Answer for Kodekloud DEVOPS Questions - Init container in Kubernetes

Question:

1. Create a Deployment named as ic-deploy-devops.

2. Configure spec as replicas should be 1, labels app should be ic-devops, template's metadata lables app should be the same ic-devops.

3. The initContainers should be named as ic-msg-devops, use image centos, preferably with latest tag and use command '/bin/bash', '-c' and 'echo Init Done - Welcome to xFusionCorp Industries > /ic/ecommerce'. The volume mount should be named as ic-volume-devops and mount path should be /ic.

4. Main container should be named as ic-main-devops, use image centos, preferably with latest tag and use command '/bin/bash', '-c' and 'while true; do cat /ic/ecommerce; sleep 5; done'. The volume mount should be named as ic-volume-devops and mount path should be /ic.

5. Volume to be named as ic-volume-devops and it should be an emptyDir type.

Sample Answer: 

# first we need to create a configuration YAML file based on the given details in the question.

check below the Github link for the sample YAML file for this task.( init-container-deploy.yaml) 

sample-answers-kke-questions-Devops

#Hope you prepared the YAML file from the above step using your question details.

NOW let's do the task.

 #deploy the file 

        kubectl apply -f <your-yaml-file>

#checking

    kubectl get pods

Note: **The Question copied for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

check the below video too for how to do this task (i have done a sample task on Ubuntu OS)

LIKE, SUBSCRIBE my channel and stay tuned for more videos

Answer for Kodekloud DEVOPS Questions - Create Replicaset in Kubernetes Cluster

The Nautilus DevOps team is going to deploy some applications on kubernetes cluster as they are planning to migrate some of their applications there. Recently one of the team members has been assigned a task to write a template as per the details mentioned below:

1. Create a ReplicaSet using httpd image with latest tag only and remember to mention tag i.e httpd:latest and name it as httpd-replicaset.

2. Labels app should be httpd_app, labels type should be front-end. The container should be named as httpd-container; also make sure replicas counts are 4.

Sample Answer: 

# first we need to create a replicate-set YAML file based on the given details in the question.

check below the Github link for the sample YAML file for this task.( replica-set.yaml) 

sample-answers-kke-questions-Devops

#Hope you prepared the YAML file from the above step using your question details.

NOW let's do the task.

 #deploy the file 

        kubectl apply -f replica-set.yaml

#checking

    kubectl get pods

Note: **The Question copied for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

check the below video too for how to do this task (i have done a sample task on Ubuntu OS)

Answer for Kodekloud DEVOPS Questions - Puppet create a file

The Puppetmaster and Puppet agent nodes have been set up by the Nautilus DevOps team so they can perform testing. In Stratos DC all app servers have been configured as Puppet agent nodes. Below are details about the testing scenario they want to proceed with.

Use Puppet file resource and perform the task below:

1. Create a Puppet programming file ecommerce.pp under /etc/puppetlabs/code/environments/production/manifests directory on master node i.e Jump Server.

2. Using /etc/puppetlabs/code/environments/production/manifests/ecommerce.pp create a file media.txt under /opt/security directory on App Server 1.

Note: Please perform this task using ecommerce.pp only, do not create any separate inventory file.

Sample Answer: 

        # create the .pp file with the name given in the question

                vi <file-name>.pp

        # add configuration as per the  

    node '<app-server-hostname>' {

file { '<path-given-in the question-with the file name>':

ensure => 'present',

path   => '<path-given-in the question-with the file name'}

}

# login to the app server and run 

                puppet agent -vt 

# check the path that file was created successfully 

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for Kodekloud DEVOPS Questions - Environment Variables in Kubernetes

 Question: Read the full details of your question. 

sample Answer:

# first we need to create a configuration YAML file based on the given details in the question.

check below the Github link for the sample YAML file for this task.( filedref-pod.yaml) 

sample-answers-kke-questions-Devops

#Hope you prepared the YAML file from the above step using your question details.

NOW let's do the task.

# create namespace based on your question 

    

    kubectl create ns <namespace-name_from_your_question>

# pod creation 

    

    kubectl apply -f <your.yaml file> -n <namespace-name_from_your_question>

#get status of pod 

    

    kubectl get pods -n <your-name space-name>

#Testing 

    To check the output, exec the pod and use printenv command.

Note: Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

check the below video too for how to do this task (i have done a sample task on Ubuntu OS)

*Please comment on this post if you have any questions or facing any issues in the above steps, also provide your feedback in the comments :)

Answer for Kodekloud DEVOPS Questions-Kubernetes Shared Volumes

 Question: Read the full details of your question. 

sample Answer:

# first we need to create a YAML file based on the given details in the question.

check below the Github link for the sample YAML file for this task.( share-volume-pod.yaml) 

sample-answers-kke-questions-Devops

#Hope you prepared the YAML file from the above step using your question details.

NOW let's do the task.

  # pod creation 

    

    kubectl apply -f <your.yaml file> 

# login to 1 container and create a file in container 1

   echo 'Welcome to xFusionCorp Industries!' > tmp/beta/beta.text

#now login to check in another container location that beta. text is presented 

    cd /tmp/apps/ 

Note: Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

check the below video too for how to do this task (i have done a sample task on Ubuntu OS)

*Please comment on this post if you have any questions or facing any issues in the above steps, also provide your feedback in the comments :)

Answer for Kodekloud DEVOPS Questions --Install Puppet agent

 The Nautilus DevOps team to would like to set up a Puppet agent mode to manage their infrastructure in Stratos DC. For testing they are trying to install and set up Puppet agent package on App Server 3. Please find below more details about the task to proceed further.

1. Install puppet agent on App Server 3 also start its service.

Sample Answer: 

#login to the given app server 

    ssh <user>@<app-server>

#switch to root user ( or you can execute commands with "sudo" in front)


    sudo su

#Install a release package to enable Puppet Platform repositories. (it should be base on the OS version)


    rpm -Uvh https://yum.puppet.com/puppet5-release-el-7.noarch.rpm


#install puppet agent


    yum -y install puppet-agent


#starting puppet agent

    /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true

#status

 
    systemctl status puppet

*Please comment on this post if you have any questions or facing any issues in the above steps, also provide your feedback in the comments :)

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

    

Answer for Kodekloud DEVOPS Questions - Deploy voting app on kubernetes

 Question: Deploy voting app on Kubernetes

        please read your question details carefully 

Sample Answer:

#To create the deployments, and services it's a good practice to create the YAML file using the given details in the question.

check below github link for the sample deployments and services yaml files for this task.

sample-answers-kke-questions-Devops

#please note that I have created separate files for each steps for better understand and learning but these can be done via a single YAML file.

#hope you prepared the YAML file from the above steps NOW let's do the task

#create the namespace 

    kubectl create ns <namespace name from your question>

#deploy the yaml file one by one to create the pods and services 

   kubectl apply -f <filename> -n < namespace_name>

Note: Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

*Please comment on this post if you have any questions or facing any issues in the above steps, also provide your feedback in the comments :)

check below video too for how to do the task (i have done a sample task on Ubuntu OS)

Answer for Kodekloud DEVOPS Questions - Deploy an App on Docker Containers

The Nautilus Application development team recently finished development of one of the apps that they want to deploy on a containerized platform. The Nautilus Application development and DevOps teams met to discuss some of the basic pre-requisites and requirements to complete the deployment. The team wants to test the deployment on one of the app servers before going live and set up a complete containerized stack using a docker compose fie. Below are the details of the task:

1. On App Server 2 in Stratos Datacenter create a docker compose file /opt/security/docker-compose.yml (should be named exactly).

2. The compose should deploy two services (web and DB), and each service should deploy a container as per details below:

For web service:

a. Container name must be php_host.

b. Use image php with any apache tag. Check here for more details https://hub.docker.com/_/php?tab=tags.

c. Map php_host container's port 80 with host port 8089

d. Map php_host container's /var/www/html volume with host volume /var/www/html.

For DB service:

a. Container name must be mysql_host.

b. Use image mariadb with any tag (preferably latest). Check here for more details https://hub.docker.com/_/mariadb?tab=tags.

c. Map mysql_host container's port 3306 with host port 3306

d. Map mysql_host container's /var/lib/mysql volume with host volume /var/lib/mysql.

e. Set MYSQL_DATABASE=database_host and use any custom user ( except root ) with some complex password for DB connections.

3. After running docker-compose up you can access the app with curl command curl <server-ip or hostname>:8089/

For more details check here: https://hub.docker.com/_/mariadb?tab=description

Note: Once you click on FINISH button, all currently running/stopped containers will be destroyed and stack will be deployed again using your compose file.

 

Sample Answer:

#login to the correct app server as given in the question

       ssh <user>@<app-server>

#switch to root user

    sudo su 

#now you need to create a docker-compose.yml file inside the given location.(check your question)

check below the Github link for the sample docker-compose.yml file for this task.

sample-answers-kke-questions-Devops

#hope you check the above sample docker-compose.yml and created with the details in your question.

#now deploy the file 

    docker-compose up -d 

#if everything ok, you will not be getting any errors

#Testing 

    curl <server-ip or hostname>:<port>/

*Please comment on this post if you have any questions or facing any issues in the above steps, also provide your feedback in the comments :)

Note: **The Question copied for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

check below video too for how to do the task (i have done a sample task on Ubuntu OS)

Answer for Kodekloud DEVOPS Questions --Puppet Manage Services

 New packages need to be installed on all app servers in Stratos Datacenter. The Nautilus DevOps team has decided to install the same using Puppet. Since jump host is already configured to run as Puppet master server and all app servers are already configured to work as puppet agent nodes, we need to create required manifests on the Puppet master server so that it can be applied on all Puppet agent nodes. Please find more details about the task below.

Create a Puppet programming file apps.pp under /etc/puppetlabs/code/environments/production/manifests directory on master node i.e Jump Server and using puppet package resource perform the tasks below.

1. Install package vsftpd through Puppet package resource and start its service through puppet service resource on all Puppet agent nodes i.e all App Servers.

Note: Please perform this task using apps.pp only, do not create any separate inventory file.

Sample Answer:

#on jump host first create the apps.pp file in the given directory ( check your question for the name of the pp file )

check below the Github link for the sample .pp file for this task 

sample-answers-kke-questions-Devops

#Now hope you edit the above .pp file with the detail from your question

#appy the puppet file 

    

    puppet apply apps.pp

#now login to ALL the app servers and pull the config file. (you can also click on + button in the top left corner and select a new host to open another jump host terminal from there you can log in to app server )

    ssh <user>@<app-server>

#switch to root user

    sudo su 

# run below command 

    puppet agent -tv 

# now check the package status 

     systemctl status vsftpd 

*Please comment on this post if you have any questions or facing any issues in the above steps, also provide your feedback in the comments :)

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for Kodekloud DEVOPS Questions --Deploy Guest Book App on Kubernetes

The Nautilus Application development team has finished development of one of the applications and it is ready for deployment. It is a guestbook application that will be used to manage entries for guests/visitors. As per discussion with the DevOps team, they have finalized the infrastructure that will be deployed on Kubernetes cluster. Below you can find more details about it.

BACK-END TIER

1. Create a deployment named redis-master for Redis master.

a.) Replicas count should be 1.

b.) Container name should be master-redis-nautilus and it should use image redis.

c.) Request resources as CPU should be 100m and Memory should be 100Mi.

d.) Container port should be redis default port i.e 6379.

2. Create a service named redis-master for Redis master. Port and targetPort should be Redis default port i.e 6379.

3. Create another deployment named redis-slave for Redis slave.

a.) Replicas count should be 2.

b.) Container name should be slave-redis-nautilus and it should use gcr.io/google_samples/gb-redisslave:v3 image.

c.) Requests resources as CPU should be 100m and Memory should be 100Mi.

d.) Define an environment variable named GET_HOSTS_FROM and its value should be dns.

e.) Container port should be Redis default port i.e 6379.

4. Create another service named redis-slave. It should use Redis default port i.e 6379.

FRONT END TIER

1. Create a deployment named frontend.

a.) Replicas count should be 3.

b.) Container name should be php-redis-nautilus and it should use gcr.io/google-samples/gb-frontend:v4 image.

c.) Request resources as CPU should be 100m and Memory should be 100Mi.

d.) Define an environment variable named as GET_HOSTS_FROM and its value should be dns.

e.) Container port should be 80.

2. Create a service named frontend. Its type should be NodePort, port should be 80 and its nodePort should be 30009.

Finally, you can check the guestbook app by clicking on + button in the top left corner and Select port to view on Host 1 then enter your nodePort.

You can use any labels as per your choice.

Note: The kubectl utility on jump_host has been configured to work with the kubernetes cluster.

Sample Answer:

#To create the deployments and services, it's a good practice to create the YAML file using the given details in the question.

check below github link for the sample deployment and service yaml files for this task.

(BkE-deploy.yaml, BkE-service.yaml, Bk-slave-deploy.yaml,Bk-salve-service.yaml,FE-deploy.yaml, FE-service.yaml)

sample-answers-kke-questions-Devops

#please not that i  have created separate files for each steps for better understand and learning but these can be done via single YAML file.

#hope you prepared the YAML file from the above steps NOW let's do the task

#create backend deployment

    kubectl apply -f <your-deploy.yaml > 

#create- backend -service 

    kubectl apply -f <your-service.yaml>

#create slave deployment

    kubectl apply -f <your-deploy.yaml > 

#now create-slave-service 

    kubectl apply -f <your-service.yaml>

#create frontend deployment

    kubectl apply -f <your-deploy.yaml > 

#now front-end-service 

    kubectl apply -f <your-service.yaml>

#check pods ( wait to running the pods)

     

    kubectl get pods 

#check the service 

    kubectl get service 

#Final verification 

#get the front end pod name from the below commands and replace it with the following command 

    kubectl get pods 

   

    kubectl exec <pod-name>  -- curl -I http://localhost/

you can check the guestbook app by clicking on + button in the top left corner and Select port to view on Host 1 then enter your nodePort.

*Please comment on this post if you have any questions or facing any issues in the above steps, also provide your feedback in the comments :)

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for Kodekloud DEVOPS Questions - Deploy Tomcat App on Kubernetes

 A new java-based application is ready to be deployed on a Kubernetes cluster. The development team had a meeting with the DevOps team share requirements and application scope. The team is ready to setup an application stack for it under their existing cluster. Below you can find the details for this:

1. Create a namespace named tomcat-namespace-nautilus.

2. Create a deployment for tomcat app which should be named tomcat-deployment-nautilus under the same namespace you created. Replicas count should be 1, the container should be named as tomcat-container-nautilus, its image should be gcr.io/kodekloud/centos-ssh-enabled:tomcat and its container port should be 8080.

3. Create a service for tomcat app which should be named as tomcat-service-nautilus under the same namespace you created. Service type should be NodePort. Port's protocol should be TCP, port should be 80, targetPort should be 8080 and nodePort should be 32227.

Before clicking on Finish button please make sure the application is up and running.

Sample Answer:

#To create the deployment, it's a good practice to create the YAML file using the given details in the question.

check below github link for the sample deployment yaml <deploy.yaml> file for this task

sample-answers-kke-questions-Devops

##To create the Service, its good practice to prepare the YAML file using the given details in the question

check below github link for the sample service yaml  <service.yaml> file for this task.

sample-answers-kke-questions-Devops

#please not that i  have created separate files for each steps for better understand and learning but these can be done via single YAML file.

#hope you prepared the YAML file from the above steps NOW let's do the task

#create the namespace 

    kubectl create ns <namespace name from your question>

#create deployment

    kubectl apply -f <your-deploy.yaml > -n <namespace-name>

#check pods ( wait to running the pods)

     

    kubectl get pods -n <nameapace-name>

#now create-service 

    kubectl apply -f <your-service.yaml> -n <namespace-name>

#check the service 

    kubectl get service -n <namespace-name>

#Final verification 

#get the pod name from the below commands and replace it with the following command 

     kubectl get pods -n <namespace-name>

    

    

    kubectl exec <pod-name> -n <namespace-name>  -- curl -I http://localhost/

*Please comment on this post if you have any questions or facing any issues in the above steps, also provide your feedback in the comments :)

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

check below video too for how to do the task (i have done a sample task on Ubuntu OS)

Answer for Kodekloud DEVOPS Questions - Install Puppet Server

 The Nautilus DevOps team started experimenting with the Puppet server to manage some of their infrastructure in Stratos DC. For testing different scenarios, the team will be using jump host as puppet master. At this point we just need to install puppet server package and ensure its service is up and running. Below you can find more details about the task.

1. Install puppetserver package on jump host and start its service.

2. Before starting puppetserver service, you might need to change its memory allocation configuration. We recommend to allocating it 512m of memory.

Note: Please make sure to install puppetserver package only not any other alternate package.

Answer:

#the task needs to be performed on jump host 

# install the puppet server ( the question clearly mentioned that install puppetserver only NO need to install agent) 

# first you need to add the package to your repo by using the below command 

    rpm -Uvh https://yum.puppet.com/puppet7-release-el-7.noarch.rpm

#now install puppetserver 

    

    yum -y install puppetserver 

# change its memory allocation on puppetserver  config file

    

    vi /etc/sysconfig/puppetserver

 # Modify this if you'd like to change the memory allocation, enable JMX, etc

 JAVA_ARGS="-Xms2g -Xmx2g"

Replace 2g with the amount of memory you want to allocate to Puppet Server.

 JAVA_ARGS="-Xms512m -Xmx512m".

#save the file 

# start the puppet server and check the status 

    systemctl start puppetserver 

    systemctl status puppetserver 

*Please comment on this post if you have any questions or facing any issues in the above steps, also provide your feedback in the comments :)

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for Kodekloud DEVOPS Questions - Docker Ports Mapping

 The Nautilus DevOps team is planning to host an application on a nginx-based container. There are number of tickets already been created for similar tasks. One of the tickets has been assigned to set up a nginx container on Application Server 2 in Stratos Datacenter. Please perform the task as per details mentioned below:

a. Pull nginx:alpine docker image on Application Server 2.

b. Create a container named cluster using the image you pulled.

c. Map host port 3003 to container port 80. Please keep the container in running state.

Sample Answer:

#login to the correct app server as per your  question 

    ssh <user>@<app-server>

#switch to root user

    sudo su 

#pull the docker image ( check your question)

    docker pull < image from your question>

#you can cehck the image using below command 

    docker images 

#run the docker with the name and port  given in the question (check your question)

    docker run -d --name=<name from your question> -p <hostport>:<container port> <image>

#verify using below command 

    docker ps 

*Please comment on this post if you are facing any issues in the steps, also provide your feedback in the comments :)

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

check below video too for how to do the task (i have done a sample task on Ubuntu OS)

Answer for KodeKloud Question - Web Server Security

 During a recent security audit, the application security team of xFusionCorp Industries found security issues with the Apache web server on Nautilus App Server 1 server in Stratos DC. They have listed several security issues that need to be fixed on this server. Please apply the security settings below:

a. On Nautilus App Server 1 it was identified that the Apache web server is exposing the version number. Ensure this server has the appropriate settings to hide the version number of the Apache web server.

b. There is a website hosted under /var/www/html/media on App Server 1. It was detected that the directory /media lists all of its contents while browsing the URL. Disable the directory browser listing in Apache config.

c. Also make sure to restart the Apache service after making the changes.

Sample Answer:

#login to app server ( as given in the question, check your question)

    ssh <user>@<app_server>

# switch to root user

    sudo su 

# start and check status of the apache service 

     systemctl start httpd

     systemctl status httpd

#before doing the task, verify from the jump host  (you can open another terminal on top and check )

    curl -I http://your respective app server IP:8080

* you will see the output with the apache version 

#navigate to httpd conf directory and edit httpd.conf file as below 

    cd /etc/httpd/conf/

    vi httpd.conf

#add below line at the end 

     ServerTokens Prod

     ServerSignature Off

#now go to the section  (directory "var/www/html") and change as below 

<Directory “/var/www/html/<dir from from your  question>/”>

Options -Indexes +FollowSymLinks

AllowOverride None

Require all granted

# save conf file 

# restart the httpd 

     systemctl restart httpd

*Please comment on this post if you are facing any issues in the steps, also provide your feedback in the comments :)

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question -Install & Configure Web Application

 xFusionCorp Industries is planning to host two static websites on their infra in Stratos Datacenter. The development of these websites is still in -progress, but we want to get the servers ready. The storage server has a shared directory /data that is mounted on each app host under /var/www/html directory. Please perform the following steps to accomplish the task:

a. Install httpd package and dependencies on all app hosts.

b. Apache should serve on port 8080 within the apps.

c. There are two website's backups /home/thor/news and /home/thor/games on jump_host. Set them up on Apache in a way that news should work on link http://<<lb-url>>/news/ and games should work on link http://<<lb-url>>/games. (do not worry about load balancer configuration, as its already configured).

d. You can access the website on LBR link; to do so click on the + button on top of your terminal, select the option Select port to view on Host 1, and after adding port 80 click on Display Port.

Sample Answer:

#Login to an app server using ssh( below steps need to be done in all the app servers)

ssh <user>@<DB-server>

#login as root

sudo su

#install httpd (apache)

yum -y install httpd

#install openssh-clients

yum -y install openssh-clients

#restart sshd service

        systemctl restart sshd

#Next change Listen port to 8080 (check your question, your port might be different )

vi /etc/httpd/conf/httpd.conf

Listen 8080

* DO ALL THE ABOVE STEPS IN ALL THE APP SERVERS

# Copy mentioned folders in the question to every app server from jump host

scp -r /home/thor/<folder_from_question> <user>@<app-server-01>:/tmp

scp -r /home/thor/<folder_from_question> <user>@<app-server-01>:/tmp

scp -r /home/thor/<folder_from_question> <user>@<app-server-02>:/tmp

scp -r /home/thor/<folder_from_question> <user>@<app-server-02>:/tmp

scp -r /home/thor/<folder_from_question> <user>@<app-server-03>:/tmp

scp -r /home/thor/<folder_from_question> <user>@<app-server-03>:/tmp

#Then from any app server move the folders to server html folder

mv /tmp/<folder_from_question> /var/www/html/

mv /tmp/<folder_from_question> /var/www/html/

#enable and start httpd

systemctl enable httpd

systemctl start httpd

 

#TESTING

Check from the jump host

curl http://<app-server-01>:8080/<folder_from_question>/

curl http://<app-server-01>:8080/<folder_from_question>/

curl http://<app-server-02>:8080/<folder_from_question>/

curl http://<app-server-02>:8080/<folder_from_question>/

curl http://<app-server-03>:8080/<folder_from_question>/

curl http://<app-server-03>:8080/<folder_from_question>/

click on the + button on top of your terminal, select the option Select port to view on Host 1, and after adding port 80 click on Display Port.

*Please comment on this post if you are facing any issues in the steps, also provide your feedback in the comments :)

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question -Install and Configure DB Server

We recently migrated one of our WordPress websites from an old server to a new infrastructure in Stratos Datacenter. We have already set up LAMP, except for the database. We have also restored website code; however, we need to restore the database to make it work on the new infra. Please perform the below given steps on DB host:

a. Install/Configure MariaDB server.

b. Create a database with name kodekloud_db8.

c. There is a DB dump on jump_host under location /home/thor/db.sql. Restore this database in newly created database.

d. Create a user kodekloud_top and set any password you like.

e. Grant full permissions to user kodekloud_top on database kodekloud_db8.

f. Update database-related details in /data/wp-config.php file on storage server, which is our NFS server having a share /data mounted on each app server on location /var/www/html. (for more details about how to update WordPress config file please visit https://wordpress.org/support/article/editing-wp-config-php/)

g. You can access the website on LBR link; to do so click on the + button on top of your terminal, select option Select port to view on Host 1, and after adding port 80 click on Display Port.

Sample Answer:

#Login to db server using ssh

ssh <user>@<DB-server>

#login as root

sudo su

#install mariaDB

yum -y install mariadb*

#enable, start and check status of mariaDB

    systemctl enable mariadb && systemctl start mariadb && systemctl status mariadb

#Start mysql secure installation(press 'Enter' to give a new root password) 

#run below command and press enter

mysql_secure_installation

*now give new password as your wish 

#Now, login with root password that you have given in above step

mysql -u root -p

#create DB,user and grant permissions (check your question, DB name and user name from your question but for password you can give your own password) 

CREATE DATABASE <DB_from_your_question>;

CREATE USER '<user_from_your question>'@'localhost' identified by '<your_own>';

GRANT ALL PRIVILEGES on <DB_from_your_question>.* to '<user_from_your_question>' identified by '<your_own>';

GRANT ALL PRIVILEGES on <DB_from_your_question>.* to '<user_from_your_question>'@'%';

FLUSH PRIVILEGES;

exit

#Edit the configuration file and bind the mysql to the database ip address and port

vi /etc/<any_name>.cnf

bind-address=<DB_server_IP_address>

port=3306

#Install Open ssh if the SCP isn't working

yum -y install openssh-clients

#Go to jump server and copy db.sql from jump server to db server

scp /home/thor/db.sql <user>@<DB_server>:/tmp/

#Go to db server and import db.sql to newly created datatbase

mysql -u <user_from_your_question> -p <DB_from_your_question> < /tmp/db.sql

#restart mariaDB

systemctl restart mariadb

#check connection

mysql -u <user_from_your_question> -p -h <db_server>

mysql -u <user_from_your_question> -p -h localhost

#Next go to the storage server and 

ssh <user>@<storageserver>

#login as root

sudo su 

#Now check the configuration

cat /data/wp-config.php | grep DB_NAME

cat /data/wp-config.php | grep DB_USER

cat /data/wp-config.php | grep DB_PASSWORD

cat /data/wp-config.php | grep DB_HOST

Replace with correct configuration

sudo sed -i 's/dbname/<DB_from_your_question>/g' /data/wp-config.php

sudo sed -i 's/dbuser/<user_from_your_question>/g' /data/wp-config.php

sudo sed -i 's/dbpass/<your_own>/g' /data/wp-config.php

sudo sed -i 's/dbhost/<DB_host_name>/g' /data/wp-config.php

#TESTING

click on the + button on top of your terminal, select option Select port to view on Host 1, and after adding port 80 click on Display Port.

*Please comment on this post if you are facing any issues in the steps, also provide your feedback in the comments :)

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question -PAM Authentication For Apache

 The document root /var/www/html of all web apps is on NFS share /data on storage server in Stratos Datacenter. We have a requirement where we want to password protect a directory in the Apache web server document root. We want to password protect http://<website-url>:<apache_port>/protected URL as per the following requirements (you can use any website-url for it like localhost since there are no such specific requirements as of now):

a. We want to use basic authentication.

b. We do not want to use htpasswd file base authentication. Instead, we want to use PAM authentication, i.e Basic Auth + PAM so that we can authenticate with a Linux user.

c. We already have a user mark with password BruCStnMT5 which you need to provide access to.

d. You can access the website on LBR link. To do so click on the + button on top of your terminal, select Select port to view on Host 1, and after adding port 80 click on Display Port

Sample Answer:

#login to an app server 

    ssh <user>@<app-server-Ip>

#switch to root user 

    sudo su

#install mod_authnz_external pwauth package

    yum --enablerepo=epel -y install mod_authnz_external pwauth

#create the protected directory 

   mkdir -p  /var/www/html/protected/

#create an index.html file side the protected directory 

    vi /var/www/html/protected/index.html

#do below configuration in authnz_external.conf file for basic auth+  PAM authentication 

    vi /etc/httpd/conf.d/authnz_external.conf

    # add below lines to  the end

    <Directory /var/www/html/protected>

         AuthType Basic

        AuthName "PAM Authentication"

        AuthBasicProvider external

        AuthExternal pwauth

        require valid-user

    </Directory>

  #save the file 

# restart the httpd services 

    systemctl restart httpd

*AS PER THE QUESTION YOU MUST TO ABOVE STEPS FOR ALL THE APP SERVER

#TESTING

    curl -u <user>:<password> http://localhost:8080/protected/

*Please comment on this post if you are facing any issues in the steps, also provide your feedback in the comments :)

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question - Install And Configure PostgreSQL

 The Nautilus application development team has shared that they are planning to deploy one newly developed application on Nautilus infra in Stratos DC. The application uses PostgreSQL database, so as a pre-requisite we need to set up PostgreSQL database server as per requirements shared below:

a. Install and configure PostgreSQL database on Nautilus database server.

b. Create a database user kodekloud_joy and set its password to HyAGFRVNr3.

c. Create a database kodekloud_db8 and grant full permissions to user kodekloud_joy on this database.

d. Make appropriate settings to allow all local clients (local socket connections) to connect to the kodekloud_db8 database through kodekloud_joy user using md5 method (Please do not try to encrypt password with md5sum).

e. At the end its good to test the db connection using these new credentials from root user or server's sudo user.

Sample Answer:

#login to DB server

    ssh <user>@<<DB-server-IP>

#switch to root user

    sudo su 

#install postgresql

    yum -y install postgresql-server postgresql-contrib

#initiate DB setup

    postgresql-setup initdb

#enable and start postgresql servcie

    systemctl enable postgresql 

    systemctl start postgresql

#let's Create user, database, and grant permission

    sudo -u postgres psql

CREATE USER <user_from_your question> WITH PASSWORD '<password_from_your question>';

CREATE <DB_from_your question>;

GRANT ALL PRIVILEGES ON DATABASE "<DB_from_your question>" to <user_from_your question>;

type \q to exit from pgsql 

#now do the configuration changes 

    vi /var/lib/pgsql/data/postgresql.conf

            Uncomment below line

            listen_addresses = 'localhost' 

#another config change

       vi /var/lib/pgsql/data/pg_hba.conf

#Go to bottom of the config and edit as below

        local all all md5

        host all all 127.0.0.1/32 md5 

#restart psql service and check status

    systemctl restart postgresql

    systemctl status postgresql

#Testing 

psql -U <user_from your _question> -d <DB_from_your_question> -h 127.0.0.1 -W

psql -U <user_from your _question> -d <DB_from_your_question> -h localhost -W

*Please comment on this post if you are facing any issues in the steps, also provide your feedback in the comments :)

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question - Install And Configure SFTP

 Some of the developers from Nautilus project team have asked for SFTP access to at least one of the app server in Stratos DC. After going through the requirements, the system admins team has decided to configure the SFTP server on App Server 2 server in Stratos Datacenter. Please configure it as per the following instructions:

a. Create an SFTP user kirsty and set its password to TmPcZjtRQx.

b. Password authentication should be enabled for this user.

c. Set its ChrootDirectory to /var/www/apps.

d. SFTP user should only be allowed to make SFTP connections.

Sample Answer:

#login to correct app server ( check your question)

    ssh <user>@<app-server-IP>

#switch to root user

    sudo su

#create the SFTP user and set password as per the question ( check your question)

    adduser --shell /bin/false <SFTP-user-name>

    passwd < SFTP-user-name>

#create directoty as per the question 

    mkdir -p /var/www/apps

#set newly created SFTP user as the owner for this directory.

    chown <your sftpuser>:<your sftpuser> /var/www/apps

#set owner and read/write permission for root user

    chown root:root /var/www

    chmod 755 /var/www

#now do the require sftp configuration as below on sshd_conf file

    vi /etc/sshd/sshd_config

        # override default of no subsystems

        #Subsystem      sftp    /usr/libexec/openssh/sftp-server

        Subsystem sftp internal-sftp

        # Example of overriding settings on a per-user basis

        #Match User anoncvs

        #       X11Forwarding no

        #       AllowTcpForwarding no

        #       PermitTTY no

        #       ForceCommand cvs server

        Match User <your sftpuser from your question>

        ForceCommand internal-sftp

        PasswordAuthentication yes

        ChrootDirectory /var/www

        PermitTunnel no

        AllowAgentForwarding no

        AllowTcpForwarding no

        X11Forwarding no

press Esc and type :wq! for save

#restart sshd service 

    systemctl restart sshd

#Testing ( you have to give the sftp user password to access )

    sftp <your sftpuser>@localhost

#from jump host 

    sftp <your sftpuser>@<app-server-IP>

*Please comment on this post if you are facing any issues in the steps, also provide your feedback in the comments :)

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question -Install and Configure Tomcat Server

 The Nautilus application development team recently finished the beta version of one of their Java-based applications, which they are planning to deploy on one of the app servers in Stratos DC. After an internal team meeting, they have decided to use the tomcat application server. Based on the requirements mentioned below complete the task:

a. Install tomcat server on App Server 3 using yum.

b. Configure it to run on port 8082.

c. There is a ROOT.war file on Jump host at location /tmp. Deploy it on this tomcat server and make sure the webpage works directly on base URL i.e without specifying any sub-directory anything like this http://URL/ROOT .

d. You can access the website on LBR link. To do so click on the + button on top of your terminal, select option Select port to view on Host 1, and after adding port 80 click on Display Port.

Sample Answer:

#login to app server as per the question(check your question )

ssh <user>@<App-server-03-IP>

#switch to root user

sudo su 

#install tomcat server

yum -y install tomcat

#configure tomcat port in below section(port should be as per your question )

vi /usr/share/tomcat/conf/server.xml

        <Connector port="<from your question>" protocol="HTTP/1.1"

        connectionTimeout="20000"

    press Esc key and type :wq! 

#from jump host copy the ROOT.war file from jump host to app server (app server as per your question).To open jump host terminal, click on the + button on top of your terminal,

    scp /tmp/ROOT.war <user>@<your-app-server-IP>:/tmp/

#Now from app server you have to copy the ROOT.war file to the correct location

    cp /tmp/ROOT.war /usr/share/tomcat/webapps/

#enable and start tomcat server

    systemctl enable tomcat 

    systemctl start tomcat 

##Final testing 

#from jump host 

    curl -I http://<app-server-IP>:<port>/

or 

You can access the website on LBR link. To do so click on the + button on top of your terminal, select option Select port to view on Host 1, and after adding port 80 click on Display Port.

*Please comment on this post if you are facing any issues in the steps, also provide your feedback in the comments :)

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question -IPtables Installation And Configuration

 We have one of our websites up and running on our Nautilus infrastructure in Stratos DC. Our security team has raised a concern that right now Apache’s port i.e 5002 is open for all since there is no firewall installed on these hosts. So we have decided to add some security layer for these hosts and after discussions and recommendations we have come up with the following requirements:

1. Install iptables and all its dependencies on each app host.

2. Block incoming port 5002 on all apps for everyone except for LBR host.

3. Make sure the rules remain, even after the system reboot.

sample Answer:

#login to a app server 

    ssh <user>@<app-server-IP>

#switch to root user 

    sudo su 

#install iptables and its dependencies 

    yum -y install iptables-services 

#enable, start the Iptables and check the status 

    sysetemctl enable iptables 

    systemctl start iptables 

    systemctl status iptables

#now verify the iptable rules before change anything

      cat /etc/sysconfig/iptables 

*it will show you the list of ACCEPT rules and DROP rules 

 #now let's add iptables rules as per question

##by the below rule we are allowing the LBR host to access the app server

   iptables -R INPUT 5 -p tcp --destination-port <port from your question> -s 172.16.238.14 -j ACCEPT

##by the below rule we are blocking the access to app server

    iptables -A INPUT -p tcp --destination-port <port from your question> -j DROP

#save the rules 

    service iptables save

*AS PER THE QUESTION YOU MUST DO ALL THE ABOVE STEPS ON ALL THE APP SERVERS. 

##final testing/verification 

 #login to LBR host 

    ssh <user>@<LBR-server>

#run below commands

    telnet <app-server-01 -IP> <port from your question>
    telnet <app-server-02 -IP> <port from your question>
    telnet <app-server-03 -IP> <port from your question>

    curl <app-server-01 -IP>:<port from your question>
    curl <app-server-02 -IP>:<port from your question>
    curl <app-server-03 -IP>:<port from your question>

    *Please comment on this post if you are facing any issues in the steps, also provide your feedback in the comments :)

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.