COA 考试模拟题
version: 201911
Exam Tasks
You are the cloud administrator of a fictitious company named ESCloud. You have been tasked with setting up Openstack Environments for marketing and finance departments.
您是一家名为ESCloud的虚拟公司的云管理员。您的任务是为市场和财务部门设置Openstack环境。Task 1
The company has two departments, named marketing and finance. For each of the two departments create projects with details below:
该公司有两个部门,分别是市场部和财务部。为两个部门中的每个部门创建项目,其详细信息如下:Project Name: | marketing | finance |
Description: | project for marketing | project for finance |
Task 2
Marketing is managed by Roger and finance is managed by Frank. Both are going to be administrators of their respective projects. ESCloud has an engineer named James who will be a member of both departments. Create OpenStack user accounts for Roger, Frank and James with the data sheet below. For roles, please ensure that users only have the roles identified below - any additional default roles should be removed.
营销由罗杰(Roger)管理,财务由弗兰克(Frank)管理。两者都将成为各自项目的管理员。ESCloud拥有一个名为James的工程师,他将是两个部门的成员。使用以下数据表为Roger,Frank和James创建OpenStack用户帐户。对于角色,请确保用户仅具有以下标识的角色-应删除所有其他默认角色。User name: | roger | frank | james |
Email: | @escloud.cn | @escloud.cn | @escloud.cn |
Password: | rogerpass | frankpass | jamespass |
Role/Project: | admin of marketing | admin of finance | Member of marketing (primary) and finance |
Task 3
Management has imposed quotas of 3 VCPUs, 3072 MB of RAM and 3 Gigabytes of disk space (Total Size of Volumes and Snapshots (GB)) for marketing. For finance , quotas are 1 instance and 2 Gigabytes of disk space (Total Size of Volumes and Snapshots (GB)). For both groups, also set a maximum of 2 floating IPs and 2 security groups. Leave the OpenStack defaults for the rest.
管理层已为市场分配了3个VCPU,3072 MB RAM和3 GB磁盘空间(卷和快照总大小)的配额。对于财务而言,配额为1个实例和2 GB的磁盘空间(卷和快照的总大小(GB))。对于这两个组,还最多设置2个浮动IP和2个安全组。其余部分保留OpenStack默认值。Task 4
For initial tests the company will use a qcow2 image of Cirros, located at http://localhost:8090/mce100.img and named sharedimage. The image must be public so all projects can use it.
对于初始测试,该公司将使用位于http:// localhost:8090 / mce100.img并命名为sharedimage 的Cirros的qcow2图像。该图像必须是公共的,以便所有项目都可以使用它。Task 5
In addition to the default flavors that come with OpenStack, ESCloud has decided that it needs its own custom flavors for spawning instances using the shared image. Please create the following custom flavors.
除了OpenStack随附的默认样式外,ESCloud还决定它需要自己的自定义样式来使用共享映像生成实例。请创建以下自定义样式。Flavor name: | mflavor1 | mflavor2 | fflavor1 |
VCPUs: | ⅓ of quota | ⅔ of quota | 1 |
RAM: | ⅓ of quota | ⅔ of quota | 512 MB |
Root Disk: | 1 GB | 2 GB | 1 GB |
Ephemeral Disk: | 0 | 0 | 0 |
Swap Disk: | 0 | 0 | 0 |
Accessibility: | marketing | marketing | finance |
Task 6
To enable access to the instance from the outside, ESCloud needs an external network. Create an external network with the following settings. ESCloud has decided that the ip range of 172.25.0.1 to 172.25.0.241 are reserved – ensure that they will not be used in this cluster and that DHCP is enabled for this network.
要从外部访问实例,ESCloud需要一个外部网络。使用以下设置创建一个外部网络。ESCloud已决定保留172.25.0.1到172.25.0.241的IP范围-确保它们不会在此群集中使用,并且已为此网络启用DHCP。name: | project | subnet name | network address | gateway | Provider Network Type | Physical Network | DHCP |
public | admin | publicsubnet | 172.25.0.0/24 | 172.25.0.1 | Flat | public | Enabled |
备注: 本次测试网段:10.5.30.1-----10.5.30.15, 不分配网段10.5.30.1----10.5.30.5
Marketing tasks
Marketing tasks, please complete the following with the roger OpenStack account.
这里注意要切换租户和用户
Task 7
ESCloud wants to ensure the instances in the marketing department can be accessed from outside via ping, web(http and https), and ssh. Create a security group msec (description:msec) with these rules.
ESCloud希望确保可以通过ping,web(http和https)和ssh从外部访问市场部门的实例。使用这些规则创建安全组msec(描述:msec)。Task 8
Create a keypair rogerkey and store the downloaded key(rogerkey.pem) in /tmp/ of the clab environment with permissions set to 600.
• Task 9: In order to boot instances, we need to create a network for marketing. Create a network with the following settings.
创建密钥对rogerkey并将下载的密钥(rogerkey.pem)存储在clab环境的/ tmp /中,权限设置为600。
•任务9:为了启动实例,我们需要创建一个营销网络。使用以下设置创建网络。Task 9
In order to boot instances, we need to create a network for marketing. Create a network with the following settings.
为了启动实例,我们需要创建一个营销网络。使用以下设置创建网络。name: | subnet name | network address | gateway |
mnet | msubnet | 10.1.0.0/24 | 10.1.0.1 |
Task 10
Create a router with name mrouter and connect mnet to public with it.
创建一个名称为mrouter的路由器,并将mnet连接到public。name: | flavor | keypair | network | image | Create New Volume | Sec Group |
minstance1 | mflavor1 | rogerkey | mnet | sharedimage | No | msec |
minstance2 | mflavor2 | rogerkey | mnet | sharedimage | No | msec |
Task 11
Create two compute instances for marketing using the table below.
使用下表创建两个用于市场营销的计算实例。name: | flavor | keypair | network | image | Create New Volume | Sec Group |
minstance1 | mflavor1 | rogerkey | mnet | sharedimage | No | msec |
minstance2 | mflavor2 | rogerkey | mnet | sharedimage | No | msec |
Task 12
Marketing needs these two instances to be accessible from the outside via specific ip addresses.
市场营销需要可以通过特定的ip地址从外部访问这两个实例。Floatingip: | 172.25.0.244 | 172.25.0.245 |
Instance: | minstance1 | minstance2 |
Task 13
Marketing needs to store important files on a volume so it will retain the data even if minstance1 is terminated. Create the volume with the name mvolume and 1GB size and attach it to minstance1.
市场营销需要将重要文件存储在一个卷上,因此即使minstance1终止,它也将保留数据。创建名称为mvolume且大小为1GB的卷,并将其附加到minstance1。Task 14
Test ping and ssh(as cirros) from the host to your marketing instances using keys via floating ips.
使用通过浮动ip的密钥,从主机到您的营销实例测试ping和ssh(作为cirros)。Finance task
Finance tasks, please complete the following with the frank OpenStack account using command line. (Important: If you are found to have completed the section below using Horizon/UI, you will forfeit points for the exam.)
这里注意要切换租户和用户
财务任务,请使用命令行使用坦率的OpenStack帐户完成以下操作。(重要提示:如果发现您已使用Horizon / UI完成了以下部分,则将丧失该考试的分数。)Task 15
We want to ensure the instances in the finance department can be accessed via ssh. Create a security group fsec with this rule.
我们希望确保可以通过ssh访问财务部门中的实例。使用此规则创建安全组fsec。答案:
openstack security group create fsec --project finance --description fsec
openstack security group rule create --dst-port 22 --protocol tcp fsec注意检查结果:
[root@openstack1 tmp]# openstack security group rule list msec --long
+--------------------------------------+-------------+-----------+------------+-----------+-----------+-----------------------+
| ID | IP Protocol | IP Range | Port Range | Direction | Ethertype | Remote Security Group |
+--------------------------------------+-------------+-----------+------------+-----------+-----------+-----------------------+
| 2f319d18-125b-4ffe-a79d-97f849a27ea4 | None | None | | egress | IPv4 | None |
| 4b5b209f-7bd2-4ca6-a9f4-91691eda9001 | icmp | 0.0.0.0/0 | | ingress | IPv4 | None |
| 64bb6b3f-f33f-4dd2-bdfa-98280124a84d | tcp | 0.0.0.0/0 | 80:80 | ingress | IPv4 | None |
| 9e75a6e3-29bb-4ff1-8eb9-5cef6a104bc4 | tcp | 0.0.0.0/0 | 443:443 | ingress | IPv4 | None |
| bb22abf6-af3e-499e-a75e-78d17bc2d773 | tcp | 0.0.0.0/0 | 22:22 | egress | IPv4 | None |
| d22144be-5938-40a0-a2b8-43d29406b56c | None | None | | egress | IPv6 | None |
| d3c29271-6a48-4b9a-af14-a67935454976 | tcp | 0.0.0.0/0 | 22:22 | ingress | IPv4 | None |
+--------------------------------------+-------------+-----------+------------+-----------+-----------+-----------------------+Task 16
Create a keypair named frankkey. Store this key with permissions set to 600 as /tmp/frankkey.pem folder of the exam environmentf
创建一个名为frankkey的密钥对。将此密钥(权限设置为600)存储为考试环境的/tmp/frankkey.pem文件夹。答案:
openstack keypair create frankkey > /tmp/frankkey.pem
chmod 600 /tmp/frankkey.pemTask 17
Create a network fnet with a subnet fsubnet and IP range 10.2.0.0/24.
创建一个子网为fsubnet且IP范围为10.2.0.0/24的网络fnet。答案:
openstack network create fnet --project finance
openstack subnet create fsubnet --network fnet --subnet-range 10.2.0.0/24Task 18
Create router frouter and connect fnet to public with it
创建路由器frouter并将其与fnet连接到公共答案:
openstack router create --project finance frouter
openstack router set --external-gateway public
openstack router add subnet frouter fsubnetTask 19
Create the following instance:
name: | flavor | keypair | network | image | Sec Group |
finstance1 | fflavor1 | frankkey | fnet | sharedimage | fsec |
答案:
openstack server create finstance1 --flavor fflavor1 --key-name frankkey --network fnet --image sharedimage --security-group fsecTask 20
Assign the floating IP 172.25.0.247 to the finstance1
将浮动IP 172.25.0.247分配给finstance1答案:
openstack floating ip create --floating-ip-address 10.5.30.13 public
openstack server add floating ip finstance1 10.5.30.13Task 21
Upload the file test.mov, which is located in /opt/stack/files/ on your clab environment, into a Swift container named Movies. Ensure that the object name is test.mov.
将文件ctest.mov(位于您的实验室环境中的/opt/stack/files/中)上传到名为Movies的Swift容器中。确保对象名称为test.mov。答案:
source xxx-openrc.sh
cd /opt/stack/files/
swift upload Movies test.movTask 22
Test the finance instance. Verify if you can ssh into the floating IP as user cirros with the key generated.
测试财务实例。验证是否可以使用生成的密钥作为用户cirros进入浮动IP。答案:
ssh -i /tmp/frankkey.pem cirros@10.5.30.13Task 23
Finally, implement a policy change that allows only administrators to create volumes and networks.
最后,实施策略更改,仅允许管理员创建卷和网络。
