And it will, but over time, swap generally still has stuff that trickles into it. It’s important to note that these things are things that are not in active use by the machine. I think the mistake people make is that they expect a low swappiness to result in zero usage, which isn’t the reality. A low swappiness means the kernel is less aggressive, not that it stops using swapspace.

@@TobinHolz it may be that on your machine /home is not a separate filesystem. When you look at: df -hP Do you see /home listed? If not, then your /home directory is included in your / filesystem. In which case a mount -o remount,rw / would be what you would want to use if your / filesystem was mounted read-only.

Stratis is still under development, and moved to a GA feature in RHEL9. Here is the upstream project: stratis-storage.github.io

The upgrade from 8 to 9 has a hands-on lab: www.redhat.com/en/interactive-labs/upgrade-with-leapp It should guide you on all needed steps as well as an example machine to see the state at any particular step.

No, Nate and Scott both took Red Hat Training as part of their exam prep.

Transposing something like sl, I could see, I have never once spelled a 3 letter word backwards by accident. I think that’s highly unlikely. Also, making mistakes when writing code is common, which is why we test it prior to putting it in production. If one did typo ls, I would expect it would come out quickly in testing prior to use.

LUKS is something that exists outside of hardware encryption technologies.

@@RedHatEnterpriseLinux Is TPM used to store the encryprion key locally as opposed to tang that stores it on the network?

@ check out this document: docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/security_hardening/configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption_security-hardening#configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption_security-hardening

Indeed. The Product Manager for RHEL security often says something similar. That said, CIS benchmark is a good multi-use security standard if you’re just starting to look at security compliance standards to better an organization’s security posture.

@ I do work for a bank and we have to attempt to apply every setting and document the ones we can’t. Not a fun process.

@@jijigaonkar4597 the episode is about rescue mode, not about all the different ways one can attempt to fix the problems created to showcase using rescue mode.

@@RedHatEnterpriseLinux Can you make one video on it... So it will help us to understand more.

In theory it would run off of both downloaded content *and* any newly released content since the -downloadonly cache was built. Thats why I recommend building the cache a couple days before the planned update because you can get all, or at least the large bulk, of the updates staged in the local cache. This may also depend on whether you use Red Hat Satellite or not. With Satellite, you control what updates are made available to boxes, so if you’ve not added any new updates to the content view, then the -downloadonly cache would match what is available to the system.

That would work to resolve this specific issue. But how do you know it’s a problem in the first place? I’ve also seen weird control characters be inserted in files with a wonky network connection (which isn’t just return-new line). cat -vet can also find these oddities. Or my favorite game recently, tabs or spaces? cat -vet can quickly help identify whether files are using tabs or spaces as their Whitespace characters.

@RedHatEnterpriseLinux good point

Thank you so much for the positive vibes!

You can install all the components of RHEL AI after you've activated your subscription with an activation key. RHEL AI requires its own subscription.

Red Hat doesn't introduce changes like this mid-release. The likely culprit is that the previous kernel had, on it's commandline, an option to change behavior. This option for some reason wasn't added to the commandline of the updated kernel, hence the change in behavior at a kernel update.

That would be a beard.

@RedHatEnterpriseLinux lol no.. that is not a beard. It's crooked too whatever you call that atrocity

The package that provides it is osbuild-composer. I found this with: dnf whatprovides */composer-cli

I think sysadmins prefer a variety of tools. If it’s something quick, bash. If it’s data parsing, formatting heavy, Perl. If it’s something to maintain longer term, maybe Python. Choosing the right tool from the available ones is important for your long-term sanity. For example if you’re doing arrays in bash, you should look at another tool 😂

This was the first google result for 'vlan tagging kvm site:redhat.com': docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/sect-virtual_networking-setting_vlan_tags#sect-Virtual_Networking-Setting_vLAN_tags

Nate does it with a vlan trunk port mapped to the vm NIC on the RHEL hypervisor. Then vlan interfaces are setup with each vlan-ID that the vm's need access to, and bridge interfaces are mapped to the vlan-tagged interfaces. Then as a VM is built, you attach it to the bridge interface for the vlan it needs to live on.

Thanks! You might look at some of the newer episodes first. We've gotten better over the years and in some cases have done replacement shows on topics we did early that we knew we could do a better job on 🙂

@@RedHatEnterpriseLinux thanks for the info! The German within me wanted to be very disciplined and do the list from beginning to end ... but I better follow your advise

@@DavidLange1492 there are a couple of packages, like the pythons or gcc-toolsets designed to be installable in parallel, but generally when it comes to modules you can choose any one version that you want. Like the Highlander, there can be only one. I’d suggest looking into containers instead, essentially offering a container with whatever version you need, where each different container could offer a different version of a language.

@@RedHatEnterpriseLinux That's what I believed from the documentation. Unfortunately, developers request multiple versions to be usable at all times. The situation sysadmins have to face in the field.

@@DavidLange1492 I mean I hear you, but just because everyone wants ponies, doesn't mean everyone gets a pony. They're impractical, not unlike installing every runtime in parallel on a machine. Containers are the solution to this problem because it allows for each individual runtime version to bring all it's own dependencies and weirdnesses without affecting everything else on the system. Though if developers aren't willing to create their own containers, perhaps you could do it and make it available on all the needed systems via a local repository? You could even have a central repository so that individual devs could pull them to a system of their choosing. Red Hat does this to some extent with a variety of run-time UBI (Universal Base Images). Though they are built to generally include all the things, so, for example, the python one is pretty large. One could start with a UBI standard and use the included DNF to pull in whatever specfic runtimes they wanted though and you'd have a pretty easy method for building and maintaining a catalog of containers unique to your organization.

@@boubou40 after being all-in on modularity with RHEL8, we’ve been pulling away from it since. I’ve been told by engineering to expect that modular packages will not be included with RHEL 10.

I’d use this guide: docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/security_hardening/index Perform an interactive install and validate it against your FIPS needs. Once you have verified its correctness, you can use the /root/anaconda-ks.cfg as a basis to kickstart other systems to be identical.