Ce contenu n'est pas disponible dans la langue sélectionnée.
Chapter 4. Overview of image configuration
The Image Configuration tests, also known as cloud/configuration, confirm that the image is configured in accordance with Red Hat standards so that customers have a uniform and consistent experience across multiple cloud providers and images in an integrated environment.
The cloud/configuration test includes the following subtests:
4.1. Default system logging
Confirms the default system logging service (syslog) is configured to store the logs in the /var/log/ directory of the image to allow quick issue resolution when needed.
Success criteria
Basic system logging is stored in /var/log/ directory on the image.
4.2. Network configuration test
Network configuration confirms that the default firewall service (iptables) is running, port 22 is open with SSHD running, ports 80 and 443 are open or closed, and that all other ports are closed. This ensures that the image is protected from unauthorized access by default, with a known access configuration.
This also ensures that customers have SSH access to the image and are able to quickly deploy HTTP applications without additional configuration. The image may have other ports open if they are necessary for proper operation of the cloud infrastructure but such ports must be documented.
This test displays status (Pass) at runtime only if ports 22, 80 (optional), 443 (optional) are open on the image. If other ports are open, this test requests a description of the open ports for review at Red Hat to confirm success or failure.
As part of the certification process, the Red Hat Certification application by default runs on port 8009. The Red Hat Certification application may also run on another open port during certification testing but it is recommended to open this port only during the testing and not as default in the configuration of an image.
Success criteria
- Depending on the RHEL version, ensure that the following services are enabled and running:
| RHEL version | Services |
|---|---|
| RHEL 9 |
|
| RHEL 8.3 and later |
|
| RHEL 8 to 8.2 |
|
| RHEL 7 |
|
- sshd is enabled and running on port 22 and is accessible
- Any other ports open are required for proper operation of the cloud infrastructure and are documented
- Red Hat Certification application is running on port 8009 (or another port as configured)
- All other ports are closed
The httpd service is allowed but not required to be running on port 80 and/or port 443.
4.3. Default OS runlevel
Confirms that the current system runlevel is 3, 4, or 5. This subtest ensures that the image is operating in the desired mode/state with all the required system services (for example networking) running.
Success criteria
The current runlevel is 3, 4, or 5.
Additional resources
For more information about runlevels, see:
- RHEL 9: Working with systemd targets.
- RHEL 8: Working with systemd targets.
- RHEL 7: Working with systemd targets.
4.4. System services
The system services confirms the root user can start and stop services on the system. This ensures that your customers who have system administration privileges can access/work with applications and services on the system and perform all the tasks which require administrative access in a seamless manner. The system services also ensures that there is no gap between the configured and actual state of the installed system services.
Success criteria
- The root user can start and stop system services provided by the Red Hat product.
- For all the installed system services, actual status should match to their configured status. For instance if the service is enabled then it should be in running state.
Additional resources
For more information about gaining the required privileges, see:
- RHEL 9: Managing sudo access.
- RHEL 8: Managing sudo access.
- RHEL 7: Gaining privileges.
4.5. Subscription services
Confirms that the required Red Hat subscriptions are configured, available and working on the image and that the update mechanism is Red Hat Satellite or RHUI. This ensures that customers are able to obtain access to the packages and updates they need to support their applications through standard Red Hat package update or delivery mechanisms.
Success criteria
The image is configured and able to download, install, and upgrade a package from Red Hat Satellite or the RHUI subscription management services.
