: Pass the Linux Professional Institute DevOps Tools Engineer exam. The 90-minute exam consists of 60 multiple choice and fill-in-the-blank questions.
Validity Period: 5 years
Languages: English, French
To receive the Linux Professional Institute DevOps Tools Engineer Certification the candidate must:
- Have a working knowledge of DevOps-related domains such as Software Engineering and Architecture, Container and Machine Deployment, Configuration Management and Monitoring.
- Have proficiency in prominent free and open source utilities such as Docker, Vagrant, Ansible, Puppet, Git, and Jenkins.
Topic 701: Software Engineering
701.1 Modern Software Development (weight: 6)
Weight: 6
Description: Candidates should be able to design software solutions suitable for modern runtime environments. Candidates should understand how services handle data persistence, sessions, status information, transactions, concurrency, security, performance, availability, scaling, load balancing, messaging, monitoring and APIs. Furthermore, candidates should understand the implications of agile and DevOps on software development.
Key Knowledge Areas:
Understand and design service based applications
Understand common API concepts and standards
Understand aspects of data storage, service status and session handling
Design software to be run in containers
Design software to be deployed to cloud services
Awareness of risks in the migration and integration of monolithic legacy software
Understand common application security risks and ways to mitigate them
Understand the concept of agile software development
Understand the concept of DevOps and its implications to software developers and operators
The following is a partial list of the used files, terms and utilities:
REST, JSON
Service Orientated Architectures (SOA)
Microservices
Immutable servers
Loose coupling
Cross site scripting, SQL injections, verbose error reports, API authentication, consistent enforcement of transport encryption
CORS headers and CSRF tokens
ACID properties and CAP theorem
701.2 Standard Components and Platforms for Software (weight: 2)
Weight: 2
Description: Candidates should understand services offered by common cloud platforms. They should be able to include these services in their application architectures and deployment toolchains and understand the required service configurations. OpenStack service components are used as a reference implementation.
Key Knowledge Areas:
Features and concepts of object storage
Features and concepts of relational and NoSQL databases
Features and concepts of message brokers and message queues
Features and concepts of big data services
Features and concepts of application runtimes / PaaS
Features and concepts of content delivery networks
The following is a partial list of the used files, terms and utilities:
OpenStack Swift
OpenStack Trove
OpenStack Zaqar
CloudFoundry
OpenShift
701.3 Source Code Management (weight: 5)
Weight: 5
Description: Candidates should be able to use Git to manage and share source code. This includes creating and contributing to a repository as well as the usage of tags, branches and remote repositories. Furthermore, the candidate should be able to merge files and resolve merging conflicts.
Key Knowledge Areas:
Understand Git concepts and repository structure
Manage files within a Git repository
Manage branches and tags
Work with remote repositories and branches as well as submodules
Merge files and branches
Awareness of SVN and CVS, including concepts of centralized and distributed SCM solutions
The following is a partial list of the used files, terms and utilities:
git
.gitignore
701.4 Continuous Integration and Continuous Delivery (weight: 5)
Weight: 5
Description: Candidates should understand the principles and components of a continuous integration and continuous delivery pipeline. Candidates should be able to implement a CI/CD pipeline using Jenkins, including triggering the CI/CD pipeline, running unit, integration and acceptance tests, packaging software and handling the deployment of tested software artifacts. This objective covers the feature set of Jenkins version 2.0 or later.
Key Knowledge Areas:
Understand the concepts of Continuous Integration and Continuous Delivery
Understand the components of a CI/CD pipeline, including builds, unit, integration and acceptance tests, artifact management, delivery and deployment
Understand deployment best practices
Understand the architecture and features of Jenkins, including Jenkins Plugins, Jenkins API, notifications and distributed builds
Define and run jobs in Jenkins, including parameter handling
Fingerprinting, artifacts and artifact repositories
Understand how Jenkins models continuous delivery pipelines and implement a declarative continuous delivery pipeline in Jenkins
Awareness of possible authentication and authorization models
Understanding of the Pipeline Plugin
Understand the features of important Jenkins modules such as Copy Artifact Plugin, Fingerprint Plugin, Docker Pipeline, Docker Build and Publish plugin, Git Plugin, Credentials Plugin
Awareness of Artifactory and Nexus
The following is a partial list of the used files, terms and utilities:
Step, Node, Stage
Jenkins SDL
Jenkinsfile
Declarative Pipeline
Blue-green and canary deployment
Topic 702: Container Management
702.1 Container Usage (weight: 7)
Weight: 7
Description: Candidates should be able to build, share and operate Docker containers. This includes creating Dockerfiles, using a Docker registry, creating and interacting with containers as well as connecting containers to networks and storage volumes. This objective covers the feature set of Docker version 17.06 or later.
Key Knowledge Areas:
- Understand the Docker architecture
- Use existing Docker images from a Docker registry
- Create Dockerfiles and build images from Dockerfiles
- Upload images to a Docker registry
- Operate and access Docker containers
- Connect container to Docker networks
- Use Docker volumes for shared and persistent container storage
The following is a partial list of the used files, terms and utilities:
- docker
- Dockerfile
- .dockerignore
702.2 Container Deployment and Orchestration (weight: 5)
Weight: 5
Description: Candidates should be able to run and manage multiple containers that work together to provide a service. This includes the orchestration of Docker containers using Docker Compose in conjunction with an existing Docker Swarm cluster as well as using an existing Kubernetes cluster. This objective covers the feature sets of Docker Compose version 1.14 or later, Docker Swarm included in Docker 17.06 or later and Kubernetes 1.6 or later.
Key Knowledge Areas:
- Understand the application model of Docker Compose
- Create and run Docker Compose Files (version 3 or later)
- Understand the architecture and functionality of Docker Swarm mode
- Run containers in a Docker Swarm, including the definition of services, stacks and the usage of secrets
- Understand the architecture and application model Kubernetes
- Define and manage a container-based application for Kubernetes, including the definition of Deployments, Services, ReplicaSets and Pods
The following is a partial list of the used files, terms and utilities:
- docker-compose
- docker
- kubectl
702.3 Container Infrastructure (weight: 4)
Weight: 4
Description: Candidates should be able to set up a runtime environment for containers. This includes running containers on a local workstation as well as setting up a dedicated container host. Furthermore, candidates should be aware of other container infrastructures, storage, networking and container specific security aspects. This objective covers the feature set of Docker version 17.06 or later and Docker Machine 0.12 or later.
Key Knowledge Areas:
- Use Docker Machine to setup a Docker host
- Understand Docker networking concepts, including overlay networks
- Create and manage Docker networks
- Understand Docker storage concepts
- Create and manage Docker volumes
- Awareness of Flocker and flannel
- Understand the concepts of service discovery
- Basic feature knowledge of CoreOS Container Linux, rkt and etcd
- Understand security risks of container virtualization and container images and how to mitigate them
The following is a partial list of the used files, terms and utilities:
- docker-machine
Topic 703: Machine Deployment
703.1 Virtual Machine Deployment (weight: 4)
Weight: 4
Description: Candidates should be able to automate the deployment of a virtual machine with an operating system and a specific set of configuration files and software.
Key Knowledge Areas:
- Understand Vagrant architecture and concepts, including storage and networking
- Retrieve and use boxes from Atlas
- Create and run Vagrantfiles
- Access Vagrant virtual machines
- Share and synchronize folder between a Vagrant virtual machine and the host system
- Understand Vagrant provisioning, including File, Shell, Ansible and Docker
- Understand multi-machine setup
The following is a partial list of the used files, terms and utilities:
- vagrant
- Vagrantfile
703.2 Cloud Deployment (weight: 2)
Weight: 2
Description: Candidates should be able to configure IaaS cloud instances and adjust them to match their available hardware resources, specifically, disk space and volumes. Additinally, candidates should be able to configure instances to allow secure SSH logins and prepare the instances to be ready for a configuration management tool such as Ansible.
Key Knowledge Areas:
- Understanding the features and concepts of cloud-init, including user-data and initializing and configuring cloud-init
- Use cloud-init to create, resize and mount file systems, configure user accounts, including login credentials such as SSH keys and install software packages from the distribution’s repository
- Understand the features and implications of IaaS clouds and virtualization for a computing instance, such as snapshotting, pausing, cloning and resource limits.
703.3 System Image Creation (weight: 2)
Weight: 2
Description: Candidates should be able to create images for containers, virtual machines and IaaS cloud instances.
Key Knowledge Areas:
- Understand the functionality and features of Packer
- Create and maintain template files
- Build images from template files using different builders
The following is a partial list of the used files, terms and utilities:
- packer
Topic 704: Configuration Management
704.1 Ansible (weight: 8)
Weight: 8
Description: Candidates should be able to use Ansible to ensure a target server is in a specific state regarding its configuration and installed software. This objective covers the feature set of Ansible version 2.2 or later.
Key Knowledge Areas:
- Understand the principles of automated system configuration and software installation
- Create and maintain inventory files
- Understand how Ansible interacts with remote systems
- Manage SSH login credentials for Ansible, including using unprivileged login accounts
- Create, maintain and run Ansible playbooks, including tasks, handlers, conditionals, loops and registers
- Set and use variables
- Maintain secrets using Ansible vaults
- Write Jinja2 templates, including using common filters, loops and conditionals
- Understand and use Ansible roles and install Ansible roles from Ansible Galaxy
- Understand and use important Ansible tasks, including file, copy, template, ini_file, lineinfile, patch, replace, user, group, command, shell, service, systemd, cron, apt, debconf, yum, git, and debug
- Awareness of dynamic inventory
- Awareness of Ansibles features for non-Linux systems
- Awareness of Ansible containers
The following is a partial list of the used files, terms and utilities:
- ansible.cfg
- ansible-playbook
- ansible-vault
- ansible-galaxy
- ansible-doc
704.2 Other Configuration Management Tools (weight: 2)
Weight: 2
Description: Candidates should understand the main features and principles of important configuration management tools other than Ansible.
Key Knowledge Areas:
- Basic feature and architecture knowledge of Puppet.
- Basic feature and architecture knowledge of Chef.
The following is a partial list of the used files, terms and utilities:
- Manifest, Class, Recipe, Cookbook
- puppet
- chef
- chef-solo
- chef-client
- chef-server-ctl
- knife
Topic 705: Service Operations
705.1 IT Operations and Monitoring (weight: 4)
Weight: 4
Description: Candidates should understand how IT infrastructure is involved in delivering a service. This includes knowledge about the major goals of IT operations, understanding functional and nonfunctional properties of an IT services and ways to monitor and measure them using Prometheus. Furthermore candidates should understand major security risks in IT infrastructure. This objective covers the feature set of Prometheus 1.7 or later.
Key Knowledge Areas:
Understand goals of IT operations and service provisioning, including nonfunctional properties such as availability, latency, responsiveness
Understand and identify metrics and indicators to monitor and measure the technical functionality of a service
Understand and identify metrics and indicators to monitor and measure the logical functionality of a service
Understand the architecture of Prometheus, including Exporters, Pushgateway, Alertmanager and Grafana
Monitor containers and microservices using Prometheus
Understand the principles of IT attacks against IT infrastructure
Understand the principles of the most important ways to protect IT infrastructure
Understand core IT infrastructure components and their the role in deployment
The following is a partial list of the used files, terms and utilities:
Prometheus, Node exporter, Pushgateway, Alertmanager, Grafana
Service exploits, brute force attacks, and denial of service attacks
Security updates, packet filtering and application gateways
Virtualization hosts, DNS and load balancers
705.2 Log Management and Analysis (weight: 4)
Weight: 4
Description: Candidates should understand the role of log files in operations and troubleshooting. They should be able to set up centralized logging infrastructure based on Logstash to collect and normalize log data. Furthermore, candidates should understand how Elasticsearch and Kibana help to store and access log data.
Key Knowledge Areas:
Understand how application and system logging works
Understand the architecture and functionality of Logstash, including the lifecycle of a log message and Logstash plugins
Understand the architecture and functionality of Elasticsearch and Kibana in the context of log data management (Elastic Stack)
Configure Logstash to collect, normalize, transform and store log data
Configure syslog and Filebeat to send log data to Logstash
Configure Logstash to send email alerts
Understand application support for log management
The following is a partial list of the used files, terms and utilities:
logstash
input, filter, output
grok filter
Log files, metrics
syslog.conf
/etc/logstash/logstash.yml
/etc/filebeat/filebeat.yml
Linux Professional Institute BSD Specialist
The BSD Specialist certification is part of the Linux Professional Institute Open Technology certification program. The exam focuses on the practical skills required to work successfully in a FreeBSD, NetBSD or OpenBSD environment and tests the knowledge and skills needed to administer BSD operating systems.
The typical BSD Specialist certification holder is a system administrator of BSD operating systems. The certification holder has an understanding of the architecture of the BSD operating systems. This includes the ability to manage various aspects of a BSD installation, including the management of user accounts and groups, processes, file systems, installed software, and client networking configuration. The candidate is experienced in using standard BSD and Unix tools on the command line.
Current Version: 1.0 (Exam code 702-100)
Objectives: 702-100
Prerequisites: There are no prerequisites for this certification.
Requirements: Pass the Linux Professional Institute BSD Specialist exam. The 90-minute exam consists of 60 multiple choice and fill-in-the-blank questions.
Validity Period: 5 years
Cost: Click here for exam pricing in your country.
Languages: English
To receive the BSD Specialist Certification the candidate must:
- Have a working knowledge of BSD operating systems: FreeBSD, NetBSD, and OpenBSD
- Be able to install, manage, and configure BSD operating system
- Be able to configure hardware, set kernel parameters, and manage system security
- Have basic knowledge in BSD system administration, job scheduling, and system automation
- Have basic network administration knowledge
ECCS Africa is a leading LPI Training Partner, we deliver the full range of official Linux Professional Institute Courses courses for IT professionals across Africa. Courses are delivered at our Training Facility, Onsite, Virtual or using our Virtual Learning Platform.