LPI Linux Professional Institute

Advance your open source career with LPI

Linux Professional Institute (LPI) is the global certification standard and career support organization for open source professionals. With more than 175,000 certification holders, it’s the world‚Äôs first and largest vendor-neutral Linux and open source certification body. LPI has certified professionals in over 180 countries, delivers exams in multiple languages, and has hundreds of training partners. ECCS Africa is an LPI Approved Training Partner covering the Indian Ocean and African Region delivering Classroom Based Instructor Led, On-site, Virtual and Online Courses in English and French. 

Linux Professional Institute Courses:

The Linux Essentials certificate is a great way to show employers that you have the foundational skills required for your next job or promotion. It also serves as an ideal stepping stone to the more advanced LPIC Professional Certification track for Linux Systems Administrators.

Linux adoption continues to rise world-wide as individual users, government entities and industries ranging from automotive to space exploration embrace open source technologies. This expansion of open source in enterprise is redefining traditional Information and Communication Technology (ICT) job roles to require more Linux skills. Whether you’re starting your career in open source, or looking for advancement, independently verifying your skill set can help you stand out to hiring managers or your management team.
The Linux Essential educational certificate also serves as a great introduction to the more complete and advanced Linux Professional certification track.

Current Version: 1.6 (Exam code 010-160)
Objectives: 010-160
Prerequisites: There are no prerequisites for this certification
Requirements: Passing the Linux Essentials 010 exam
Validity Period: Lifetime
Languages: English or French

To receive the Linux Essentials Certificate the candidate must:

  • have an understanding of the Linux and open source industry and knowledge of the most popular open source Applications;
  • understand the major components of the Linux operating system, and have the technical proficiency to work on the Linux command line; and
  • have a basic understanding of security and administration related topics such as user/group management, working on the command line, and permissions.

LPIC-1 is the first certification in LPI‚Äôs multi-level Linux professional certification program. The LPIC-1 will validate the candidate’s ability to perform maintenance tasks on the command line, install and configure a computer running Linux and configure basic networking.

The LPIC-1 is designed to reflect current research and validate a candidate’s proficiency in real world system administration. The objectives are tied to real-world job skills, which we determine through job task analysis surveying during exam development.

Current version: 5.0 (Exam codes 101-500 and 102-500)

Objectives: 101-500, 102-500

Prerequisites: There are no prerequisites for this certification.
Requirements: Passing the 101 and 102 exams. Each 90-minute exam is 60 multiple-choice and fill-in-the-blank questions.
Validity period: 5 years unless retaken or higher level is achieved.
Languages for exam available in VUE test centers: English, German, Japanese, Portuguese (Brazilian), Chinese (Simplified), Chinese (Traditional) and Spanish (Modern)
Languages for exam available online via OnVUE: English, Japanese

To become LPIC-1 certified the candidate must be able to:

  • understand the architecture of a Linux system;
  • install and maintain a Linux workstation, including X11 and setup it up as a network client;
  • work at the Linux command line, including common GNU and Unix commands;
  • handle files and access permissions as well as system security; and
  • perform easy maintenance tasks: help users, add users to a larger system, backup and restore, shutdown and reboot.

Current Version: 5.0 (Exam codes 101-500 and 102-500)
Objectives: 101-500, 102-500
Prerequisites: There are no prerequisites for this certification
Requirements: Passing exams 101 and 102
Validity Period: 5 years
Languages: English, or French 

To become LPIC-1 certified the candidate must be able to:

  • understand the architecture of a Linux system;
  • install and maintain a Linux workstation, including X11 and setup it up as a network client;
  • work at the Linux command line, including common GNU and Unix commands;
  • handle files and access permissions as well as system security; and
  • perform easy maintenance tasks: help users, add users to a larger system, backup and restore, shutdown and reboot.

LPIC-2 is the second certification in LPI‚Äôs multi-level professional certification program. The LPIC-2 will validate the candidate’s ability to administer small to medium‚Äďsized mixed networks. 

Current Version: 4.5 (Exam codes 201-450 and 202-450)
Objectives: 201-450, 202-450
Prerequisites: The candidate must have an active LPIC-1 certification to receive LPIC-2 certification
Requirements: Passing exams 201 and 202. Each 90-minute exam is 60 multiple-choice and fill-in-the-blank questions.
Validity Period: 5‚Äč years unless retaken or higher level is achieved.
Languages: English, French

To become LPIC-2 certified the candidate must be able to:

  • perform advanced system administration, including common tasks regarding the Linux kernel, system startup and maintenance;
  • perform advanced Management of block storage and file systems as well as advanced networking and authentication and system security, including firewall and VPN;
  • install and configure fundamental network services, including DHCP, DNS, ¬†SSH, Web servers, file servers using FTP, NFS and Samba, email delivery; and
  • supervise assistants and advise management on automation and purchases.

Current Version: 1.6 (Exam code 010-160)
Objectives: 010-160
Prerequisites: There are no prerequisites for this certification
Requirements: Passing the Linux Essentials 010 exam
Validity Period: Lifetime
Languages: English or French

To receive the Linux Essentials Certificate the candidate must:

  • have an understanding of the Linux and open source industry and knowledge of the most popular open source Applications;
  • understand the major components of the Linux operating system, and have the technical proficiency to work on the Linux command line; and
  • have a basic understanding of security and administration related topics such as user/group management, working on the command line, and permissions.

The LPIC-3 certification is the culmination of LPI’s multi-level professional certification program. LPIC-3 is designed for the enterprise-level Linux professional and represents the highest level of professional, distribution-neutral Linux certification within the industry. Three separate LPIC-3 specialty certifications are available. Passing any one of the three exams will grant the LPIC-3 certification for that specialty.

The LPIC-3 300: Mixed Environment certification covers the administration of Linux systems enterprise-wide in a mixed environment.

Current Version: 1.0 (Exam code 300-100)
Objectives: 300-100
Prerequisites: The candidate must have an active LPIC-2 certification to receive LPIC-3 certification
Requirements: Passing the 300 exam. The 90-minute exam is 60 multiple-choice and fill-in-the-blank questions.
Validity Period: 5 years
Languages: English, French

Current Version: 1.6 (Exam code 010-160)
Objectives: 010-160
Prerequisites: There are no prerequisites for this certification
Requirements: Passing the Linux Essentials 010 exam
Validity Period: Lifetime
Languages: English or French

To receive the Linux Essentials Certificate the candidate must:

  • have an understanding of the Linux and open source industry and knowledge of the most popular open source Applications;
  • understand the major components of the Linux operating system, and have the technical proficiency to work on the Linux command line; and
  • have a basic understanding of security and administration related topics such as user/group management, working on the command line, and permissions.

The LPIC-3 certification is the culmination of LPI’s multi-level professional certification program. LPIC-3 is designed for the enterprise-level Linux professional and represents the highest level of professional, distribution-neutral Linux certification within the industry. Three separate LPIC-3 specialty certifications are available. Passing any one of the three exams will grant the LPIC-3 certification for that specialty.

The LPIC-3 303: Security certification covers the administration of Linux systems enterprise-wide with an emphasis on security.

Current Version: 2.0 (Exam code 303-200)
Objectives: 303-200
Prerequisites: The candidate must have an active LPIC-2 certification to receive LPIC-3 certification
Requirements: Passing the 303 exam. The 90-minute exam is 60 multiple-choice and fill in the blank questions.
Validity Period: 5 years
Languages: English, French

Topic 325: Cryptography

325.1 X.509 Certificates and Public Key Infrastructures

Weight: 5

Description: Candidates should understand X.509 certificates and public key infrastructures. They should know how to configure and use OpenSSL to implement certification authorities and issue SSL certificates for various purposes.

Key Knowledge Areas:

  • Understand X.509 certificates, X.509 certificate lifecycle, X.509 certificate fields and X.509v3 certificate extensions

  • Understand trust chains and public key infrastructures

  • Generate and manage public and private keys

  • Create, operate and secure a certification authority

  • Request, sign and manage server and client certificates

  • Revoke certificates and certification authorities

The following is a partial list of the used files, terms and utilities:

  • openssl, including relevant subcommands

  • OpenSSL configuration

  • PEM, DER, PKCS

  • CSR

  • CRL

  • OCSP

325.2 X.509 Certificates for Encryption, Signing and Authentication

Weight: 4

Description: Candidates should know how to use X.509 certificates for both server and client authentication. Candidates should be able to implement user and server authentication for Apache HTTPD. The version of Apache HTTPD covered is 2.4 or higher.

Key Knowledge Areas:

  • Understand SSL, TLS and protocol versions

  • Understand common transport layer security threats, for example Man-in-the-Middle

  • Configure Apache HTTPD with mod_ssl to provide HTTPS service, including SNI and HSTS

  • Configure Apache HTTPD with mod_ssl to authenticate users using certificates

  • Configure Apache HTTPD with mod_ssl to provide OCSP stapling

  • Use OpenSSL for SSL/TLS client and server tests

Terms and Utilities:

  • Intermediate certification authorities

  • Cipher configuration (no cipher-specific knowledge)

  • httpd.conf

  • mod_ssl

  • openssl

325.3 Encrypted File Systems

Weight: 3

Description: Candidates should be able to setup and configure encrypted file systems.

Key Knowledge Areas:

  • Understand block device and file system encryption

  • Use dm-crypt with LUKS to encrypt block devices

  • Use eCryptfs to encrypt file systems, including home directories and

  • PAM integration

  • Be aware of plain dm-crypt and EncFS

Terms and Utilities:

  • cryptsetup

  • cryptmount

  • /etc/crypttab

  • ecryptfsd

  • ecryptfs-*¬†commands

  • mount.ecryptfs, umount.ecryptfs

  • pam_ecryptfs

325.4 DNS and Cryptography

Weight: 5

Description: Candidates should have experience and knowledge of cryptography in the context of DNS and its implementation using BIND. The version of BIND covered is 9.7 or higher.

Key Knowledge Areas:

  • Understanding of DNSSEC and DANE

  • Configure and troubleshoot BIND as an authoritative name server serving DNSSEC secured zones

  • Configure BIND as an recursive name server that performs DNSSEC validation on behalf of its clients

  • Key Signing Key, Zone Signing Key, Key Tag

  • Key generation, key storage, key management and key rollover

  • Maintenance and re-signing of zones

  • Use DANE to publish X.509 certificate information in DNS

  • Use TSIG for secure communication with BIND

Terms and Utilities:

  • DNS, EDNS, Zones, Resource Records

  • DNS resource records: DS, DNSKEY, RRSIG, NSEC, NSEC3, NSEC3PARAM, TLSA

  • DO-Bit,¬†AD-Bit

  • TSIG

  • named.conf

  • dnssec-keygen

  • dnssec-signzone

  • dnssec-settime

  • dnssec-dsfromkey

  • rndc

  • dig

  • delv

  • openssl

Topic 326: Host Security

326.1 Host Hardening

Weight: 3

Description: Candidates should be able to secure computers running Linux against common threats. This includes kernel and software configuration.

Key Knowledge Areas:

  • Configure BIOS and boot loader (GRUB 2) security
  • Disable useless software and services
  • Use sysctl for security related kernel configuration, particularly ASLR, Exec-Shield and IP / ICMP configuration
  • Exec-Shield and IP / ICMP configuration
  • Limit resource usage
  • Work with chroot environments
  • Drop unnecessary capabilities
  • Be aware of the security advantages of virtualization

Terms and Utilities:

  • grub.cfg
  • chkconfig, systemctl
  • ulimit
  • /etc/security/limits.conf
  • pam_limits.so
  • chroot
  • sysctl
  • /etc/sysctl.conf

326.2 Host Intrusion Detection

Weight: 4

Description: Candidates should be familiar with the use and configuration of common host intrusion detection software. This includes updates and maintenance as well as automated host scans.

Key Knowledge Areas:

  • Use and configure the Linux Audit system
  • Use chkrootkit
  • Use and configure rkhunter, including updates
  • Use Linux Malware Detect
  • Automate host scans using cron
  • Configure and use AIDE, including rule management
  • Be aware of OpenSCAP

Terms and Utilities:

  • auditd
  • auditctl
  • ausearch, aureport
  • auditd.conf
  • auditd.rules
  • pam_tty_audit.so
  • chkrootkit
  • rkhunter
  • /etc/rkhunter.conf
  • maldet
  • conf.maldet
  • aide
  • /etc/aide/aide.conf

326.3 User Management and Authentication

Weight: 5

Description: Candidates should be familiar with management and authentication of user accounts. This includes configuration and use of NSS, PAM, SSSD and Kerberos for both local and remote directories and authentication mechanisms as well as enforcing a password policy.

Key Knowledge Areas:

  • Understand and configure NSS
  • Understand and configure PAM
  • Enforce password complexity policies and periodic password changes
  • Lock accounts automatically after failed login attempts
  • Configure and use SSSD
  • Configure NSS and PAM for use with SSSD
  • Configure SSSD authentication against Active Directory, IPA, LDAP, Kerberos and local domains
  • Kerberos and local domains
  • Obtain and manage Kerberos tickets

Terms and Utilities:

  • nsswitch.conf
  • /etc/login.defs
  • pam_cracklib.so
  • chage
  • pam_tally.so, pam_tally2.so
  • faillog
  • pam_sss.so
  • sssd
  • sssd.conf
  • sss_*¬†commands
  • krb5.conf
  • kinit, klist, kdestroy

326.4 FreeIPA Installation and Samba Integration

Weight: 4

Description: Candidates should be familiar with FreeIPA v4.x. This includes installation and maintenance of a server instance with a FreeIPA domain as well as integration of FreeIPA with Active Directory.

Key Knowledge Areas:

  • Understand FreeIPA, including its architecture and components
  • Understand system and configuration prerequisites for installing FreeIPA
  • Install and manage a FreeIPA server and domain
  • Understand and configure Active Directory replication and Kerberos cross-realm trusts
  • Be aware of sudo, autofs, SSH and SELinux integration in FreeIPA

Terms and Utilities:

  • 389 Directory Server, MIT Kerberos, Dogtag Certificate System, NTP, DNS, SSSD, certmonger
  • ipa, including relevant subcommands
  • ipa-server-install, ipa-client-install, ipa-replica-install
  • ipa-replica-prepare, ipa-replica-manage

Topic 327: Access Control

327.1 Discretionary Access Control

Weight: 3

Description: Candidates are required to understand Discretionary Access Control and know how to implement it using Access Control Lists. Additionally, candidates are required to understand and know how to use Extended Attributes.

Key Knowledge Areas:

  • Understand and manage file ownership and permissions, including SUID and SGID
  • Understand and manage access control lists
  • Understand and manage extended attributes and attribute classes

Terms and Utilities:

  • getfacl
  • setfacl
  • getfattr
  • setfattr

327.2 Mandatory Access Control

Weight: 4

Description: Candidates should be familiar with Mandatory Access Control systems for Linux. Specifically, candidates should have a thorough knowledge of SELinux. Also, candidates should be aware of other Mandatory Access Control systems for Linux. This includes major features of these systems but not configuration and use.

Key Knowledge Areas:

  • Understand the concepts of TE, RBAC, MAC and DAC
  • Configure, manage and use SELinux
  • Be aware of AppArmor and Smack

Terms and Utilities:

  • getenforce, setenforce, selinuxenabled
  • getsebool, setsebool, togglesebool
  • fixfiles, restorecon, setfiles
  • newrole,¬†runcon
  • semanage
  • sestatus, seinfo
  • apol
  • seaudit, seaudit-report, audit2why, audit2allow
  • /etc/selinux/*

327.3 Network File Systems

Weight: 3

Description: Candidates should have experience and knowledge of security issues in use and configuration of NFSv4 clients and servers as well as CIFS client services. Earlier versions of NFS are not required knowledge.

Key Knowledge Areas:

  • Understand NFSv4 security issues and improvements
  • Configure NFSv4 server and clients
  • Understand and configure NFSv4 authentication mechanisms (LIPKEY, SPKM, Kerberos)
  • Understand and use NFSv4 pseudo file system
  • Understand and use NFSv4 ACLs
  • Configure CIFS clients
  • Understand and use CIFS Unix Extensions
  • Understand and configure CIFS security modes (NTLM, Kerberos)
  • Understand and manage mapping and handling of CIFS ACLs and SIDs in a Linux system

Terms and Utilities:

  • /etc/exports
  • /etc/idmap.conf
  • nfs4acl
  • mount.cifs parameters related to ownership, permissions and security modes
  • winbind
  • getcifsacl, setcifsacl

Topic 328: Network Security

328.1 Network Hardening

Weight: 4

Description: Candidates should be able to secure networks against common threats. This includes verification of the effectiveness of security measures.

Key Knowledge Areas:

  • Configure FreeRADIUS to authenticate network nodes

  • Use nmap to scan networks and hosts, including different scan methods

  • Use Wireshark to analyze network traffic, including filters and statistics

  • Identify and deal with rogue router advertisements and DHCP messages

Terms and Utilities:

  • radiusd

  • radmin

  • radtest, radclient

  • radlast,¬†radwho

  • radiusd.conf

  • /etc/raddb/*

  • nmap

  • wireshark

  • tshark

  • tcpdump

  • ndpmon

328.2 Network Intrusion Detection

Weight: 4

Description: Candidates should be familiar with the use and configuration of network security scanning, network monitoring and network intrusion detection software. This includes updating and maintaining the security scanners.

Key Knowledge Areas:

  • Implement bandwidth usage monitoring

  • Configure and use Snort, including rule management

  • Configure and use OpenVAS, including NASL

Terms and Utilities:

  • ntop

  • Cacti

  • snort

  • snort-stat

  • /etc/snort/*

  • openvas-adduser, openvas-rmuser

  • openvas-nvt-sync

  • openvassd

  • openvas-mkcert

  • /etc/openvas/*

328.3 Packet Filtering

Weight: 5

Description: Candidates should be familiar with the use and configuration of packet filters. This includes netfilter, iptables and ip6tables as well as basic knowledge of nftables, nft and ebtables.

Key Knowledge Areas:

  • Understand common firewall architectures, including DMZ

  • Understand and use netfilter, iptables and ip6tables, including standard modules, tests and targets

  • Implement packet filtering for both IPv4 and IPv6

  • Implement connection tracking and network address translation

  • Define IP sets and use them in netfilter rules

  • Have basic knowledge of nftables and nft

  • Have basic knowledge of ebtables

  • Be aware of conntrackd

Terms and Utilities:

  • iptables

  • ip6tables

  • iptables-save, iptables-restore

  • ip6tables-save, ip6tables-restore

  • ipset

  • nft

  • ebtables

328.4 Virtual Private Networks

Weight: 4

Description: Candidates should be familiar with the use of OpenVPN and IPsec.

Key Knowledge Areas:

  • Configure and operate OpenVPN server and clients for both bridged and routed VPN networks

  • Configure and operate IPsec server and clients for routed VPN networks using IPsec-Tools / racoon

  • Awareness of L2TP

Terms and Utilities:

  • /etc/openvpn/*

  • openvpn server and client

  • setkey

  • /etc/ipsec-tools.conf

  • /etc/racoon/racoon.conf

The LPIC-3 certification is the culmination of LPI’s multi-level professional certification program. LPIC-3 is designed for the enterprise-level Linux professional and represents the highest level of professional, distribution-neutral Linux certification within the industry. Three separate LPIC-3 specialty certifications are available. Passing any one of the three exams will grant the LPIC-3 certification for that specialty.

The LPIC-3 304: Virtualization and High Availability certification covers the administration of Linux systems enterprise-wide with an emphasis on Virtualization & High Availability.

Current Version: 2.0 (Exam code 304-200)
Objectives: 304-200
Prerequisites: The candidate must have an active LPIC-2 certification to receive LPIC-3 certification
Requirements: Passing the 304 exam. The 90-minute exam is 60 multiple-choice and fill in the blank questions.
Validity Period: 5 years
Languages: English, French

Topic 330: Virtualization

330.1 Virtualization Concepts and Theory

Weight: 8

Description: Candidates should know and understand the general concepts, theory and terminology of Virtualization. This includes Xen, KVM and libvirt terminology.

Key Knowledge Areas:

  • Terminology

  • Pros and Cons of Virtualization

  • Variations of Virtual Machine Monitors

  • Migration of Physical to Virtual Machines

  • Migration of Virtual Machines between Host systems

  • Cloud Computing

The following is a partial list of the used files, terms and utilities:

  • Hypervisor

  • Hardware Virtual Machine (HVM)

  • Paravirtualization (PV)

  • Container Virtualization

  • Emulation and Simulation

  • CPU flags

  • /proc/cpuinfo

  • Migration (P2V, V2V)

  • IaaS, PaaS, SaaS

330.2 Xen

Weight: 9

Description: Candidates should be able to install, configure, maintain, migrate and troubleshoot Xen installations. The focus is on Xen version 4.x.

Key Knowledge Areas:

  • Xen architecture, networking and storage

  • Xen configuration

  • Xen utilities

  • Troubleshooting Xen installations

  • Basic knowledge of XAPI

  • Awareness of XenStore

  • Awareness of Xen Boot Parameters

  • Awareness of the xm utility

Terms and Utilities:

  • Domain0 (Dom0), DomainU (DomU)

  • PV-DomU, HVM-DomU

  • /etc/xen/

  • xl

  • xl.cfg

  • xl.conf

  • xe

  • xentop

330.3 KVM

Weight: 9

Description: Candidates should be able to install, configure, maintain, migrate and troubleshoot KVM installations.

Key Knowledge Areas:

  • KVM architecture, networking and storage

  • KVM configuration

  • KVM utilities

  • Troubleshooting KVM installations

Terms and Utilities:

  • Kernel modules:¬†kvm, kvm-intel and kvm-amd

  • /etc/kvm/

  • /dev/kvm

  • kvm

  • KVM¬†monitor

  • qemu

  • qemu-img

330.4 Other Virtualization Solutions

Weight: 3

Description: Candidates should have some basic knowledge and experience with alternatives to Xen and KVM.

Key Knowledge Areas:

  • Basic knowledge of OpenVZ and LXC

  • Awareness of other virtualization technologies

  • Basic knowledge of virtualization provisioning tools

Terms and Utilities:

  • OpenVZ

  • VirtualBox

  • LXC

  • docker

  • packer

  • vagrant

330.5 Libvirt and Related Tools

Weight: 5

Description: Candidates should have basic knowledge and experience with the libvirt library and commonly available tools.

Key Knowledge Areas:

  • libvirt architecture, networking and storage

  • Basic technical knowledge of libvirt and virsh

  • Awareness of oVirt

Terms and Utilities:

  • libvirtd

  • /etc/libvirt/

  • virsh

  • oVirt

330.6 Cloud Management Tools

Weight: 2

Description: Candidates should have basic feature knowledge of commonly available cloud management tools.

Key Knowledge Areas:

  • Basic feature knowledge of OpenStack and CloudStack

  • Awareness of Eucalyptus and OpenNebula

Terms and Utilities:

  • OpenStack

  • CloudStack

  • Eucalyptus

  • OpenNebula

Topic 334: High Availability Cluster Management

334.1 High Availability Concepts and Theory

Weight: 5

Description: Candidates should understand the properties and design approaches of high availability clusters.

Key Knowledge Areas:

  • Understand the most important cluster architectures
  • Understand recovery and cluster reorganization mechanisms
  • Design an appropriate cluster architecture for a given purpose
  • Application aspects of high availability
  • Operational considerations of high availability

Terms and Utilities:

  • Active/Passive Cluster, Active/Active Cluster
  • Failover Cluster, Load Balanced Cluster
  • Shared-Nothing Cluster, Shared-Disk Cluster
  • Cluster resources
  • Cluster services
  • Quorum
  • Fencing
  • Split brain
  • Redundancy
  • Mean Time Before Failure (MTBF)
  • Mean Time To Repair (MTTR)
  • Service Level Agreement (SLA)
  • Disaster Recovery
  • Replication
  • Session handling

334.2 Load Balanced Clusters

Weight: 6

Description: Candidates should know how to install, configure, maintain and troubleshoot LVS. This includes the configuration and use of keepalived and ldirectord. Candidates should further be able to install, configure, maintain and troubleshoot HAProxy.

Key Knowledge Areas:

  • Understanding of LVS / IPVS
  • Basic knowledge of VRRP
  • Configuration of¬†keepalived
  • Configuration of¬†ldirectord
  • Backend server network configuration
  • Understanding of HAProxy
  • Configuration of HAProxy

Terms and Utilities:

  • ipvsadm
  • syncd
  • LVS Forwarding (NAT, Direct Routing, Tunneling, Local Node)
  • connection scheduling algorithms
  • keepalived¬†configuration file
  • ldirectord¬†configuration file
  • genhash
  • HAProxy configuration file
  • load balancing algorithms
  • ACLs

334.3 Failover Clusters

Weight: 6

Description: Candidates should have experience in the installation, configuration, maintenance and troubleshooting of a Pacemaker cluster. This includes the use of Corosync. The focus is on Pacemaker 1.1 for Corosync 2.x.

Key Knowledge Areas:

  • Pacemaker architecture and components (CIB, CRMd, PEngine, LRMd, DC, STONITHd)
  • Pacemaker cluster configuration
  • Resource classes (OCF, LSB, Systemd, Upstart, Service, STONITH, Nagios)
  • Resource rules and constraints (location, order, colocation)
  • Advanced resource features (templates, groups, clone resources, multi-state resources)
  • Pacemaker management using¬†pcs
  • Pacemaker management using¬†crmsh
  • Configuration and Management of¬†corosync¬†in conjunction with Pacemaker
  • Awareness of other cluster engines (OpenAIS, Heartbeat, CMAN)

Terms and Utilities:

  • pcs
  • crm
  • crm_mon
  • crm_verify
  • crm_simulate
  • crm_shadow
  • crm_resource
  • crm_attribute
  • crm_node
  • crm_standby
  • cibadmin
  • corosync.conf
  • authkey
  • corosync-cfgtool
  • corosync-cmapctl
  • corosync-quorumtool
  • stonith_admin

334.4 High Availability in Enterprise Linux Distributions

Weight: 1

Description: Candidates should be aware of how enterprise Linux distributions integrate High Availability technologies.

Key Knowledge Areas:

  • Basic knowledge of Red Hat Enterprise Linux High Availability Add-On
  • Basic knowledge of SUSE Linux Enterprise High Availability Extension

Terms and Utilities:

  • Distribution specific configuration tools
  • Integration of cluster engines, load balancers, storage technology, cluster filesystems, etc.

Topic 335: High Availability Cluster Storage

335.1 DRBD / cLVM

Weight: 3

Description: Candidates are expected to have the experience and knowledge to install, configure, maintain and troubleshoot DRBD devices. This includes integration with Pacemaker. DRBD configuration of version 8.4.x is covered. Candidates are further expected to be able to manage LVM configuration within a shared storage cluster.

Key Knowledge Areas:

  • Understanding of DRBD resources, states and replication modes

  • Configuration of DRBD resources, networking, disks and devices

  • Configuration of DRBD automatic recovery and error handling

  • Management of DRBD using drbdadm

  • Basic knowledge of drbdsetup and drbdmeta

  • Integration of DRBD with Pacemaker

  • cLVM

  • Integration of cLVM with Pacemaker

Terms and Utilities:

  • Protocol A, B and C

  • Primary, Secondary

  • Three-way replication

  • drbd kernel module

  • drbdadm

  • drbdsetup

  • drbdmeta

  • /etc/drbd.conf

  • /proc/drbd

  • LVM2

  • clvmd

  • vgchange,¬†vgs

335.2 Clustered File Systems

Weight: 3

Description: Candidates should know how to install, maintain and troubleshoot installations using GFS2 and OCFS2. This includes integration with Pacemaker as well as awareness of other clustered filesystems available in a Linux environment.

Key Knowledge Areas:

  • Understand the principles of cluster file systems

  • Create, maintain and troubleshoot GFS2 file systems in a cluster

  • Create, maintain and troubleshoot OCFS2 file systems in a cluster

  • Integration of GFS2 and OCFS2 with Pacemaker

  • Awareness of the O2CB cluster stack

  • Awareness of other commonly used clustered file systems

Terms and Utilities:

  • Distributed Lock Manager (DLM)

  • mkfs.gfs2

  • mount.gfs2

  • fsck.gfs2

  • gfs2_grow

  • gfs2_edit

  • gfs2_jadd

  • mkfs.ocfs2

  • mount.ocfs2

  • fsck.ocfs2

  • tunefs.ocfs2

  • mounted.ocfs2

  • o2info

  • o2image

  • CephFS

  • GlusterFS

  • AFS

Businesses across the globe are increasingly implementing DevOps practices to optimize daily systems administration and software development tasks. As a result, businesses across industries are hiring IT professionals that can effectively apply DevOps to reduce delivery time and improve quality in the development of new software products.

To meet this growing need for qualified professionals, LPI developed the Linux Professional Institute DevOps Tools Engineer certification which verifies the skills needed to use the tools that enhance collaboration in workflows throughout system administration and software development.

In developing the Linux Professional Institute DevOps Tools Engineer certification, LPI reviewed the DevOps tools landscape and defined a set of essential skills when applying DevOps. As such, the certification exam focuses on the practical skills required to work successfully in a DevOps environment ‚Äď focusing on the skills needed to use the most prominent DevOps tools. The result is a certification that covers the intersection between development and operations, making it relevant for all IT professionals working in the field of DevOps.

Current Version: 1.0 (Exam code 701-100)
Objectives: 701-100
Prerequisites: There are no prerequisites for this certification.
Requirements: Pass the Linux Professional Institute DevOps Tools Engineer exam. The 90-minute exam consists of 60 multiple choice and fill-in-the-blank questions.
Validity Period: 5 years
Languages: English, French

To receive the Linux Professional Institute DevOps Tools Engineer Certification the candidate must:

  • Have a working knowledge of DevOps-related domains such as Software Engineering and Architecture, Container and Machine Deployment, Configuration Management and Monitoring.
  • Have proficiency in prominent free and open source utilities such as Docker, Vagrant, Ansible, Puppet, Git, and Jenkins.

Topic 701: Software Engineering

701.1 Modern Software Development (weight: 6) 

Weight: 6

Description: Candidates should be able to design software solutions suitable for modern runtime environments. Candidates should understand how services handle data persistence, sessions, status information, transactions, concurrency, security, performance, availability, scaling, load balancing, messaging, monitoring and APIs. Furthermore, candidates should understand the implications of agile and DevOps on software development.

Key Knowledge Areas:

  • Understand and design service based applications

  • Understand common API concepts and standards

  • Understand aspects of data storage, service status and session handling

  • Design software to be run in containers

  • Design software to be deployed to cloud services

  • Awareness of risks in the migration and integration of monolithic legacy software

  • Understand common application security risks and ways to mitigate them

  • Understand the concept of agile software development

  • Understand the concept of DevOps and its implications to software developers and operators

The following is a partial list of the used files, terms and utilities:

  • REST, JSON

  • Service Orientated Architectures (SOA)

  • Microservices

  • Immutable servers

  • Loose coupling

  • Cross site scripting, SQL injections, verbose error reports, API authentication, consistent enforcement of transport encryption

  • CORS headers and CSRF tokens

  • ACID properties and CAP theorem

701.2 Standard Components and Platforms for Software (weight: 2)

Weight: 2

Description: Candidates should understand services offered by common cloud platforms. They should be able to include these services in their application architectures and deployment toolchains and understand the required service configurations. OpenStack service components are used as a reference implementation.

Key Knowledge Areas:

  • Features and concepts of object storage

  • Features and concepts of relational and NoSQL databases

  • Features and concepts of message brokers and message queues

  • Features and concepts of big data services

  • Features and concepts of application runtimes / PaaS

  • Features and concepts of content delivery networks

The following is a partial list of the used files, terms and utilities:

  • OpenStack Swift

  • OpenStack Trove

  • OpenStack Zaqar

  • CloudFoundry

  • OpenShift

701.3 Source Code Management (weight: 5)

Weight: 5

Description: Candidates should be able to use Git to manage and share source code. This includes creating and contributing to a repository as well as the usage of tags, branches and remote repositories. Furthermore, the candidate should be able to merge files and resolve merging conflicts.

Key Knowledge Areas:

  • Understand Git concepts and repository structure

  • Manage files within a Git repository

  • Manage branches and tags

  • Work with remote repositories and branches as well as submodules

  • Merge files and branches

  • Awareness of SVN and CVS, including concepts of centralized and distributed SCM solutions

The following is a partial list of the used files, terms and utilities:

  • git

  • .gitignore

701.4 Continuous Integration and Continuous Delivery (weight: 5)

Weight: 5

Description: Candidates should understand the principles and components of a continuous integration and continuous delivery pipeline. Candidates should be able to implement a CI/CD pipeline using Jenkins, including triggering the CI/CD pipeline, running unit, integration and acceptance tests, packaging software and handling the deployment of tested software artifacts. This objective covers the feature set of Jenkins version 2.0 or later.

Key Knowledge Areas:

  • Understand the concepts of Continuous Integration and Continuous Delivery

  • Understand the components of a CI/CD pipeline, including builds, unit, integration and acceptance tests, artifact management, delivery and deployment

  • Understand deployment best practices

  • Understand the architecture and features of Jenkins, including Jenkins Plugins, Jenkins API, notifications and distributed builds

  • Define and run jobs in Jenkins, including parameter handling

  • Fingerprinting, artifacts and artifact repositories

  • Understand how Jenkins models continuous delivery pipelines and implement a declarative continuous delivery pipeline in Jenkins

  • Awareness of possible authentication and authorization models

  • Understanding of the Pipeline Plugin

  • Understand the features of important Jenkins modules such as Copy Artifact Plugin, Fingerprint Plugin, Docker Pipeline, Docker Build and Publish plugin, Git Plugin, Credentials Plugin

  • Awareness of Artifactory and Nexus

The following is a partial list of the used files, terms and utilities:

  • Step, Node, Stage

  • Jenkins SDL

  • Jenkinsfile

  • Declarative Pipeline

  • Blue-green and canary deployment

Topic 702: Container Management

702.1 Container Usage (weight: 7)

Weight: 7

Description: Candidates should be able to build, share and operate Docker containers. This includes creating Dockerfiles, using a Docker registry, creating and interacting with containers as well as connecting containers to networks and storage volumes. This objective covers the feature set of Docker version 17.06 or later.

Key Knowledge Areas:

  • Understand the Docker architecture
  • Use existing Docker images from a Docker registry
  • Create Dockerfiles and build images from Dockerfiles
  • Upload images to a Docker registry
  • Operate and access Docker containers
  • Connect container to Docker networks
  • Use Docker volumes for shared and persistent container storage

The following is a partial list of the used files, terms and utilities:

  • docker
  • Dockerfile
  • .dockerignore

702.2 Container Deployment and Orchestration (weight: 5)

Weight: 5

Description: Candidates should be able to run and manage multiple containers that work together to provide a service. This includes the orchestration of Docker containers using Docker Compose in conjunction with an existing Docker Swarm cluster as well as using an existing Kubernetes cluster. This objective covers the feature sets of Docker Compose version 1.14 or later, Docker Swarm included in Docker 17.06 or later and Kubernetes 1.6 or later.

Key Knowledge Areas:

  • Understand the application model of Docker Compose
  • Create and run Docker Compose Files (version 3 or later)
  • Understand the architecture and functionality of Docker Swarm mode
  • Run containers in a Docker Swarm, including the definition of services, stacks and the usage of secrets
  • Understand the architecture and application model Kubernetes
  • Define and manage a container-based application for Kubernetes, including the definition of Deployments, Services, ReplicaSets and Pods

The following is a partial list of the used files, terms and utilities:

  • docker-compose
  • docker
  • kubectl

702.3 Container Infrastructure (weight: 4)

Weight: 4

Description: Candidates should be able to set up a runtime environment for containers. This includes running containers on a local workstation as well as setting up a dedicated container host. Furthermore, candidates should be aware of other container infrastructures, storage, networking and container specific security aspects. This objective covers the feature set of Docker version 17.06 or later and Docker Machine 0.12 or later.

Key Knowledge Areas:

  • Use Docker Machine to setup a Docker host
  • Understand Docker networking concepts, including overlay networks
  • Create and manage Docker networks
  • Understand Docker storage concepts
  • Create and manage Docker volumes
  • Awareness of Flocker and flannel
  • Understand the concepts of service discovery
  • Basic feature knowledge of CoreOS Container Linux, rkt and etcd
  • Understand security risks of container virtualization and container images and how to mitigate them

The following is a partial list of the used files, terms and utilities:

  • docker-machine

Topic 703: Machine Deployment

703.1 Virtual Machine Deployment (weight: 4)

Weight: 4

Description: Candidates should be able to automate the deployment of a virtual machine with an operating system and a specific set of configuration files and software.

Key Knowledge Areas:

  • Understand Vagrant architecture and concepts, including storage and networking
  • Retrieve and use boxes from Atlas
  • Create and run Vagrantfiles
  • Access Vagrant virtual machines
  • Share and synchronize folder between a Vagrant virtual machine and the host system
  • Understand Vagrant provisioning, including File, Shell, Ansible and Docker
  • Understand multi-machine setup

The following is a partial list of the used files, terms and utilities:

  • vagrant
  • Vagrantfile

703.2 Cloud Deployment (weight: 2)

Weight: 2

Description: Candidates should be able to configure IaaS cloud instances and adjust them to match their available hardware resources, specifically, disk space and volumes. Additinally, candidates should be able to configure instances to allow secure SSH logins and prepare the instances to be ready for a configuration management tool such as Ansible.

Key Knowledge Areas:

  • Understanding the features and concepts of cloud-init, including user-data and initializing and configuring cloud-init
  • Use cloud-init to create, resize and mount file systems, configure user accounts, including login credentials such as SSH keys and install software packages from the distribution‚Äôs repository
  • Understand the features and implications of IaaS clouds and virtualization for a computing instance, such as snapshotting, pausing, cloning and resource limits.

703.3 System Image Creation (weight: 2)

Weight: 2

Description: Candidates should be able to create images for containers, virtual machines and IaaS cloud instances.

Key Knowledge Areas:

  • Understand the functionality and features of Packer
  • Create and maintain template files
  • Build images from template files using different builders

The following is a partial list of the used files, terms and utilities:

  • packer

Topic 704: Configuration Management

704.1 Ansible (weight: 8)

Weight: 8

Description: Candidates should be able to use Ansible to ensure a target server is in a specific state regarding its configuration and installed software. This objective covers the feature set of Ansible version 2.2 or later.

Key Knowledge Areas:

  • Understand the principles of automated system configuration and software installation
  • Create and maintain inventory files
  • Understand how Ansible interacts with remote systems
  • Manage SSH login credentials for Ansible, including using unprivileged login accounts
  • Create, maintain and run Ansible playbooks, including tasks, handlers, conditionals, loops and registers
  • Set and use variables
  • Maintain secrets using Ansible vaults
  • Write Jinja2 templates, including using common filters, loops and conditionals
  • Understand and use Ansible roles and install Ansible roles from Ansible Galaxy
  • Understand and use important Ansible tasks, including file, copy, template, ini_file, lineinfile, patch, replace, user, group, command, shell, service, systemd, cron, apt, debconf, yum, git, and debug
  • Awareness of dynamic inventory
  • Awareness of Ansibles features for non-Linux systems
  • Awareness of Ansible containers

The following is a partial list of the used files, terms and utilities:

  • ansible.cfg
  • ansible-playbook
  • ansible-vault
  • ansible-galaxy
  • ansible-doc

704.2 Other Configuration Management Tools (weight: 2)

Weight: 2

Description: Candidates should understand the main features and principles of important configuration management tools other than Ansible.

Key Knowledge Areas:

  • Basic feature and architecture knowledge of¬†Puppet.
  • Basic feature and architecture knowledge of¬†Chef.

The following is a partial list of the used files, terms and utilities:

  • Manifest, Class, Recipe, Cookbook
  • puppet
  • chef
  • chef-solo
  • chef-client
  • chef-server-ctl
  • knife

Topic 705: Service Operations

705.1 IT Operations and Monitoring (weight: 4)

Weight: 4

Description: Candidates should understand how IT infrastructure is involved in delivering a service. This includes knowledge about the major goals of IT operations, understanding functional and nonfunctional properties of an IT services and ways to monitor and measure them using Prometheus. Furthermore candidates should understand major security risks in IT infrastructure. This objective covers the feature set of Prometheus 1.7 or later.

Key Knowledge Areas:

  • Understand goals of IT operations and service provisioning, including nonfunctional properties such as availability, latency, responsiveness

  • Understand and identify metrics and indicators to monitor and measure the technical functionality of a service

  • Understand and identify metrics and indicators to monitor and measure the logical functionality of a service

  • Understand the architecture of Prometheus, including Exporters, Pushgateway, Alertmanager and Grafana

  • Monitor containers and microservices using Prometheus

  • Understand the principles of IT attacks against IT infrastructure

  • Understand the principles of the most important ways to protect IT infrastructure

  • Understand core IT infrastructure components and their the role in deployment

The following is a partial list of the used files, terms and utilities:

  • Prometheus, Node exporter, Pushgateway, Alertmanager, Grafana

  • Service exploits, brute force attacks, and denial of service attacks

  • Security updates, packet filtering and application gateways

  • Virtualization hosts, DNS and load balancers

705.2 Log Management and Analysis (weight: 4)

Weight: 4

Description: Candidates should understand the role of log files in operations and troubleshooting. They should be able to set up centralized logging infrastructure based on Logstash to collect and normalize log data. Furthermore, candidates should understand how Elasticsearch and Kibana help to store and access log data.

Key Knowledge Areas:

  • Understand how application and system logging works

  • Understand the architecture and functionality of Logstash, including the lifecycle of a log message and Logstash plugins

  • Understand the architecture and functionality of Elasticsearch and Kibana in the context of log data management (Elastic Stack)

  • Configure Logstash to collect, normalize, transform and store log data

  • Configure syslog and Filebeat to send log data to Logstash

  • Configure Logstash to send email alerts

  • Understand application support for log management

The following is a partial list of the used files, terms and utilities:

  • logstash

  • input, filter, output

  • grok filter

  • Log files, metrics

  • syslog.conf

  • /etc/logstash/logstash.yml

  • /etc/filebeat/filebeat.yml

Linux Professional Institute BSD Specialist

The BSD Specialist certification is part of the Linux Professional Institute Open Technology certification program. The exam focuses on the practical skills required to work successfully in a FreeBSD, NetBSD or OpenBSD environment and tests the knowledge and skills needed to administer BSD operating systems.

The typical BSD Specialist certification holder is a system administrator of BSD operating systems. The certification holder has an understanding of the architecture of the BSD operating systems. This includes the ability to manage various aspects of a BSD installation, including the management of user accounts and groups, processes, file systems, installed software, and client networking configuration. The candidate is experienced in using standard BSD and Unix tools on the command line.

Current Version: 1.0 (Exam code 702-100)

Objectives: 702-100

Prerequisites: There are no prerequisites for this certification.

Requirements: Pass the Linux Professional Institute BSD Specialist exam. The 90-minute exam consists of 60 multiple choice and fill-in-the-blank questions.

Validity Period: 5 years

Cost: Click here for exam pricing in your country.

Languages: English

To receive the BSD Specialist Certification the candidate must:

  • Have a working knowledge of BSD operating systems: FreeBSD, NetBSD, and OpenBSD¬†
  • Be able to install, manage, and configure BSD operating system
  • Be able to configure hardware, set kernel parameters, and manage system security¬†
  • Have basic knowledge in BSD system administration, job scheduling, and system automation
  • Have basic network administration knowledge

ECCS Africa is a leading LPI Training Partner, we deliver the full range of official Linux Professional Institute Courses courses for IT professionals across Africa. Courses are delivered at our Training Facility, Onsite, Virtual or using our Virtual Learning Platform. 

To enroll, use the contact form or call us.