EX210V13K 問題振り返り ========== ## 環境 * マニュアルに従って試験環境を構築する * 普段使いのPCでは有線・無線ともに認識しなかった * 古いNUC(第6世代)を使ったら有線が認識した * 環境設定で日本語キーボードに設定したのになぜか英語キーボードになってしまった * ~ は半角/全角キー * & はShift+7 * チャットはすべて英語だったがすべて理解できた * ヘッドセット、マスクは外せと言われた * スピーカーはチャットが来たことを知らせるときに鳴るくらい * カメラはキーボードと顔が同時に映る画角に配置する * 試験中は英語のマニュアルが参照できる * https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/13 * どこに何があるのかを把握しておく必要がある * desktopサーバに `wget -r` でダウンロードして、`grep -r` で検索しながら参照した * horizon はインストールされていなかった。すべて CLI で操作する ## 出題された問題 ### Director のxxxネットワークのprefix, xxx ### br-exのインターフェース ``` sudo ovs-vsctl list-ifaces br-ex ``` ### Fernet キーのローテーションを有効にする ``` [stack@director ~]$ source ~/stackrc [stack@director ~]$ openstack workflow execution \ > create tripleo.fernet_keys.v1.rotate_fernet_keys '{"container": "overcloud"}' [stack@director ~]$ openstack workflow execution \ > show 58c9c664-b966-4f82-b368-af5ed8de5b47 ``` ### Domain, Project, User Users and Identity Management Guide (CL110 section10) ``` # project openstack project create --domain MyCorp manufacturing # sub project openstack project create --domain MyCorp --parent manufacturing east # user openstack user create --project-domain MyCorp --project manufacturing --domain MyCorp --password redhat user # role openstack role add --user-domain MyCorp --user user --project-domain MyCorp --project manufacturing member # role assignment list openstack role assignment list --user user --user-domain MyCorp --names ``` ``` # quota openstack quota show -c cores -c ram -c instances east openstack quota set --cores 10 --ram 40000 east ``` ### Network, subnet, router (external) (CL110 section3) ``` # network openstack network create production-network4 -f json # subnet openstack subnet create --subnet-range 192.168.10.0/24 --dhcp --dns-nameserver 172.25.250.254 --network production-network4 production-subnet4 -f json ``` (CL110 section7) ``` openstack router create demo-router openstack router set --external-gateway provider-datacentre demo-router openstack router add subnet demo-router demo-subnet openstack floating ip create provider-datacentre openstack server add floating ip demo-instance 172.25.250.118 ``` ``` [student@workstation ~]$ source operator1-production-rc # network [student@workstation ~(operator1-production)]$ openstack network create \ > --external \ > --share \ > --provider-network-type flat \ > --provider-physical-network datacentre \ > provider-datacentre # subnet [student@workstation ~(operator1-production)]$ openstack subnet create \ > --subnet-range 172.25.250.0/24 \ > --gateway 172.25.250.254 \ > --dns-nameserver 172.25.250.254 \ > --allocation-pool start=172.25.250.101,end=172.25.250.189 \ > --no-dhcp \ > --network provider-datacentre \ > provider-subnet-172.25.250 [student@workstation ~(operator1-production)]$ source developer1-production-rc # router [student@workstation ~(developer1-production)]$ openstack router create \ > production-router1 ## subnet [student@workstation ~(developer1-production)]$ openstack router add \ > subnet production-router1 \ > production-subnet1 ## external-gateway [student@workstation ~(developer1-production)]$ openstack router set \ > --external-gateway provider-datacentre \ > production-router1 ``` ### Security group (CL110 section7) ``` [student@workstation ~(developer1-production)]$ openstack security group \ > create production-secgroup1 [student@workstation ~(developer1-production)]$ openstack security group rule \ > create --protocol tcp \ > --dst-port 22 \ > production-secgroup1 [student@workstation ~(developer1-production)]$ openstack security group \ > rule create --protocol tcp \ > --dst-port 80 \ > production-secgroup1 [student@workstation ~(developer1-production)]$ openstack security group \ > rule create --protocol icmp \ > production-secgroup1 ``` ### key-pair ``` [student@workstation ~(developer1-production)]$ openstack keypair create \ > production-keypair1 > /home/student/Downloads/production-keypair1.pem [student@workstation ~(developer1-production)]$ chmod 600 \ > /home/student/Downloads/production-keypair1.pem ``` ### floating ip ``` [student@workstation ~(developer1-production)]$ openstack floating ip \ > create provider-datacentre ``` ``` openstack server add floating ip SERVER IP-ADDR ``` ### Server (CL110 section3) ``` # server openstack server create --image rhel8 --flavor default --network production-network4 --key-name example-keypair production-server4 --wait # compute node openstack server show production-server4 # MAC address openstack port list --server production-server4 ``` ``` openstack server create \ > --image rhel8-web \ > --flavor default \ > --nic net-id=production-network1 \ > --security-group production-secgroup1 \ > --key-name production-keypair1 \ > --wait \ > production-server9 [student@workstation ~(developer1-production)]$ openstack server \ > add floating ip \ > production-server9 172.25.250.154 ``` ``` ovs-ofctl dump-flows br-int | grep fa:16:3e:7b:05:f6 ``` ### block storage ### volume ``` # create openstack volume create --size 1 production-volume1 # volume add openstack server add volume production-server5 production-volume1 # confirmation openstack volume list --> in-use ``` ### volume snapshot ``` openstack server remove volume production-server5 production-volume1 openstack volume snapshot create --volume production-volume1 production-snapshot1 ``` ### vdb としてマウント ``` openstack server add volume finanse-server2 finance-vol2 ssh xxx lsblk ``` ``` [student@workstation ~(operator1-production)]$ ssh 172.25.250.153 \ > sudo /usr/sbin/parted /dev/vdb \ > mklabel msdos \ > mkpart primary 0 1G # /dev/vdb1 に xfsタイプのファイルシステムを作成する [student@workstation ~(operator1-production)]$ ssh 172.25.250.153 \ > sudo /usr/sbin/mkfs -t xfs /dev/vdb1 # /dev/vdb1 を /mnt に一時的にマウントする [student@workstation ~(operator1-production)]$ ssh 172.25.250.153 \ > sudo /usr/bin/mount /dev/vdb1 /mnt ``` ### イメージのカスタマイズ ``` $ virt-customize \ > -a ~/finance-rhel-mail.qcow2 \ > --run-command 'dnf -y install postfix mailx' \ > --run-command 'systemctl enable postfix' \ > --run-command 'postconf -e "relayhost = [workstation.lab.example.com]"' \ > --run-command 'postconf -e "inet_interfaces = all"' \ > --selinux-relabel [student@workstation ~(developer1-finance)]$ openstack image create \ > --disk-format qcow2 \ > --min-disk 10 \ > --min-ram 2048 \ > --file ~/finance-rhel-mail.qcow2 \ > finance-rhel-mail ``` ### external nw に対応する compute ノード上のOVN名前空間名 ``` sudo ip netns ``` ### redis アクセス時のパスワード `/var/lib/config-data` から `grep -r` して見つけた ### RabbitMQでトレースを有効にする CL210 #2 @controller ``` # tracer ユーザー（パスワードは redhat）を作成する podman exec -t rabbitmq-bundle-podman-0 rabbitmqctl add_user tracer redhat # configure, write, read にパーミッションを割り当てる podman exec -t rabbitmq-bundle-podman-0 rabbitmqctl set_permissions tracer ".*" ".*" ".*" # RabbitMQでトレースを有効化する podman exec -t rabbitmq-bundle-podman-0 rabbitmqctl trace_on ``` ### Object Storage ``` openstack container create container1 openstack object create container1 dataset.dat # @vm openstack object save container1 dataset.dat ``` ### heat demo-template.yaml ``` paramteres: web_image_name: rhel8-app1-web web_instance_name: finance-web (snip) ``` ``` [user@demo ~(user-demo)]$ openstack stack create \ > --parameter "instance_name=first-instance" \ > --template demo-template.yaml \ > demo-stack [user@demo ~(user-demo)]$ openstack stack resource list demo-stack -f json [user@demo ~(user-demo)]$ heat event-list demo-stack [user@demo ~(user-demo)]$ openstack stack event show demo-stack server e7327efa-86a5-4f13-9c9f-ce51ac8ed78e [user@demo ~(user-demo)]$ openstack stack update \ > --parameter "instance_name=demo-server1" \ > --template demo-template.yaml \ > demo-stack ``` ### manila ``` [student@workstation ~(operator1-finance)]$ manila type-create cephfstype false [student@workstation ~(developer1-finance)]$ manila create \ > --name finance-share1 --share-type cephfstype cephfs 1 [student@workstation ~(developer1-finance)]$ manila access-allow \ > finance-share1 cephx cloud-user [student@workstation ~(developer1-finance)]$ manila access-list \ > finance-share1 --columns access_to,access_level,state [student@workstation ~(developer1-finance)]$ manila share-export-location-list \ > finance-share1 --columns Path ## mount [root@finance-server6 ~]# ceph-fuse /mnt/ceph/ \ > --id=cloud-user --conf=/home/cloud-user/ceph.conf \ > --keyring=/home/cloud-user/cloud-user.keyring \ > --client-mountpoint=/volumes/_nogroup/cea022a9-c00c-4003-b6f3-8fea2a49bd5f ``` ## 結果 | 項目 | 10/20 | 10/25 | | -------- | --------:| --------:| | Passing score | 210/300 | 210/300 | | Your score | 83 (27%) | 167 (55%) | | Manage an OpenStack undercloud and overcloud | 33% | 33% | | Manage projects and resources | 0% | 25% | | Manage instances | 0% | 0% | | Manage and utilize storage | 0% | 50% | | Use OpenStack orchestration | 0% | 0% | | Managing Authentication | 100% | 100% | | OpenStack Monitoring | 60% | 80% | ### 10/25 * Manage projects and resources がまたしても失敗してしまった模様。どこが間違ってたのか、よく分からん、、 * External NWの作りかたが分かっておらず、Directorからアクセスできず、後続の問題に取り掛かれないものが出ました。たぶん、 openstack router set --external-gateway を実行しなかった気がします。 * ここでしくると、「Manage instances: 0%」という結果になってしまいます。 * 「Use OpenStack orchestration: 0%」は Heat の問題なのですが、 environment.yaml の書きかたが時間内に分からず、時間切れでした。 * 「Manage and utilize storage: 50%」はたぶん、Swiftのブロックストレージを作成した後、VM上にダウンロードする問題があり、VMにアクセスできないので解けませんでした。 ### 池上さん ``` Dear Shuichi Ikegami: The results of your recent EX210 Red Hat Certified Specialist in Cloud Infrastructure Exam are reported below. Exam domain number: 6 Passing score: 210 Your score: 104 Result: NO PASS Performance on exam objectives: OBJECTIVE: SCORE Manage the Red Hat OpenStack Platform control plane: 33% <前回と同> Manage infrastructure security: 0% <前回と同> Manage user security: 25% <前回と同> Manage application deployment resources: 71% <前回+54%> Manage storage in Red Hat OpenStack Platform: 33% <前回+16%> Manage networking: 100% <前回と同> Manage compute node operations: 25% <前回と同> Monitor operations: 50% <前回+25%> Automate cloud application deployment: 0% <前回と同> Troubleshoot operations: 100% <前回+67%> ``` * Manila, Swift 問題は２問ずつ * LBをheatで作る * compute hci上の namespace ### 2023年度 EX210V16K | 項目 | 3/8 | |-----|-----:| | Passing score | 210/300 | | Your score | 81 (27%) | | Manage the Red Hat OpenStack Platform control plane | 0% | | Manage infrastructure security | 0% | | Manage user security | 50% | | Manage application deployment resources | 43% | | Manage storage in Red Hat OpenStack Platform | 33% | | Manage networking | 100% | | Manage compute node oprations | 0% | | Monitor operations | 0% | | Automate cloud application deployment | 0% | | Troubleshoot operations | 67% |