Red Hat Certification Path

1. Executive Summary

Target Certifications:

  1. RHCSA (EX200) - Red Hat Certified System Administrator

  2. RHCE (EX294) - Red Hat Certified Engineer

Timeline: 4-6 months total

Foundation Assets:

  • LPIC-1 certification (Linux fundamentals)

  • 6 months terminal-only workflow (Arch Linux)

  • Daily Bash scripting and system administration

  • Ansible playbook development experience

  • systemd, NetworkManager, firewalld daily use

2. Current Competency Assessment

Skill Area Level Evidence

Linux Fundamentals

Advanced

LPIC-1, daily Arch Linux administration

Command Line

Expert

6 months terminal-only, Neovim, tmux

Shell Scripting (Bash)

Advanced

Automation scripts, CI/CD pipelines

systemd

Advanced

Service management, unit files, timers

Package Management

Advanced

pacman (Arch), familiar with dnf/yum concepts

File Systems

Intermediate

ext4, btrfs, basic LVM

Networking

Expert

12 years network engineering + CCNP

SELinux

Beginner

Limited exposure - critical gap

Containers (Podman)

Beginner

Basic Docker knowledge, Podman exposure

Ansible

Intermediate

Playbooks, roles, ISE automation

3. RHCSA (EX200)

3.1. Exam Overview

Attribute Value

Exam Code

EX200

Format

Performance-based (hands-on)

Duration

2.5 hours

Environment

RHEL 9

Passing Score

210/300 (70%)

Cost

$450 USD

Validity

3 years

This is a hands-on exam. You perform real tasks on live systems. No multiple choice. You either complete the task correctly or you don’t. Time management is critical.

3.2. Exam Objectives

3.2.1. 1. Understand and Use Essential Tools

  • Access shell prompt and issue commands with correct syntax

  • Use input-output redirection (>, >>, |, 2>, &>)

  • Use grep and regular expressions to analyze text

  • Access remote systems using SSH

  • Log in and switch users in multiuser targets

  • Archive, compress, unpack, and uncompress files (tar, gzip, bzip2, xz)

  • Create and edit text files

  • Create, delete, copy, and move files and directories

  • Create hard and soft links

  • List, set, and change standard ugo/rwx permissions

  • Locate, read, and use system documentation (man, info, /usr/share/doc)

3.2.2. 2. Create Simple Shell Scripts

  • Conditionally execute code (if, test, [])

  • Use looping constructs (for, while)

  • Process script inputs ($1, $*, $@, $#)

  • Process output of shell commands within a script

  • Process exit codes

3.2.3. 3. Operate Running Systems

  • Boot, reboot, and shut down a system normally

  • Boot systems into different targets manually (rescue, emergency)

  • Interrupt boot process to gain access to a system (reset root password)

  • Identify CPU/memory intensive processes and kill processes

  • Adjust process scheduling (nice, renice)

  • Manage tuning profiles

  • Locate and interpret system log files and journals (journalctl)

  • Preserve system journals (persistent journald)

  • Start, stop, and check status of network services

  • Securely transfer files between systems (scp, rsync)

3.2.4. 4. Configure Local Storage

  • List, create, delete partitions on MBR and GPT disks

  • Create and remove physical volumes

  • Assign physical volumes to volume groups

  • Create and delete logical volumes

  • Configure systems to mount file systems at boot (fstab, systemd.mount)

  • Configure and manage swap space

  • Create and manage RAID devices (not on RHEL 9 objectives - verify)

  • Configure systems to mount NFS network shares

  • Extend existing logical volumes

  • Create and configure set-GID directories for collaboration

  • Diagnose and correct file permission problems

3.2.5. 5. Create and Configure File Systems

  • Create, mount, unmount, and use vfat, ext4, and xfs file systems

  • Mount and unmount network file systems (NFS)

  • Configure autofs

  • Extend existing logical volumes

  • Create and configure set-GID directories for collaboration

3.2.6. 6. Deploy, Configure, and Maintain Systems

  • Schedule tasks using at and cron

  • Start and stop services and configure services to start at boot

  • Configure systems to boot into a specific target automatically

  • Configure time service clients (chrony)

  • Install and update software packages from Red Hat Network, remote repo, or local file system

  • Modify the system bootloader (GRUB2)

3.2.7. 7. Manage Basic Networking

  • Configure IPv4 and IPv6 addresses

  • Configure hostname resolution (static or dynamic)

  • Configure network services to start automatically at boot

  • Restrict network access using firewall-cmd/firewalld

3.2.8. 8. Manage Users and Groups

  • Create, delete, and modify local user accounts

  • Change passwords and adjust password aging for local user accounts

  • Create, delete, and modify local groups and group memberships

  • Configure superuser access (sudo)

3.2.9. 9. Manage Security

  • Configure firewall settings using firewall-cmd

  • Manage default file permissions (umask)

  • Configure key-based authentication for SSH

  • Set enforcing and permissive modes for SELinux

  • List and identify SELinux file and process context

  • Restore default file contexts

  • Manage SELinux port labels

  • Use boolean settings to modify system SELinux settings

  • Diagnose and address routine SELinux policy violations

3.3. Gap Analysis and Priority Study

Objective Area Status Priority Action

Essential Tools

Strong

Review - already daily practice

Shell Scripts

Strong

Review exit codes and test constructs

Operating Systems

Strong

Practice rescue mode, boot interruption

Local Storage

Moderate

Drill LVM operations until automatic

File Systems

Moderate

Practice autofs, NFS mounts

System Deployment

Strong

Review chrony, GRUB2 config

Networking

Expert

Quick review only

Users/Groups

Strong

Review password aging details

SELinux

Weak

CRITICAL - dedicate significant time

3.4. SELinux Deep Dive (Critical)

SELinux is typically the largest knowledge gap for Arch/Debian users moving to RHEL.

3.4.1. Core Concepts

# Check SELinux status
getenforce
sestatus

# Set modes (temporary)
setenforce 0    # Permissive
setenforce 1    # Enforcing

# Permanent mode change
vi /etc/selinux/config
# SELINUX=enforcing

3.4.2. File Contexts

# View file context
ls -Z /var/www/html

# Restore default context
restorecon -Rv /var/www/html

# Change context (temporary)
chcon -t httpd_sys_content_t /path/to/file

# Change context (permanent via policy)
semanage fcontext -a -t httpd_sys_content_t "/custom/path(/.*)?"
restorecon -Rv /custom/path

3.4.3. Booleans

# List all booleans
getsebool -a

# List specific boolean
getsebool httpd_enable_homedirs

# Set boolean (temporary)
setsebool httpd_enable_homedirs on

# Set boolean (permanent)
setsebool -P httpd_enable_homedirs on

3.4.4. Port Labels

# List port labels
semanage port -l | grep http

# Add custom port
semanage port -a -t http_port_t -p tcp 8888

# Modify existing
semanage port -m -t http_port_t -p tcp 8888

3.4.5. Troubleshooting

# Check for denials
ausearch -m AVC -ts recent
journalctl -t setroubleshoot

# Install troubleshooting tools
dnf install setroubleshoot-server

# Get fix suggestions
sealert -a /var/log/audit/audit.log

3.5. LVM Operations Drill

# Physical Volumes
pvcreate /dev/sdb1
pvdisplay
pvs

# Volume Groups
vgcreate vg_data /dev/sdb1
vgextend vg_data /dev/sdc1
vgdisplay
vgs

# Logical Volumes
lvcreate -n lv_app -L 10G vg_data
lvcreate -n lv_logs -l 100%FREE vg_data
lvdisplay
lvs

# Extend LV
lvextend -L +5G /dev/vg_data/lv_app
lvextend -l +100%FREE /dev/vg_data/lv_app

# Resize filesystem
xfs_growfs /mount/point           # XFS (can only grow)
resize2fs /dev/vg_data/lv_app     # ext4 (grow or shrink)

3.6. Study Resources

3.6.1. Primary Resources

  1. Red Hat System Administration I (RH124)

    • Official Red Hat course

    • Covers RHCSA foundations

  2. Red Hat System Administration II (RH134)

    • Official Red Hat course

    • Completes RHCSA objectives

  3. RHCSA 9 Cert Guide - Sander van Vugt

    • Comprehensive exam prep

    • Includes practice labs

  4. Red Hat Developer Subscription

3.6.2. Lab Resources

  1. RHEL 9 VM

    • Install via Red Hat Developer subscription

    • Required for hands-on practice

  2. Practice Exams

    • Sander van Vugt’s practice exams

    • Create your own scenarios

3.7. Study Plan (6 weeks)

3.7.1. Week 1: Environment Setup + Essential Tools

  • Set up RHEL 9 VM (Red Hat Developer subscription)

  • Review essential tools (should be quick given LPIC-1)

  • Practice tar, compression, links

  • Drill file permissions (chmod, chown, umask)

  • Practice grep with regex

Daily Lab: Complete 10 file manipulation tasks under time pressure

3.7.2. Week 2: Storage and File Systems

  • Partition creation (fdisk, gdisk, parted)

  • LVM full workflow - create VG, LV, extend

  • File system creation (mkfs.xfs, mkfs.ext4)

  • Mount configuration (fstab, systemd.mount)

  • Swap management (mkswap, swapon, fstab)

  • NFS client configuration

  • Autofs configuration

Daily Lab: Destroy and rebuild LVM + filesystems from scratch

3.7.3. Week 3: System Operations

  • Boot process and targets (systemctl isolate)

  • GRUB2 modification

  • Root password reset via rescue mode

  • Process management (ps, top, kill, nice)

  • journalctl and log analysis

  • Persistent journal configuration

  • Service management (systemctl)

  • Scheduled tasks (cron, at)

Daily Lab: Boot to rescue mode, reset root password, verify access

3.7.4. Week 4: Networking + Users

  • NetworkManager CLI (nmcli)

  • Static IP configuration

  • Hostname configuration

  • DNS client configuration

  • firewalld (firewall-cmd)

  • User/group management

  • sudo configuration

  • SSH key-based authentication

Daily Lab: Configure network from scratch using nmcli only

3.7.5. Week 5: SELinux (Intensive)

  • SELinux concepts and modes

  • File contexts (ls -Z, restorecon, semanage fcontext)

  • Process contexts

  • Booleans (getsebool, setsebool)

  • Port labels (semanage port)

  • Troubleshooting (ausearch, sealert)

  • Common scenarios: Apache, NFS, custom ports

Daily Lab: Break SELinux intentionally, then fix it

3.7.6. Week 6: Review and Practice Exams

  • Full practice exam #1

  • Review weak areas

  • Full practice exam #2

  • Time management practice

  • Exam scheduling

Daily Lab: Complete full practice exam under exam conditions (2.5 hours, no internet)

4. RHCE (EX294)

4.1. Exam Overview

Attribute Value

Exam Code

EX294

Prerequisite

RHCSA (valid)

Format

Performance-based (hands-on)

Duration

4 hours

Focus

Ansible Automation

Cost

$450 USD

Validity

3 years

4.2. Exam Objectives

4.2.1. 1. Understand Core Ansible Components

  • Inventories (static, dynamic)

  • Modules

  • Variables

  • Facts

  • Plays and playbooks

  • Configuration files

  • Roles

  • Collections

4.2.2. 2. Install and Configure Ansible Control Node

  • Install Ansible packages

  • Create and manage static inventories

  • Configure Ansible managed nodes

  • Configure privilege escalation

  • Validate working configuration using ad-hoc commands

4.2.3. 3. Configure Ansible Managed Nodes

  • Create and distribute SSH keys

  • Configure privilege escalation

  • Validate connectivity

4.2.4. 4. Script Administration Tasks

  • Create and run playbooks

  • Create plays with multiple tasks

  • Use modules: file, copy, template, user, group, service, package, etc.

  • Use variables and facts

  • Create and use templates

  • Use conditionals

  • Use loops

4.2.5. 5. Create and Use Roles

  • Create roles

  • Download and use roles from Ansible Galaxy

  • Install roles using requirements.yml

4.2.6. 6. Use Advanced Features

  • Create and use templates with Jinja2

  • Use Ansible Vault for secrets

  • Work with Ansible Galaxy

  • Use automation content navigator

4.3. Study Resources

  1. Red Hat System Administration III (RH294)

    • Official Ansible automation course

  2. RHCE 9 Cert Guide - Sander van Vugt

    • Ansible-focused prep

  3. Ansible Documentation

  4. Your netapi Ansible Experience

    • Review existing playbooks

    • Apply patterns to new scenarios

4.4. Study Plan (6 weeks)

4.4.1. Phase 1: Ansible Fundamentals (Weeks 1-2)

  • Ansible installation and configuration

  • Inventory management (static, groups, variables)

  • Ad-hoc commands

  • Playbook structure

  • Common modules

  • Variables and facts

Lab: Automate RHCSA tasks with Ansible

4.4.2. Phase 2: Intermediate Ansible (Weeks 3-4)

  • Jinja2 templates

  • Conditionals and loops

  • Handlers

  • Error handling (block, rescue, always)

  • Tags

  • Roles structure and creation

Lab: Create roles for web server, database server deployment

4.4.3. Phase 3: Advanced Ansible (Weeks 5-6)

  • Ansible Vault

  • Dynamic inventory

  • Collections

  • Ansible Galaxy

  • Content navigator

  • Optimization and best practices

Lab: Full infrastructure deployment with vault-encrypted secrets

5. Lab Environment

5.1. Recommended Setup

Component Configuration

Control Node

RHEL 9 VM (2 vCPU, 4GB RAM)

Managed Nodes

2-3 RHEL 9 VMs (1 vCPU, 2GB RAM each)

Storage Lab

Additional virtual disks for LVM practice

Hypervisor

KVM/libvirt (you have experience)

5.2. VM Creation Commands

# Download RHEL 9 (Red Hat Developer subscription)
# Create VMs with virt-install or libvirt

# Create additional disks for storage labs
qemu-img create -f qcow2 /var/lib/libvirt/images/rhel-lab-disk1.qcow2 10G
qemu-img create -f qcow2 /var/lib/libvirt/images/rhel-lab-disk2.qcow2 10G

# Attach to VM
virsh attach-disk rhel-lab /var/lib/libvirt/images/rhel-lab-disk1.qcow2 vdb --persistent

6. Key Differences: Arch vs RHEL

Feature Arch Linux RHEL

Package Manager

pacman

dnf (yum)

Init System

systemd

systemd (same)

SELinux

Not default

Enforcing by default

Firewall

iptables/nftables

firewalld

Network

NetworkManager

NetworkManager (same)

Release Model

Rolling

Fixed release

Containers

Docker/Podman

Podman (rootless default)

7. Progress Tracking

7.1. RHCSA Milestones

Week Milestone Target Date Status

1

Environment setup, essential tools review

[ ]

2

Storage and LVM mastery

[ ]

3

System operations complete

[ ]

4

Networking and users complete

[ ]

5

SELinux mastery

[ ]

6

Practice exams passed

[ ]

7

Pass EX200

[ ]

7.2. RHCE Milestones

Week Milestone Target Date Status

2

Ansible fundamentals complete

[ ]

4

Intermediate Ansible complete

[ ]

6

Advanced Ansible complete

[ ]

7

Pass EX294

[ ]

8. Quick Reference Commands

8.1. Package Management

# Search
dnf search <package>

# Install
dnf install <package>

# Update
dnf update

# Info
dnf info <package>

# List installed
dnf list installed

# Remove
dnf remove <package>

# Groups
dnf group list
dnf group install "Server with GUI"

8.2. Service Management

systemctl start <service>
systemctl stop <service>
systemctl restart <service>
systemctl enable <service>
systemctl disable <service>
systemctl status <service>
systemctl is-active <service>
systemctl is-enabled <service>
systemctl list-units --type=service

8.3. Firewall

firewall-cmd --state
firewall-cmd --list-all
firewall-cmd --add-service=http --permanent
firewall-cmd --add-port=8080/tcp --permanent
firewall-cmd --reload
firewall-cmd --list-services
firewall-cmd --list-ports

Created: 2026-02-14
Target: RHCSA (Q2 2026), RHCE (Q3 2026)
Foundation: LPIC-1, 6 months Arch Linux terminal-only, Ansible automation experience