COA exam simulation

Select the sections you want to make visible:

Identity

Go to identity > project, get project id from old admin-openrc.sh, replace tentant id with project admin id to build admin credential file and demo credential file and finally source it: source demorc.sh

openstack domain create domain1 --description "domain 1"

openstack domain list

openstack project create domain1_project1 --domain domain1

openstack project list

openstack user create domain1_admin --email "admin@domain1.com" --domain domain1 --password-prompt

openstack user list --domain domain1

openstack role add --user domain1_admin --domain domain1 admin

openstack user create domain1_user1 --email "user1@domain1.com" --domain domain1 --password-prompt

openstack user list --domain domain1

Compute

nova keypair-add key1 key1.pem
chmod 600 key1.pem
nova keypair-list

. admin_rc.sh
nova flavor-lis
nova flavor-create m1.extra_tiny auto 64 0 1 --rxtx-factor 1.0

openstack project list
nova flavor-access-add m1.extra_tiny


Additional commands:
nova flavor-list
nova flavor-delete {flavorid}

nova secgroup-list
nova secgroup-list-rules default
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
nova secgroup-add-rule default tcp 80 80 0.0.0.0/0
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0

nova boot instance2 --image cirros-0.3.4-x86_64-uec --flavor m1.tiny --key-name key1 --security-group default

Get the instance IP address from nova list command:
ssh -i key1.pem ubuntu@{ip}

nova image-create {instance2} {instance2-snapshot}
nova delete {instance2}

Glance

Retrieve Ubuntu cloud image file from the following link:

https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img

wget https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img

Create an image named "ubuntu-trusty" from the downoaded image file

glance image-create --progress --name ubuntu-trusty --file trusty-server-cloudimg-amd64-disk1.img --disk-format qcow2 --container-format bare

Start an instance named "u1" from the following parameters:
  • image: "ubuntu-trusty"
  • flavor: m1.small
  • key: key1
  • security group: default

nova boot u2 --image ubuntu-trusty --flavor m1.small --key-name key1 --security-group default

Cinder

Instance snapshots

Create an instance "instance1" from cirros-0.3.4-x86_64-uec image
  • image: cirros-0.3.4-x86_64-uec
  • flavor: m1.tiny
  • keypair: key1
  • security group: new-secgroup
    •

    Make sure, you have a key and the appropriate ICMP and SSH rules in place:

    nova keypair-add key1 > key1.pem
    chmod 600 key1.pem
    nova keypair-list

    nova secgroup-list
    nova secgroup-list-rules new_secgroup
    nova secgroup-add-rule new_secgroup tcp 22 22 0.0.0.0/0
    nova secgroup-add-rule new_secgroup icmp -1 -1 0.0.0.0/0
    nova boot --image cirros-0.3.4-x86_64-uec --flavor m1.tiny --key_name key1 instance1

    nside the home directory of "instance2" create a file testfile.txt

    ssh -i key1.pem cirros@{ip}
    touch testfile.txt

    Take a snapshot of instance "instance2", name it "snapshot-of-instance2"

    nova image-create {snapshot-id} {snapshot-of-instance1}

    Terminate the instance "instance2"

    nova delete {instance1-id}

    Create an instance from "snapshot-of-instance2" and name it "instance-from-snapshot"

    nova boot --flavor m1.tiny --key key1 --security-groups new-secgroup --snapshot {snapshot} {instance2-from-instance1}

    Inside the home directory of "instance-from-snapshot" verify the presence of the file "testfile.txt"

    --- answer ---

    Volume snapshots

    Create a new empty volume "vol1" of a 1GB size

    cinder create --display-name {demo-volume1} {1}

    Create an instance "instance1" from cirros-0.3.4-x86_64-uec image
    • image: cirros-0.3.4-x86_64-uec
    • flavor: m1.tiny
    • keypair: key1
    • security group: new-secgroup

    Make sure, you have a key and the appropriate ICMP and SSH rules in place:
    nova keypair-add key1 > key1.pem
    chmod 600 key1.pem
    nova keypair-list

    nova secgroup-list
    nova secgroup-list-rules new_secgroup
    nova secgroup-add-rule new_secgroup tcp 22 22 0.0.0.0/0
    nova secgroup-add-rule new_secgroup icmp -1 -1 0.0.0.0/0

    nova boot --image cirros-0.3.4-x86_64-uec --flavor m1.tiny --key_name key1 --security-groups new-secgroup instance1

    Attach the created image "vol1" to the instance "instance1" and mount it to /mnt/vdb

    nova volume-attach <instance-id> <vol-id> /dev/vdb`
    ssh -i key1.pem cirros@10.0.0.3
    sudo fdisk /dev/vdb
    sudo mount /dev/vdb /mnt

    inside the attached volume (/mnt/vdb) create a file testfile.txt

    touch /mnt/vdb/testfile.txt
    sync && sleep 2

    On the blockstorage node /dev/stack-volumes/volume-*

    strings /dev/stack-volumes/volume-* | grep "testfile.txt"

    Detach the volume "vol1" from the instance "instance1"

    nova volume-detach /dev/vdb

    Take a snapshot of "vol1", name it "snapshot-of-vol1"

    cinder snapshot-create --name {snapshot-name} {vol-id}
    cinder list
    cinder snapshot-list

    Create a volume from the snapshot

    cinder create --snapshot-id {snapshot-id} --name {new-vol}
    cinder list

    Reattach the first volume "vol1" to the instance "instance1"

    nova volume-attach {instance-id} {vol-id}

    Delete the previously created file "testfile.txt"

    --- answer ---

    detach the colume "vol1" from the instance "instance1"

    nova volume-detach {instance-id} {vol-id} /dev/vdb

    Attach the created volume "new-vol" to the instance "instance1"

    nova volume-attach {instance-id} {vol-id}

    Inside the attached volume verify the presence of the file "testfile.txt"

    --- answer ---

    Volume backup

    Create a new empty volume "vol2" of a 1GB size

    cinder create --display-name {demo-volume1} {1}
    cinder list

    Create an instance "instance3"
  • image: cirros-0.3.4-x86_64-uec
  • flavor: m1.tiny
  • keypair: key1
  • security group: default

    •  

    nova boot --image cirros-0.3.4-x86_64-uec --flavor m1.tiny --key_name key1 instance3
    nova list --security-groups default

    Attach the volume "vol2" it to the instance "instance3"

    nova volume-attach {253619cf-127c-46a1-a2aa-a273cedf6a85} {d-847c-fde00ea96649} /dev/vdb

    Inside the home directory of the mounted partition inside "instance3" create a file testfile.txt

    --- answer ---

    Detach the volume from the running instance

    nova volume-detach {253619cf-127c-46a1-a2aa-a273cedf6a85} {2429b44b- cc42-4ebd-847c-fde00ea96649}

    Backup the volume "vol2" into a volume "vol2-backup"

    cinder backup-show
    cinder backup-list
    cinder backup-create {vol-id}

    Remove the original volume "vol2"

    cinder delete {vol-id}

    Restore the backed up volume "vol2-backup"

    cinder backup-restore {vol-id}

    Delete the backup volume "vol2-backup"

    cinder backup-delete {backup-vol-id}

    Attach it to the running instance "instance3"

    nova volume-detach {253619cf-127c-46a1-a2aa-a273cedf6a85 2429b44b} {cc42-4ebd-847c-fde00ea96649} /dev/vdb

    iInside the mounted partition, make sure the file "testfile.txt" exists

    --- answer ---

    Volume encryption

    Create the encrypted volume "encrypted-vol" (LUKS volume) of 1GB size


    cinder create --display-name 'encrypted volume' --volume-type LUKS 1
    cinder list

    Create an instance "instance4"


    chmod 600 key1.pem
    nova keypair-add key1 > key1.pem
    nova keypair-list

    Security rule
    nova secgroup-create new_secgroup "comments"
    nova secgroup-add-rule new_secgroup tcp 22 22 0.0.0.0/0
    nova secgroup-add-rule new_secgroup icmp -1 -1 0.0.0.0/0

    nova boot --image cirros-0.3.4-x86_64-uec --flavor m1.tiny --key_name key1 --security-group new_secgroup instance4

    nova list
    ssh -i {ssh-key.pem} cirros@X.X.X.X

    Attach the encrypted volume to the machine

    nova volume-attach {253619cf-127c-46a1-a2aa-a273cedf6a85} {2429b44b-cc42-4ebd-847c-fde00ea96649} /dev/vdb

    Create a file "testfile.txt" and syncronize the operations


    touch /mnt/vdb/testfile.txt
    sync && sleep 2

    Test encrypted volume


    On the block storage node directory {/dev/stack-volumes/volume-}
    strings {/dev/stack-volumes/volume-*} | grep {"testfile.txt"}
    Because the volume is encrypted, you shouldn't be able to see the file.