COA 考試模擬題

version: 201911

Exam Tasks

You are the cloud administrator of a fictitious company named ESCloud. You have been tasked with setting up Openstack Environments for marketing and finance departments.

您是一家名為ESCloud的虛擬公司的云管理員。您的任務(wù)是為市場和財(cái)務(wù)部門設(shè)置Openstack環(huán)境。

Task 1

The company has two departments, named marketing and finance. For each of the two departments create projects with details below:

該公司有兩個(gè)部門，分別是市場部和財(cái)務(wù)部。為兩個(gè)部門中的每個(gè)部門創(chuàng)建項(xiàng)目，其詳細(xì)信息如下：

Task 2

Marketing is managed by Roger and finance is managed by Frank. Both are going to be administrators of their respective projects. ESCloud has an engineer named James who will be a member of both departments. Create OpenStack user accounts for Roger, Frank and James with the data sheet below. For roles, please ensure that users only have the roles identified below - any additional default roles should be removed.

營銷由羅杰（Roger）管理，財(cái)務(wù)由弗蘭克（Frank）管理。兩者都將成為各自項(xiàng)目的管理員。ESCloud擁有一個(gè)名為James的工程師，他將是兩個(gè)部門的成員。使用以下數(shù)據(jù)表為Roger，F(xiàn)rank和James創(chuàng)建OpenStack用戶帳戶。對于角色，請確保用戶僅具有以下標(biāo)識(shí)的角色-應(yīng)刪除所有其他默認(rèn)角色。

Task 3

Management has imposed quotas of 3 VCPUs, 3072 MB of RAM and 3 Gigabytes of disk space (Total Size of Volumes and Snapshots (GB)) for marketing. For finance , quotas are 1 instance and 2 Gigabytes of disk space (Total Size of Volumes and Snapshots (GB)). For both groups, also set a maximum of 2 floating IPs and 2 security groups. Leave the OpenStack defaults for the rest.

管理層已為市場分配了3個(gè)VCPU，3072 MB RAM和3 GB磁盤空間（卷和快照總大?。┑呐漕~。對于財(cái)務(wù)而言，配額為1個(gè)實(shí)例和2 GB的磁盤空間（卷和快照的總大?。℅B））。對于這兩個(gè)組，還最多設(shè)置2個(gè)浮動(dòng)IP和2個(gè)安全組。其余部分保留OpenStack默認(rèn)值。

Task 4

For initial tests the company will use a qcow2 image of Cirros, located at http://localhost:8090/mce100.img and named sharedimage. The image must be public so all projects can use it.

對于初始測試，該公司將使用位于http：// localhost：8090 / mce100.img并命名為sharedimage 的Cirros的qcow2圖像。該圖像必須是公共的，以便所有項(xiàng)目都可以使用它。

Task 5

In addition to the default flavors that come with OpenStack, ESCloud has decided that it needs its own custom flavors for spawning instances using the shared image. Please create the following custom flavors.

除了OpenStack隨附的默認(rèn)樣式外，ESCloud還決定它需要自己的自定義樣式來使用共享映像生成實(shí)例。請創(chuàng)建以下自定義樣式。

Task 6

To enable access to the instance from the outside, ESCloud needs an external network. Create an external network with the following settings. ESCloud has decided that the ip range of 172.25.0.1 to 172.25.0.241 are reserved – ensure that they will not be used in this cluster and that DHCP is enabled for this network.

要從外部訪問實(shí)例，ESCloud需要一個(gè)外部網(wǎng)絡(luò)。使用以下設(shè)置創(chuàng)建一個(gè)外部網(wǎng)絡(luò)。ESCloud已決定保留172.25.0.1到172.25.0.241的IP范圍-確保它們不會(huì)在此群集中使用，并且已為此網(wǎng)絡(luò)啟用DHCP。

備注： 本次測試網(wǎng)段：10.5.30.1-----10.5.30.15, 不分配網(wǎng)段10.5.30.1----10.5.30.5

Marketing tasks

Marketing tasks, please complete the following with the roger OpenStack account.

這里注意要切換租戶和用戶

Task 7

ESCloud wants to ensure the instances in the marketing department can be accessed from outside via ping, web(http and https), and ssh. Create a security group msec (description:msec) with these rules.

ESCloud希望確保可以通過ping，web（http和https）和ssh從外部訪問市場部門的實(shí)例。使用這些規(guī)則創(chuàng)建安全組msec（描述：msec）。

Task 8

Create a keypair rogerkey and store the downloaded key(rogerkey.pem) in /tmp/ of the clab environment with permissions set to 600.
? Task 9: In order to boot instances, we need to create a network for marketing. Create a network with the following settings.

創(chuàng)建密鑰對rogerkey并將下載的密鑰（rogerkey.pem）存儲(chǔ)在clab環(huán)境的/ tmp /中，權(quán)限設(shè)置為600。
?任務(wù)9：為了啟動(dòng)實(shí)例，我們需要?jiǎng)?chuàng)建一個(gè)營銷網(wǎng)絡(luò)。使用以下設(shè)置創(chuàng)建網(wǎng)絡(luò)。

Task 9

In order to boot instances, we need to create a network for marketing. Create a network with the following settings.

為了啟動(dòng)實(shí)例，我們需要?jiǎng)?chuàng)建一個(gè)營銷網(wǎng)絡(luò)。使用以下設(shè)置創(chuàng)建網(wǎng)絡(luò)。

Task 10

Create a router with name mrouter and connect mnet to public with it.

創(chuàng)建一個(gè)名稱為mrouter的路由器，并將mnet連接到public。

Task 11

Create two compute instances for marketing using the table below.

使用下表創(chuàng)建兩個(gè)用于市場營銷的計(jì)算實(shí)例。

Task 12

Marketing needs these two instances to be accessible from the outside via specific ip addresses.

市場營銷需要可以通過特定的ip地址從外部訪問這兩個(gè)實(shí)例。

Task 13

Marketing needs to store important files on a volume so it will retain the data even if minstance1 is terminated. Create the volume with the name mvolume and 1GB size and attach it to minstance1.

市場營銷需要將重要文件存儲(chǔ)在一個(gè)卷上，因此即使minstance1終止，它也將保留數(shù)據(jù)。創(chuàng)建名稱為mvolume且大小為1GB的卷，并將其附加到minstance1。

Task 14

Test ping and ssh(as cirros) from the host to your marketing instances using keys via floating ips.

使用通過浮動(dòng)ip的密鑰，從主機(jī)到您的營銷實(shí)例測試ping和ssh（作為cirros）。

Finance task

Finance tasks, please complete the following with the frank OpenStack account using command line. (Important: If you are found to have completed the section below using Horizon/UI, you will forfeit points for the exam.)

這里注意要切換租戶和用戶

財(cái)務(wù)任務(wù)，請使用命令行使用坦率的OpenStack帳戶完成以下操作。（重要提示：如果發(fā)現(xiàn)您已使用Horizo??n / UI完成了以下部分，則將喪失該考試的分?jǐn)?shù)。）

Task 15

We want to ensure the instances in the finance department can be accessed via ssh. Create a security group fsec with this rule.

我們希望確保可以通過ssh訪問財(cái)務(wù)部門中的實(shí)例。使用此規(guī)則創(chuàng)建安全組fsec。

答案：

openstack security group create fsec --project finance --description fsec
openstack security group rule create --dst-port 22 --protocol tcp fsec

注意檢查結(jié)果：

[root@openstack1 tmp]# openstack security group rule list msec --long
+--------------------------------------+-------------+-----------+------------+-----------+-----------+-----------------------+
| ID                                   | IP Protocol | IP Range  | Port Range | Direction | Ethertype | Remote Security Group |
+--------------------------------------+-------------+-----------+------------+-----------+-----------+-----------------------+
| 2f319d18-125b-4ffe-a79d-97f849a27ea4 | None        | None      |            | egress    | IPv4      | None                  |
| 4b5b209f-7bd2-4ca6-a9f4-91691eda9001 | icmp        | 0.0.0.0/0 |            | ingress   | IPv4      | None                  |
| 64bb6b3f-f33f-4dd2-bdfa-98280124a84d | tcp         | 0.0.0.0/0 | 80:80      | ingress   | IPv4      | None                  |
| 9e75a6e3-29bb-4ff1-8eb9-5cef6a104bc4 | tcp         | 0.0.0.0/0 | 443:443    | ingress   | IPv4      | None                  |
| bb22abf6-af3e-499e-a75e-78d17bc2d773 | tcp         | 0.0.0.0/0 | 22:22      | egress    | IPv4      | None                  |
| d22144be-5938-40a0-a2b8-43d29406b56c | None        | None      |            | egress    | IPv6      | None                  |
| d3c29271-6a48-4b9a-af14-a67935454976 | tcp         | 0.0.0.0/0 | 22:22      | ingress   | IPv4      | None                  |
+--------------------------------------+-------------+-----------+------------+-----------+-----------+-----------------------+

Task 16

Create a keypair named frankkey. Store this key with permissions set to 600 as /tmp/frankkey.pem folder of the exam environmentf

創(chuàng)建一個(gè)名為frankkey的密鑰對。將此密鑰（權(quán)限設(shè)置為600）存儲(chǔ)為考試環(huán)境的/tmp/frankkey.pem文件夾。

答案：

openstack keypair create frankkey > /tmp/frankkey.pem
chmod 600 /tmp/frankkey.pem

Task 17

Create a network fnet with a subnet fsubnet and IP range 10.2.0.0/24.

創(chuàng)建一個(gè)子網(wǎng)為fsubnet且IP范圍為10.2.0.0/24的網(wǎng)絡(luò)fnet。

答案：

openstack network create fnet --project finance
openstack subnet create fsubnet --network fnet --subnet-range 10.2.0.0/24

Task 18

Create router frouter and connect fnet to public with it

創(chuàng)建路由器frouter并將其與fnet連接到公共

答案：

openstack router create --project finance frouter
openstack router set --external-gateway public
openstack router add subnet frouter fsubnet

Task 19

Create the following instance:

答案：

openstack server create finstance1 --flavor fflavor1 --key-name frankkey --network fnet --image sharedimage --security-group fsec

Task 20

Assign the floating IP 172.25.0.247 to the finstance1

將浮動(dòng)IP 172.25.0.247分配給finstance1

答案：

openstack floating ip create --floating-ip-address 10.5.30.13 public
openstack server add floating ip finstance1 10.5.30.13

Task 21

Upload the file test.mov, which is located in /opt/stack/files/ on your clab environment, into a Swift container named Movies. Ensure that the object name is test.mov.

將文件ctest.mov（位于您的實(shí)驗(yàn)室環(huán)境中的/opt/stack/files/中）上傳到名為Movies的Swift容器中。確保對象名稱為test.mov。

答案：

source xxx-openrc.sh
cd /opt/stack/files/ 
swift upload Movies test.mov

Task 22

Test the finance instance. Verify if you can ssh into the floating IP as user cirros with the key generated.

測試財(cái)務(wù)實(shí)例。驗(yàn)證是否可以使用生成的密鑰作為用戶cirros進(jìn)入浮動(dòng)IP。

答案：

ssh -i /tmp/frankkey.pem cirros@10.5.30.13

Task 23

Finally, implement a policy change that allows only administrators to create volumes and networks.

最后，實(shí)施策略更改，僅允許管理員創(chuàng)建卷和網(wǎng)絡(luò)。

答案：文章來源地址http://www.zghlxwxcb.cn/news/detail-418268.html

到了這里，關(guān)于openstack COA 考試模擬題的文章就介紹完了。如果您還想了解更多內(nèi)容，請?jiān)谟疑辖撬阉鱐OY模板網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章，希望大家以后多多支持TOY模板網(wǎng)！