Red Hat Training

A Red Hat training course is available for Red Hat Certified Cloud and Service Provider Certification

Chapter 4. Overview of image configuration

The Image Configuration tests, also known as cloud/configuration, confirm that the image is configured in accordance with Red Hat standards so that customers have a uniform and consistent experience across multiple cloud providers and images in an integrated environment.

The cloud/configuration test includes the following subtests:

4.1. Default system logging

Confirms the default system logging service (syslog) is configured to store the logs in the /var/log/ directory of the image to allow quick issue resolution when needed.

Success criteria

Basic system logging is stored in /var/log/ directory on the image.

4.2. Network configuration test

Network configuration confirms that the default firewall service (iptables) is running, port 22 is open with SSHD running, ports 80 and 443 are open or closed, and that all other ports are closed. This ensures that the image is protected from unauthorized access by default, with a known access configuration.

This also ensures that customers have SSH access to the image and are able to quickly deploy HTTP applications without additional configuration. The image may have other ports open if they are necessary for proper operation of the cloud infrastructure but such ports must be documented.

This test displays status (Pass) at runtime only if ports 22, 80 (optional), 443 (optional) are open on the image. If other ports are open, this test requests a description of the open ports for review at Red Hat to confirm success or failure.

Note

As part of the certification process, the Red Hat Certification application by default runs on port 8009. The Red Hat Certification application may also run on another open port during certification testing but it is recommended to open this port only during the testing and not as default in the configuration of an image.

Success criteria

  • Depending on the RHEL version, ensure that the following services are enabled and running:
RHEL versionServices

RHEL 9

firewalld or nftables

RHEL 8.3 and later

firewalld or nftables

RHEL 8 to 8.2

firewalld and nftables or firewalld and iptables

RHEL 7

firewalld

  • sshd is enabled and running on port 22 and is accessible
  • Any other ports open are required for proper operation of the cloud infrastructure and are documented
  • Red Hat Certification application is running on port 8009 (or another port as configured)
  • All other ports are closed
Note

The httpd service is allowed but not required to be running on port 80 and/or port 443.

4.3. Default OS runlevel

Confirms that the current system runlevel is 3, 4, or 5. This subtest ensures that the image is operating in the desired mode/state with all the required system services (for example networking) running.

Success criteria

The current runlevel is 3, 4, or 5.

Additional resources

For more information about runlevels, see:

4.4. System services

The system services confirms the root user can start and stop services on the system. This ensures that your customers who have system administration privileges can access/work with applications and services on the system and perform all the tasks which require administrative access in a seamless manner. The system services also ensures that there is no gap between the configured and actual state of the installed system services.

Success criteria

  • The root user can start and stop system services provided by the Red Hat product.
  • For all the installed system services, actual status should match to their configured status. For instance if the service is enabled then it should be in running state.

Additional resources

For more information about gaining the required privileges, see:

4.5. Subscription services

Confirms that the required Red Hat subscriptions are configured, available and working on the image and that the update mechanism is Red Hat Satellite or RHUI. This ensures that customers are able to obtain access to the packages and updates they need to support their applications through standard Red Hat package update or delivery mechanisms.

Success criteria

The image is configured and able to download, install, and upgrade a package from Red Hat Satellite or the RHUI subscription management services.