Repos-que-me-gustan/devops-exercises
1
0
Fork 0
Code Pull Requests Activity

Merge branch 'master' of github.com:bregman-arie/devops-exercises into devel

Browse Source
This commit is contained in:
abregman 2021-11-28 22:19:08 +02:00
commit 0784ef0fc2
9 changed files with 32 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
exercises/ansible/README.md
View File

@ -9,7 +9,7 @@
| My First Playbook | Playbooks | [Exercise](my_first_playbook.md) | [Solution](solutions/my_first_playbook.md)
### Ansible Self Assesment
### Ansible Self Assessment
<details>
<summary>Describe each of the following components in Ansible, including the relationship between them:
@ -47,7 +47,7 @@ Ansible is:
<summary>True or False? Ansible follows the mutable infrastructure paradigm</summary><br><b>
True. In immutable infrastructure approach, you'll replace infrastructure instead of modifying it.<br>
Ansible rather follows the mutable infrastructure paradigm where it allows you to change the configuration of different components, but this approach is not perfect and has its own disadvantges like "configuration drift" where different components may reach different state for different reasons.
Ansible rather follows the mutable infrastructure paradigm where it allows you to change the configuration of different components, but this approach is not perfect and has its own disadvantages like "configuration drift" where different components may reach different state for different reasons.
</b></details>
<details>
@ -353,7 +353,7 @@ A full list can be found at [PlayBook Variables](https://docs.ansible.com/ansib
</b></details>
<details>
<summary>Explain the Diffrence between Forks and Serial & Throttle.</summary><br><b>
<summary>Explain the Difference between Forks and Serial & Throttle.</summary><br><b>
`Serial` is like running the playbook for each host in turn, waiting for completion of the complete playbook before moving on to the next host. `forks`=1 means run the first task in a play on one host before running the same task on the next host, so the first task will be run for each host before the next task is touched. Default fork is 5 in ansible.
@ -464,7 +464,7 @@ Gotenks = 32
<summary>True or False? By default, Ansible will execute all the tasks in play on a single host before proceeding to the next host</summary><br><b>
False. Ansible will execute a single task on all hosts before moving to the next task in a play. As for today, it uses 5 forks by default.<br>
This behaviour is described as "strategy" in Ansible and it's configurable.
This behavior is described as "strategy" in Ansible and it's configurable.
</b></details>
<details>
@ -507,7 +507,7 @@ If your group has 8 hosts. It will run the whole play on 4 hosts and then the sa
</b></details>
<details>
<summary>You run Ansibe tests and you get "idempotence test failed". What does it mean? Why idempotence is important?</summary><br><b>
<summary>You run Ansible tests and you get "idempotence test failed". What does it mean? Why idempotence is important?</summary><br><b>
</b></details>
#### Ansible - Debugging

6
exercises/aws/README.md
View File

@ -328,8 +328,8 @@ Let's take for example the following instance type: m5.large
<details>
<summary>True or False? The following are instance types available for a user in AWS:
* Compute optimizied
* Network optimizied
* Compute optimized
* Network optimized
* Web optimized</summary><br><b>
False. From the above list only compute optimized is available.
@ -572,7 +572,7 @@ True.
* Convertible Reserved Instances
* Scheduled Reserved Instances</summary><br><b>
* Convertible Reserved Instances: used for long running workloads but used when instance type might change during the period of time it's resreved
* Convertible Reserved Instances: used for long running workloads but used when instance type might change during the period of time it's reserved
* Scheduled Reserved Instances: when you need to reserve an instance for a long period but you don't need it continuously (so for example you need it only in the morning)
</b></details>

6
exercises/cicd/README.md
View File

@ -50,7 +50,7 @@ A complete different answer or CI process, can describe how a developer pushes c
<details>
<summary>What is Continuous Delivery?</summary><br><b>
A development strategy used to frequently deliver code to QA and Ops for testing. This entails having a staging area that has production like features where changes can only be accepted for production after a manual review. Because of this human entanglement there is usually a time lag between release and review making it slower and error prone as compared to continous deployment.
A development strategy used to frequently deliver code to QA and Ops for testing. This entails having a staging area that has production like features where changes can only be accepted for production after a manual review. Because of this human entanglement there is usually a time lag between release and review making it slower and error prone as compared to continuous deployment.
For more info please read [here](https://www.atlassian.com/continuous-delivery/continuous-deployment)
</b></details>
@ -129,7 +129,7 @@ This might be considered to be an opinionated answer:
* Old fashioned dashboards with not many options to customize it
* Containers readiness (this has improved with Jenkins X)
* By itself, it doesn't have many features. On the other hand, there many plugins created by the community to expand its abilities
* Managing Jenkins and its piplines as a code can be one hell of a nightmare
* Managing Jenkins and its pipelines as a code can be one hell of a nightmare
</b></details>
<details>
@ -141,7 +141,7 @@ This might be considered to be an opinionated answer:
- Node or Worker
- Executor</summary><br><b>
- Job is an automation definition = what and where to execute once the user clicks on "build"
- Build is a running instance of a job. You can have one or more builds at any given point of time (unless limited by confiugration)
- Build is a running instance of a job. You can have one or more builds at any given point of time (unless limited by configuration)
- A worker is the machine/instance on which the build is running. When a build starts, it "acquires" a worker out of a pool to run on it.
- An executor is variable of the worker, defining how many builds can run on that worker in parallel. An executor value of 3 means, that 3 builds can run at any point on that executor (not necessarily of the same job. Any builds)
</b></details>

4
exercises/containers/README.md
View File

@ -12,7 +12,7 @@
|Containerize an application | Containerization |[Exercise](containerize_app.md)|[Solution](solutions/containerize_app.md)
|Multi-Stage Builds|Multi-Stage Builds|[Exercise](multi_stage_builds.md)|[Solution](solutions/multi_stage_builds.md)
### Containers Self Assesment
### Containers Self Assessment
<details>
<summary>What is a Container?</summary><br><b>
@ -506,7 +506,7 @@ Docker/Podman daemon redirects output from container to Docker CLI which redirec
<details>
<summary>Describe difference between cgroups and namespaces </summary><br><b>
cgroup: Control Groups provide a mechanism for aggregating/partitioning sets of tasks, and all their future children, into hierarchical groups with specialized behaviour.
cgroup: Control Groups provide a mechanism for aggregating/partitioning sets of tasks, and all their future children, into hierarchical groups with specialized behavior.
namespace: wraps a global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource.
In short:

6
exercises/devops/README.md
View File

@ -115,7 +115,7 @@ Things to think about:
<details>
<summary>What is Version Control?</summary><br><b>
* Version control is the sytem of tracking and managing changes to software code.
* Version control is the system of tracking and managing changes to software code.
* It helps software teams to manage changes to source code over time.
* Version control also helps developers move faster and allows software teams to preserve efficiency and agility as the team scales to include more developers.
</b></details>
@ -281,7 +281,7 @@ Read about Chaos Engineering [here](https://en.wikipedia.org/wiki/Chaos_engineer
<details>
<summary>What is "infrastructure as code"? What implementation of IAC are you familiar with?</summary><br><b>
IAC (infrastructure as code) is a declerative approach of defining infrastructure or architecture of a system. Some implementations are ARM templates for Azure and Terraform that can work across multiple cloud providers.
IAC (infrastructure as code) is a declarative approach of defining infrastructure or architecture of a system. Some implementations are ARM templates for Azure and Terraform that can work across multiple cloud providers.
</b></details>
<details>
@ -346,7 +346,7 @@ This situation might lead to bugs which hard to identify and reproduce.
<details>
<summary>How to deal with a configuration drift?</summary><br><b>
Configuration drift can be avoided with desired state configuration (DSC) implementation. Desired state configuration can be a declarative file that defined how a system should be. There are tools to enforce desired state such a terraform or azure dsc. There are incramental or complete strategies.
Configuration drift can be avoided with desired state configuration (DSC) implementation. Desired state configuration can be a declarative file that defined how a system should be. There are tools to enforce desired state such a terraform or azure dsc. There are incremental or complete strategies.
</b></details>
<details>

12
exercises/kubernetes/README.md
View File

@ -15,7 +15,7 @@
| Operating ReplicaSets | ReplicaSet | [Exercise](replicaset_02.md) | [Solution](solutions/replicaset_02_solution.md)
| ReplicaSets Selectors | ReplicaSet | [Exercise](replicaset_03.md) | [Solution](solutions/replicaset_03_solution.md)
### Kubernetes Self Assesment
### Kubernetes Self Assessment
<details>
<summary>What is Kubernetes? Why organizations are using it?</summary><br><b>
@ -58,7 +58,7 @@ metadata, kind and apiVersion
</b></details>
<details>
<summary>What actions or operations you consider as best practices when it comes to Kuberentes?</summary><br><b>
<summary>What actions or operations you consider as best practices when it comes to Kubernetes?</summary><br><b>
- Always make sure Kubernetes YAML files are valid. Applying automated checks and pipelines is recommended.
- Always specify requests and limits to prevent situation where containers are using the entire cluster memory which may lead to OOM issue
@ -749,7 +749,7 @@ It specifies what do with an incoming request to the Kubernetes cluster that isn
<details>
<summary>How to configure a default backend?</summary><br><b>
Create Service resource that specifies the name of the default backend as reflected in `kubectl desrcibe ingress ...` and the port under the ports section.
Create Service resource that specifies the name of the default backend as reflected in `kubectl describe ingress ...` and the port under the ports section.
</b></details>
<details>
@ -967,7 +967,7 @@ In simpler words, Network Policies specify how pods are allowed/disallowed to co
<summary>What are some use cases for using Network Policies?</summary><br><b>
- Security: You want to prevent from everyone to communicate with a certain pod for security reasons
- Controling network traffic: You would like to deny network flow between two specific nodes
- Controlling network traffic: You would like to deny network flow between two specific nodes
</b></details>
<details>
@ -1054,7 +1054,7 @@ When using the default namespace alone, it becomes hard over time to get an over
Namespaces can also be useful for managing Blue/Green environments where each namespace can include a different version of an app and also share resources that are in other namespaces (namespaces like logging, monitoring, etc.).
Another use case for namespaces is one cluster, multiple teams. When multiple teams use the same cluster, they might end up stepping on each others toes. For example if they end up creating an app with the same name it means one of the teams overriden the app of the other team because there can't be too apps in Kubernetes with the same name (in the same namespace).
Another use case for namespaces is one cluster, multiple teams. When multiple teams use the same cluster, they might end up stepping on each others toes. For example if they end up creating an app with the same name it means one of the teams overridden the app of the other team because there can't be too apps in Kubernetes with the same name (in the same namespace).
</b></details>
<details>
@ -1729,7 +1729,7 @@ Scale the number of pods automatically on observed CPU utilization.
</b></details>
<details>
<summary>Describe how you one proceeds to run a containerised web app in K8s, which should be reachable from a public URL.</summary><br><b>
<summary>Describe how you one proceeds to run a containerized web app in K8s, which should be reachable from a public URL.</summary><br><b>
</b></details>
<details>

8
exercises/perl/README.md
View File

@ -95,7 +95,7 @@ foreach (@numbers) {
# Output: 12345
# "$#" returns the max index of an array. That's the reason because we can iterate accesing to the array from the index 0 to the max index.
# "$#" returns the max index of an array. That's the reason because we can iterate accessing to the array from the index 0 to the max index.
for my $i (0..$#numbers) {
print($numbers[$i]);
}
@ -148,7 +148,7 @@ while(my ($city, $country) = each %capital_cities) {
<details>
<summary>What is a Perl subroutine? How to define it?</summary><br><b>
It's the perl model for user defined functions (this is also called function like other programming languages). We can define a subroute with the keyword `sub`.
It's the perl model for user defined functions (this is also called function like other programming languages). We can define a subroutine with the keyword `sub`.
```
sub hello {
@ -172,7 +172,7 @@ sub power {
&power(2, 3);
```
- Individual assigment: We should access to every element of the `@_` array. It starts from zero.
- Individual assignment: We should access to every element of the `@_` array. It starts from zero.
```
sub power {
@ -480,7 +480,7 @@ use parent -norequire, 'A';
sub new { return bless {}, shift; };
# Instance class `B` allows call the inherated method
# Instance class `B` allows call the inherited method
my $b = B->new();
$b->printA();
```

4
exercises/security/README.md
View File

@ -203,7 +203,7 @@ Read about it [here](https://owasp.org/www-project-top-ten)
<details>
<summary>What is XSS?</summary><br><b>
Cross Site Scripting (XSS) is an type of a attack when the attacker inserts browser executable code within a HTTP response. Now the injected attack is not stored in the web application, it will only affact the users who open the maliciously crafted link or third-party web page. A successful attack allows the attacker to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site 
Cross Site Scripting (XSS) is an type of a attack when the attacker inserts browser executable code within a HTTP response. Now the injected attack is not stored in the web application, it will only affect the users who open the maliciously crafted link or third-party web page. A successful attack allows the attacker to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site 
You can test by detecting user-defined variables and how to input them. This includes hidden or non-obvious inputs such as HTTP parameters, POST data, hidden form field values, and predefined radio or selection values. You then analyze each found vector to see if their are potential vulnerabilities, then when found you craft input data with each input vector. Then you test the crafted input and see if it works.
@ -214,7 +214,7 @@ You can test by detecting user-defined variables and how to input them. This inc
SQL injection is an attack consists of inserts either a partial or full SQL query through data input from the browser to the web application. When a successful SQL injection happens it will allow the attacker to read sensitive information stored on the database for the web application. 
You can test by using a stored procedure, so the application must be sanitize the user input to get rid of the tisk of code injection. If not then the user could enter bad SQL, that will then be executed within the procedure
You can test by using a stored procedure, so the application must be sanitize the user input to get rid of the risk of code injection. If not then the user could enter bad SQL, that will then be executed within the procedure
</b></details>

8
exercises/terraform/README.md
View File

@ -103,7 +103,7 @@ True
- Arguments: resource specific configurations
- Attributes: values exposed by the resource in a form of `resource_type.resource_name.attribute_name`. They are set by the provider or API usually.
- Meta-arguments: Functions of Terraform to change resource's behaviour
- Meta-arguments: Functions of Terraform to change resource's behavior
</b></details>
#### Terraform - Providers
@ -197,7 +197,7 @@ It doesn't show its value when you run `terraform apply` or `terraform plan` but
</b></details>
<details>
<summary>True or Fales? If an expression's result depends on a sensitive variable, it will be treated as sensitive as well</summary><br><b>
<summary>True or False? If an expression's result depends on a sensitive variable, it will be treated as sensitive as well</summary><br><b>
True
</b></details>
@ -209,7 +209,7 @@ True
- Environment variable
- Using `-var` or `-var-file`
According to varaible precedence, which source will be used first?</summary><br><b>
According to variable precedence, which source will be used first?</summary><br><b>
The order is:
@ -409,7 +409,7 @@ The Terraform Registry provides a centralized location for official and communit
<details>
<summary>What is Terraform import?</summary><br><b>
Terraform import is used to import existing infrastucture. It allows you to bring resources created by some other means (eg. manually launched cloud resources) and bring it under Terraform management.
Terraform import is used to import existing infrastructure. It allows you to bring resources created by some other means (eg. manually launched cloud resources) and bring it under Terraform management.
</b></details>
<details>