Post

DevOps Challenge

DevOps Challenge

๐Ÿฅ‘ ๋“ค์–ด๊ฐ€๋ฉฐ

DevOps๋กœ ๋‚˜์•„๊ฐ€๊ธฐ ์œ„ํ•ด ์ฑŒ๋ฆฐ์ง€๋ฅผ ์‹œ์ž‘ํ–ˆ๋‹ค. ์ด ๊ณณ์—์„œ ์ง„ํ–‰์ค‘์ด๋‹ค. 100์ผ ์ฑŒ๋ฆฐ์ง€์ธ๋ฐ ๋งค์ผ ์ด ๊ธ€์— ๊ธฐ๋กํ•˜๋ ค ํ•œ๋‹ค.


Day1 - Linux User Setup with Non-Interactive Shell

Overview

ItemDescription
Date2026-05-30 Sat.
CategoryLinux / User Management
DifficultyEasy
EnvironmentKodeKloud / Nautilus
Keywordsuseradd, nologin, non-interactive shell


Problem

To accommodate the backup agent toolโ€™s specifications, the system admin team at xFusionCorp Industries requires the creation of a user with a non-interactive shell. Hereโ€™s your task:

Create a user named mariyam with a non-interactive shell on App Server 1.


Explanation

๋ฌธ์ œ์˜ ์š”๊ตฌ์‚ฌํ•ญ์€

App Server 1์— mariyam ์ด๋ผ๋Š” ์‚ฌ์šฉ์ž๋ฅผ ์ƒ์„ฑํ•˜๋Š”๋ฐ, ๋กœ๊ทธ์ธ ๊ฐ€๋Šฅํ•œ ์ผ๋ฐ˜ ์‰˜์ด ์•„๋‹ˆ๋ผ ๋น„๋Œ€ํ™”ํ˜•(non-interactive) shell๋กœ ์„ค์ •ํ•˜๋ผ

๋Š” ๋œป์ด๋‹ค.

๋ณดํ†ต ๋ฆฌ๋ˆ…์Šค์—์„œ ๋กœ๊ทธ์ธ ๋ชป ํ•˜๋Š” ๊ณ„์ •์„ ๋งŒ๋“ค ๋•Œ ์‚ฌ์šฉํ•œ๋‹ค. ์˜ˆ๋ฅผ ๋“ค์–ด, ๋ฐฑ์—… ์—์ด์ „ํŠธ, ์‹œ์Šคํ…œ ์„œ๋น„์Šค, ๋ฐ๋ชฌ ๊ณ„์ •๊ณผ ๊ฐ™์€ ๊ฒƒ๋“ค์€ ํŒŒ์ผ ๊ถŒํ•œ๋งŒ ํ•„์š”ํ•˜์ง€ ์‚ฌ๋žŒ์ด SSH ๋กœ๊ทธ์ธํ•  ํ•„์š”๋Š” ์—†๊ธฐ ๋•Œ๋ฌธ์ด๋‹ค. ์ผ๋ฐ˜์ ์œผ๋กœ ์•„๋ž˜์™€ ์‰˜์„ ์‚ฌ์šฉํ•œ๋‹ค.

  • /sbin/nologin
  • /usr/sbin/nologin
  • /bin/false

์ผ๋ฐ˜์ ์œผ๋กœ nologin์„ ๋งŽ์ด ์‚ฌ์šฉํ•œ๋‹ค๊ณ  ํ•œ๋‹ค.

์ถ”๊ฐ€๋กœ non-interactive shell์€ ๋‹จ์ˆœํžˆ โ€œ๋กœ๊ทธ์ธ์„ ๋ง‰๋Š” ๊ฒƒโ€ ์ด์ƒ์˜ ์˜๋ฏธ๋ฅผ ๊ฐ€์ง„๋‹ค.

Linux์—์„œ๋Š” ์„œ๋น„์Šค ์‹คํ–‰์šฉ ๊ณ„์ •์ด๋‚˜ ์‹œ์Šคํ…œ ๊ณ„์ •์„ ์ƒ์„ฑํ•  ๋•Œ ๋ณด์•ˆ์„ ์œ„ํ•ด ๋กœ๊ทธ์ธ ๊ธฐ๋Šฅ์„ ์ œํ•œํ•˜๋Š” ๊ฒฝ์šฐ๊ฐ€ ๋งŽ๋‹ค. ๋งŒ์•ฝ ์ผ๋ฐ˜ shell(/bin/bash ๋“ฑ)์„ ๋ถ€์—ฌํ•˜๋ฉด ํ•ด๋‹น ๊ณ„์ •์œผ๋กœ SSH ๋กœ๊ทธ์ธ์ด๋‚˜ shell ์ ‘๊ทผ์ด ๊ฐ€๋Šฅํ•ด์งˆ ์ˆ˜ ์žˆ๊ธฐ ๋•Œ๋ฌธ์ด๋‹ค.

๋ฐ˜๋ฉด nologin์ด๋‚˜ false๋ฅผ ์‚ฌ์šฉํ•˜๋ฉด ๊ณ„์ • ์ž์ฒด๋Š” ์กด์žฌํ•˜์ง€๋งŒ interactive shell ์„ธ์…˜์„ ์‹œ์ž‘ํ•  ์ˆ˜ ์—†๊ฒŒ ๋œ๋‹ค. ์ฆ‰, ํ”„๋กœ์„ธ์Šค ์‹คํ–‰์ด๋‚˜ ํŒŒ์ผ ๊ถŒํ•œ ๊ด€๋ฆฌ ์šฉ๋„๋กœ๋Š” ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์ง€๋งŒ ์‚ฌ๋žŒ์ด ์ง์ ‘ ๋กœ๊ทธ์ธํ•  ์ˆ˜๋Š” ์—†๋‹ค.

ํŠนํžˆ /sbin/nologin์€ ๋กœ๊ทธ์ธ ์‹œ๋„ ์‹œ ์•ˆ๋‚ด ๋ฉ”์‹œ์ง€๋ฅผ ์ถœ๋ ฅํ•œ ๋’ค ์ข…๋ฃŒํ•˜๋ฉฐ, /bin/false๋Š” ์•„๋ฌด ๋ฉ”์‹œ์ง€ ์—†์ด ์ฆ‰์‹œ ์ข…๋ฃŒ๋œ๋‹ค๋Š” ์ฐจ์ด๊ฐ€ ์žˆ๋‹ค.

์‹ค์ œ ์šด์˜ ํ™˜๊ฒฝ์—์„œ๋„ ๋‹ค์Œ๊ณผ ๊ฐ™์€ ๊ณ„์ •๋“ค์€ ๋Œ€๋ถ€๋ถ„ non-interactive shell์„ ์‚ฌ์šฉํ•œ๋‹ค.

  • nginx
  • mysql
  • postgres
  • redis
  • ftp ์„œ๋น„์Šค ๊ณ„์ •
  • backup agent ๊ณ„์ •

๋”ฐ๋ผ์„œ ์ด๋ฒˆ ๋ฌธ์ œ๋Š” ๋‹จ์ˆœ ์‚ฌ์šฉ์ž ์ƒ์„ฑ๋ณด๋‹ค๋Š” โ€œ์„œ๋น„์Šค ๊ณ„์ •์„ ์•ˆ์ „ํ•˜๊ฒŒ ์ƒ์„ฑํ•˜๋Š” ๋ฐฉ๋ฒ•โ€์„ ์ดํ•ดํ•˜๋Š” ๊ฒƒ์ด ํ•ต์‹ฌ์ด๋ผ๊ณ  ๋ณผ ์ˆ˜ ์žˆ๋‹ค.


Answer

1
2
3
4
$ ssh tony@stapp01
$ sudo useradd -s /sbin/nologin mariyam
$ grep mariyam /etc/passwd
mariyam:x:1001:1001::/home/mariyam:/sbin/nologin


Day2 - Temporary User Setup with Expiry

Problem

As part of the temporary assignment to the Nautilus project, a developer named ravi requires access for a limited duration. To ensure smooth access management, a temporary user account with an expiry date is needed. Hereโ€™s what you need to do:

Create a user named ravi on App Server 3 in Stratos Datacenter. Set the expiry date to 2027-04-15, ensuring the user is created in lowercase as per standard protocol.

Note: You can find the infrastructure details by clicking on the Details of all Users and Servers button on the top-right section of the page.


Explanation

์ด ๋ฌธ์ œ๋Š”

ํŠน์ • ๋‚ ์งœ๊นŒ์ง€๋งŒ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋Š” ์ž„์‹œ Linux ๊ณ„์ •์„ ์ƒ์„ฑํ•˜๋ผ

๋ผ๋Š” ๋œป์ด๋‹ค. ์ง€์ •๋œ ๋‚ ์งœ ์ดํ›„์—๋Š” ๊ณ„์ •์ด ์ž๋™ ๋งŒ๋ฃŒ๋˜๋„๋ก ์„ค์ •ํ•ด์•ผ ํ•œ๋‹ค.

Linux์—์„œ ์™ธ์ฃผ ์ธ๋ ฅ, ๋‹จ๊ธฐ ํ”„๋กœ์ ํŠธ ์ธ์›, ์ž„์‹œ ์ ‘๊ทผ ๊ณ„์ • ๊ฐ™์€ ์ƒํ™ฉ์—์„œ ์ž์ฃผ ์‚ฌ์šฉํ•œ๋‹ค.


Answer

-e๋ฅผ ์‚ฌ์šฉํ•˜๋ฉด ๋งŒ๋ฃŒ ๋‚ ์งœ๋ฅผ ์ง€์ •ํ•  ์ˆ˜ ์žˆ๋‹ค.

  • -e: expiry date ์ง€์ • ์˜ต์…˜
1
2
3
4
5
6
7
8
9
10
11
$ ssh banner@stapp03
$ sudo useradd -e 2027-04-15 ravi

$ sudo chage -l ravi
Last password change                                    : May 31, 2026
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : Apr 15, 2027
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7


Day3 - Secure Root SSH Access

Problem

Following security audits, the xFusionCorp Industries security team has rolled out new protocols, including the restriction of direct root SSH login.

Your task is to disable direct SSH root login on all app servers within the Stratos Datacenter.


Explanation

์ด ๋ฌธ์ œ๋Š”

๋ชจ๋“  App Server์—์„œ root ๊ณ„์ •์œผ๋กœ ์ง์ ‘ SSH ๋กœ๊ทธ์ธํ•˜๋Š” ๊ฑธ ๋ง‰์•„๋ผ

๋ผ๋Š” ๋œป์ด๋‹ค. ๋ณด์•ˆ์ƒ ssh root@stapp01๋กœ ์ ‘์†ํ•˜๋Š” ๊ฒƒ์„ ๊ธˆ์ง€ํ•˜๋ ค๋Š” ๊ฒƒ์ด๋‹ค. ๋ณดํ†ต์€ ์ผ๋ฐ˜ ์‚ฌ์šฉ์ž๋กœ ๋กœ๊ทธ์ธ ๋˜๋Š” sudo ์‚ฌ์šฉ ๋ฐฉ์‹์„ ๊ฐ•์ œํ•œ๋‹ค.


Answer

๊ฐ ์„œ๋ฒ„์— ์ ‘์†ํ•˜์—ฌ ์„ค์ •์„ ์ˆ˜์ •ํ•˜๋ฉด ๋œ๋‹ค.

1
2
3
4
$ ssh tony@stapp01
$ sudo vi /etc/ssh/sshd_config
# PermitRootLogin yes์—์„œ no๋กœ ๋ณ€๊ฒฝ
$ sudo systemctl restart sshd


Day4 - Script Execution Permissions

Problem

In a bid to automate backup processes, the xFusionCorp Industries sysadmin team has developed a new bash script named xfusioncorp.sh. While the script has been distributed to all necessary servers, it lacks executable permissions on App Server 3 within the Stratos Datacenter.

Your task is to grant executable permissions to the /tmp/xfusioncorp.sh script on App Server 3. Additionally, ensure that all users have the capability to execute it.


Explanation

์ด ๋ฌธ์ œ๋Š”

/tmp/xfusioncorp.sh ํŒŒ์ผ์— ์‹คํ–‰ ๊ถŒํ•œ(executable permission)์„ ์ถ”๊ฐ€ํ•˜๋ผ

๋ผ๋Š” ๋œป์ด๋‹ค.


Answer

1
2
3
4
5
$ ssh banner@stapp03
$ sudo chmod 755 /tmp/xfusioncorp.sh

$ ls -l /tmp/xfusioncorp.sh
-rwxr-xr-x 1 root root 40 Jun 3 14:39 /tmp/xfusioncorp.sh

์ฒ˜์Œ์— +x๋กœ ํ–ˆ๋Š”๋ฐ ํ‹€๋ ธ๋‹ค. ํŒŒ์ผ์„ ํ™•์ธํ•ด๋ณด๋‹ˆ ๊ถŒํ•œ์ด ---x--x--x์ธ ๋น„์ •์ƒ์ ์ธ ํ˜•ํƒœ์˜€๋‹ค.


Day5 - SElinux Installation and Configuration

Problem

Following a security audit, the xFusionCorp Industries security team has opted to enhance application and server security with SELinux. To initiate testing, the following requirements have been established for App server 1 in the Stratos Datacenter:

  1. Install the required SELinux packages
  2. Permanently disable SELinux for the time being; it will be re-enabled after necessary configuration changes.
  3. No need to reboot the server, as a scheduled maintenance reboot is already planned for tonight.
  4. Disregard the current status of SELinux via the command line; the final status after the reboot should be disabled.


Explanation

SELinux ๊ด€๋ จ ํŒจํ‚ค์ง€๋ฅผ ์„ค์น˜ํ•˜๊ณ , ์žฌ๋ถ€ํŒ… ํ›„์—๋Š” SELinux๊ฐ€ ๋น„ํ™œ์„ฑํ™”(disabled) ์ƒํƒœ๊ฐ€ ๋˜๋„๋ก ์„ค์ •ํ•˜๋ผ

SELinux๋Š” Linux ๋ณด์•ˆ ์‹œ์Šคํ…œ ์ค‘ ํ•˜๋‚˜๋กœ ์ •์‹ ๋ช…์นญ์€ Security-Enhanced Linux์ด๋ฉฐ, ์›๋ž˜๋Š” National Security Agency(NSA)์—์„œ ๊ฐœ๋ฐœํ–ˆ๋‹ค.

๋ณดํ†ต Linux ๊ถŒํ•œ์€ ์‚ฌ์šฉ์ž(user), ๊ทธ๋ฃน(group), ํŒŒ์ผ ๊ถŒํ•œ(rwx)์œผ๋กœ ์ด๋ฃจ์–ด์ ธ ์žˆ์–ด -rwxr-xr-x์™€ ๊ฐ™์ด ๋ˆ„๊ฐ€ ํŒŒ์ผ์„ ์ฝ์„ ์ˆ˜ ์žˆ๊ณ  ์‹คํ–‰์‹œํ‚ฌ ์ˆ˜ ์žˆ๋Š”์ง€ ์ •๋„๋กœ๋งŒ ๊ด€๋ฆฌํ•œ๋‹ค. ๊ทธ๋Ÿฌ๋‚˜ ์ด ๋ฐฉ์‹๋งŒ์œผ๋กœ๋Š” ๋ถ€์กฑํ•  ๋•Œ๊ฐ€ ์žˆ์–ด ๋‚˜์˜จ ๊ฒƒ์ด SELinux์ด๋‹ค. ์˜ˆ๋ฅผ ๋“ค์–ด, nginx ํ”„๋กœ์„ธ์Šค๊ฐ€ ํ•ดํ‚น๋จ, root ๊ถŒํ•œ ํš๋“, ์‹œ์Šคํ…œ ํŒŒ์ผ ์ ‘๊ทผ๊ณผ ๊ฐ™์€ ๋ฌธ์ œ๊ฐ€ ๋ฐœ์ƒํ•  ๊ฒฝ์šฐ ๊ธฐ์กด ๊ถŒํ•œ ์ฒด๊ณ„๋งŒ์œผ๋กœ๋Š” ๋ถ€์กฑํ•˜๋‹ค.

SELinux๋Š” ํ”„๋กœ์„ธ์Šค๊ฐ€ ๋ฌด์—‡์„ ํ•  ์ˆ˜ ์žˆ๋Š”์ง€ ๊ฐ•์ œ๋กœ ์ œํ•œํ•œ๋‹ค. ์ฆ‰, root๋ผ๋„ ๋ชจ๋“  ๊ฒƒ์„ ๋‹คํ•  ์ˆ˜ ์žˆ๋Š” ๊ฒƒ์ด ์•„๋‹ˆ๋ผ๋Š” ๋œป์ด๋‹ค.

์˜ˆ๋ฅผ ๋“ค์–ด, ์ผ๋ฐ˜ Linux์—์„œ๋Š” nginx๊ฐ€ root๋ฉด ๋ญ๋“  ์‹คํ–‰ ๊ฐ€๋Šฅํ–ˆ์ง€๋งŒ SELinux๋Š” nginx๋Š” ์›น ํŒŒ์ผ๋งŒ ์ฝ๋„๋ก, DB ์ ‘๊ทผ ๊ธˆ์ง€, ํŠน์ • ํฌํŠธ๋งŒ ์‚ฌ์šฉ ๊ฐ€๋Šฅํ•˜๊ฒŒ ์ œํ•œ์„ ๊ฑธ์–ด๋†“์„ ์ˆ˜ ์žˆ๋Š” ๊ฒƒ์ด๋‹ค.

์ฆ‰, ์‚ฌ์šฉ์ž ๊ถŒํ•œ + ํ”„๋กœ์„ธ์Šค ์ •์ฑ…์„ ๋™์‹œ์— ๊ฒ€์‚ฌํ•œ๋‹ค.

๊ทธ๋Ÿฐ๋ฐ SELinux๋Š” ๊ฐ•๋ ฅํ•˜์ง€๋งŒ ์„ค์ • ๋ณต์žกํ•˜๊ณ  ์›์ธ ๋ถ„์„๊ณผ ์ ‘๊ทผ์ด ์•ˆ๋˜๋Š” ์ด์œ ๋ฅผ ์ฐพ๊ธฐ ์–ด๋ ต๋‹ค๋Š” ๋‹จ์ ์ด ์žˆ๋‹ค. ๊ทธ๋ž˜์„œ ๊ฐœ๋ฐœ ํ™˜๊ฒฝ์—์„œ๋Š” ์ข…์ข… disabled๋กœ ๊บผ๋‘๊ธฐ๋„ ํ•œ๋‹ค.

SELinux ์ƒํƒœ๋Š” ์•„๋ž˜์™€ ๊ฐ™์ด ์žˆ๋‹ค.

์ƒํƒœ์˜๋ฏธ
Enforcing์ •์ฑ… ์ ์šฉ + ์ฐจ๋‹จ
Permissive์ฐจ๋‹จ ์•ˆ ํ•จ, ๋กœ๊ทธ๋งŒ ๊ธฐ๋ก
DisabledSELinux ๋น„ํ™œ์„ฑํ™”

ํ™•์ธ ๋ฐฉ๋ฒ•์€ getenforce๋ฅผ ์ž…๋ ฅํ•˜๋ฉด ๋œ๋‹ค.


Answer

1
2
3
4
5
6
7
8
$ ssh tony@stapp01
$ sudo yum install -y selinux-policy selinux-policy-targeted
$ sudo vi /etc/selinux/config
# SELINUX=disabled๋กœ ๊ณ ์น  ๊ฒƒ

#ํ™•์ธ
$ getenforce
Disabled


Day6 - Create a Cron Job

Problem

The Nautilus system admins team has prepared scripts to automate several day-to-day tasks. They want them to be deployed on all app servers in Stratos DC on a set schedule. Before that they need to test similar functionality with a sample cron job. Therefore, perform the steps below:

a. Install cronie package on all Nautilus app servers and start crond service. b. Add a cron */5 * * * * echo hello > /tmp/cron_text for root user.


Explanation

๋ชจ๋“  App Server์— cron ์„œ๋น„์Šค๋ฅผ ์„ค์น˜ํ•˜๊ณ  ์‹คํ–‰ํ•œ ๋’ค, root ๊ณ„์ •์— 5๋ถ„๋งˆ๋‹ค ์‹คํ–‰๋˜๋Š” cron job์„ ๋“ฑ๋กํ•˜๋ฉด ๋œ๋‹ค.


Answer

1
2
3
4
5
6
7
8
9
10
11
12
# ์•„๋ž˜ ๊ณผ์ • ๋ฐ˜๋ณต
$ ssh tony@stapp01
$ sudo yum install -y cronie

$ sudo systemctl enable crond
$ sudo systemctl start crond

$ sudo crontab -e
# */5 * * * * echo hello > /tmp/cron_text

$ sudo crontab -l
*/5 * * * * echo hello > /tmp/cron_text


Day7 - Linux SSH Authentication

Problem

The system admins team of xFusionCorp Industries has set up some scripts on jump host that run on regular intervals and perform operations on all app servers in Stratos Datacenter. To make these scripts work properly we need to make sure the thor user on jump host has password-less SSH access to all app servers through their respective sudo users (i.e tony for app server 1). Based on the requirements, perform the following:

Set up a password-less authentication from user thor on jump host to all app servers through their respective sudo users.


Explanation

jump-host์˜ thor ์œ ์ €๊ฐ€ ๋น„๋ฐ€๋ฒˆํ˜ธ ์ž…๋ ฅ ์—†์ด ๊ฐ App Server์— SSH ์ ‘์†ํ•  ์ˆ˜ ์žˆ๋„๋ก ์„ค์ •ํ•˜๋ผ

์ฒ˜์Œ์— ์ด๊ฑธ ์ฝ๊ณ  ๊ฐ ์„œ๋ฒ„๋งˆ๋‹ค thor ์œ ์ €๋ฅผ ๋งŒ๋“ค์–ด์•ผํ•˜๋Š”๊ฑด๊ฐ€ ํ–ˆ๋‹ค. ๊ทธ๋Ÿฌ๋‚˜ ์ด ๋œป์€ thor ๊ณ„์ •์œผ๋กœ SSH ๋ช…๋ น์„ ์‹คํ–‰ํ–ˆ์„ ๋•Œ ๋น„๋ฐ€๋ฒˆํ˜ธ ์—†์ด ์ ‘์†๋˜์–ด์•ผ ํ•œ๋‹ค๋Š” ๋œป์ด์—ˆ๋‹ค.

์ฆ‰, ๊ตฌ์กฐ๊ฐ€ ์•„๋ž˜์™€ ๊ฐ™์ด ๋œ๋‹ค.

1
2
3
thor @ jump-host
   โ†“
ssh tony@stapp01

stapp01์— thor ๊ณ„์ •์„ ๋งŒ๋“œ๋Š” ๊ฒŒ ์•„๋‹ˆ๋ผ thor์˜ SSH ๊ณต๊ฐœํ‚ค๋ฅผ tony ๊ณ„์ •์— ๋“ฑ๋กํ•˜๋Š” ๊ฒƒ์ด๋‹ค.

ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์€ ๊ฐ„๋‹จํ•˜๋‹ค.

jump-host์—์„œ SSH key๋ฅผ ์ƒ์„ฑํ•œ ํ›„ ๊ฐ App Server์— ๋ณต์‚ฌํ•˜๋ฉด ๋œ๋‹ค.

1
2
3
thor์˜ ๊ณต๊ฐœํ‚ค(id_rsa.pub)
โ†“
์›๊ฒฉ ์„œ๋ฒ„ ~/.ssh/authorized_keys ์ถ”๊ฐ€

์ด๊ฑด ์‹ค๋ฌด์—์„œ

  • ๋ฐฐํฌ ์ž๋™ํ™”
  • ansible
  • backup script
  • monitoring
  • CI/CD

๋“ฑ์ด ์„œ๋ฒ„ ์—ฌ๋Ÿฌ ๋Œ€์— ์ž๋™ ์ ‘์†ํ•  ๋•Œ ์‚ฌ์šฉ๋œ๋‹ค.

์ฆ‰, ์‚ฌ๋žŒ์ด ๋น„๋ฐ€๋ฒˆํ˜ธ ์ž…๋ ฅ ์•ˆ ํ•ด๋„ ์Šคํฌ๋ฆฝํŠธ๊ฐ€ ์ž๋™ SSH ๊ฐ€๋Šฅํ•˜๋„๋ก ๋งŒ๋“œ๋Š” ๊ฒƒ์ด๋‹ค.


Answer

1
2
$ ssh-keygen
$ ssh-copy-id tony@stapp01 # ๋ฐ˜๋ณต


Day8 - Install Ansible

Problem

During the weekly meeting, the Nautilus DevOps team discussed about the automation and configuration management solutions that they want to implement. While considering several options, the team has decided to go with Ansible for now due to its simple setup and minimal pre-requisites. The team wanted to start testing using Ansible, so they have decided to use jump host as an Ansible controller to test different kind of tasks on rest of the servers.

Install ansible version 4.10.0 on Jump host using pip3 only. Make sure Ansible binary is available globally on this system, i.e all users on this system are able to run Ansible commands.


Explanation

Jump Host๋ฅผ Ansible Controller๋กœ ๋งŒ๋“ค๊ณ , Ansible 4.10.0์„ ์„ค์น˜ํ•˜๋ผ๋Š” ๋œป์ด๋‹ค. Ansible์„ ์„ค์น˜ํ•œ ๋’ค ๋ฌธ์ œ์— ๋‚˜์˜จ๋Œ€๋กœ Make sure Ansible binary is available globally ๊ธ€๋กœ๋ฒŒํ•˜๊ฒŒ ๋งŒ๋“ค์–ด์ฃผ๋ฉด ๋œ๋‹ค.

๋”ฐ๋ผ์„œ ๊ทธ๋ƒฅ pip3 install ansible==4.10.0์„ ํ•  ๊ฒฝ์šฐ ์ € ๋ช…๋ น์–ด๋ฅผ ์ž…๋ ฅํ•œ ์‚ฌ์šฉ์ž๋งŒ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋‹ค. ์•ž์— sudo๋ฅผ ๋ถ™์—ฌ ๋‹ค๋ฅธ ์‚ฌ์šฉ์ž๋„ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๊ฒŒ ํ•ด์ฃผ๋ฉด ๋œ๋‹ค.


Answer

1
$ sudo pip3 install ansible==4.10.0


Additional Notes

Ansible์€ ์—ฌ๋Ÿฌ ์„œ๋ฒ„๋ฅผ ์ž๋™์œผ๋กœ ๊ด€๋ฆฌํ•˜๊ธฐ ์œ„ํ•œ ๋„๊ตฌ์ด๋‹ค. ๋งŒ์•ฝ ๋ฐ”์Šคํ‹ฐ์˜จ ์„œ๋ฒ„์—์„œ ์•ฝ 100๊ฐœ์˜ ์•ฑ ์„œ๋ฒ„์— ์ ‘์†ํ•˜์—ฌ ์ž‘์—…ํ•ด์•ผํ•  ๊ฒฝ์šฐ ๋งค๋ฒˆ SSH๋กœ ์ ‘์†ํ•ด์„œ ์ž‘์—…ํ•˜๊ธฐ ํž˜๋“ค๋‹ค. ์ด ๋•Œ Ansible์„ ์‚ฌ์šฉํ•˜๋ฉด ํ•œ๋ฒˆ๋งŒ ์‹คํ–‰ํ•˜์—ฌ ๋ชจ๋“  ์ž‘์—…์„ ๋๋‚ผ ์ˆ˜ ์žˆ๋‹ค.

1
2
3
4
5
- hosts: app_servers
  tasks:
    - name: Create user
      user:
        name: ravi

์„ ์‹คํ–‰ํ•  ๊ฒฝ์šฐ

1
2
3
4
5
stapp01 โ†’ ravi ์ƒ์„ฑ
stapp02 โ†’ ravi ์ƒ์„ฑ
stapp03 โ†’ ravi ์ƒ์„ฑ
...
100๋Œ€ ๋ชจ๋‘ ์ ์šฉ


Day9 - MariaDB Troubleshooting

Problem

There is a critical issue going on with the Nautilus application in Stratos DC. The production support team identified that the application is unable to connect to the database. After digging into the issue, the team found that mariadb service is down on the database server.

Look into the issue and fix the same.


Explanation

๊ฐ„๋‹จํ•˜๋‹ค mariadb๊ฐ€ ๋‹ค์šด๋˜์–ด ์˜ค๋ฅ˜๊ฐ€ ๋‚˜๋‹ˆ ๊ณ ์น˜๋ผ๋Š” ๊ฒƒ์ด๋‹ค. DB์„œ๋ฒ„๋กœ ์ ‘์†ํ•ด์„œ ๋‹ค์‹œ start์‹œํ‚ค๋ฉด ๋œ๋‹ค.


Answer

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
$ ssh peter@stdb01
$ systemctl status mariadb
โ—‹ mariadb.service - MariaDB 10.5 database server
     Loaded: loaded (/usr/lib/systemd/system/mariadb.service; disabled; pre>
     Active: inactive (dead)
       Docs: man:mariadbd(8)
             https://mariadb.com/kb/en/library/systemd/

$ sudo systemctl start mariadb
Job for mariadb.service failed because the control process exited with error code.
See "systemctl status mariadb.service" and "journalctl -xeu mariadb.service" for details.

$ sudo systemctl status mariadb -l
ร— mariadb.service - MariaDB 10.5 database server
     Loaded: loaded (/usr/lib/systemd/system/mariadb.service; disabled; pre>
     Active: failed (Result: exit-code) since Wed 2026-06-17 14:41:33 UTC; >
       Docs: man:mariadbd(8)
             https://mariadb.com/kb/en/library/systemd/
    Process: 21873 ExecStartPre=/usr/libexec/mariadb-check-socket (code=exi>
    Process: 21895 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir mariadb>
        CPU: 88ms

Jun 17 14:41:33 stdb01 mariadb-prepare-db-dir[21983]: chown: changing owner>
Jun 17 14:41:33 stdb01 mariadb-prepare-db-dir[21958]: Cannot change ownersh>
Jun 17 14:41:33 stdb01 mariadb-prepare-db-dir[21958]: user.  Check that you>
Jun 17 14:41:33 stdb01 mariadb-prepare-db-dir[21895]: Initialization of Mar>
Jun 17 14:41:33 stdb01 mariadb-prepare-db-dir[21895]: Perhaps /etc/my.cnf i>
Jun 17 14:41:33 stdb01 mariadb-prepare-db-dir[21895]: Initialization of Mar>
Jun 17 14:41:33 stdb01 mariadb-prepare-db-dir[21895]: Files created so far >
Jun 17 14:41:33 stdb01 systemd[1]: mariadb.service: Control process exited,>
Jun 17 14:41:33 stdb01 systemd[1]: mariadb.service: Failed with result exi>
Jun 17 14:41:33 stdb01 systemd[1]: Failed to start MariaDB 10.5 database se>

# Cannot change ownership
# MariaDB๊ฐ€ ์ดˆ๊ธฐํ™”ํ•˜๋ฉด์„œ ๋ฐ์ดํ„ฐ ๋””๋ ‰ํ† ๋ฆฌ ์†Œ์œ ์ž๋ฅผ mysql ๊ณ„์ •์œผ๋กœ ๋ฐ”๊พธ๋ ค๋Š”๋ฐ ์‹คํŒจํ•œ ์ƒํƒœ
# ๋ณดํ†ต /var/lib/mysql ๊ถŒํ•œ/์†Œ์œ ์ž๊ฐ€ ์ž˜๋ชป๋˜์–ด ์žˆ์„ ๋•Œ ๋งŽ์ด ๋‚œ๋‹ค.

$ sudo chown -R mysql:mysql /var/lib/mysql
$ sudo systemctl start mariadb
โ— mariadb.service - MariaDB 10.5 database server
     Loaded: loaded (/usr/lib/systemd/system/mariadb.service; disabled; pre>
     Active: active (running) since Wed 2026-06-17 14:45:32 UTC; 31s ago
       Docs: man:mariadbd(8)
             https://mariadb.com/kb/en/library/systemd/
    Process: 23022 ExecStartPre=/usr/libexec/mariadb-check-socket (code=exi>
    Process: 23044 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir mariadb>
    Process: 23184 ExecStartPost=/usr/libexec/mariadb-check-upgrade (code=e>
   Main PID: 23164 (mariadbd)
     Status: "Taking your SQL requests now..."
      Tasks: 13 (limit: 404677)
     Memory: 68.7M
        CPU: 306ms
     CGroup: /system.slice/mariadb.service
             โ””โ”€23164 /usr/libexec/mariadbd --basedir=/usr

Jun 17 14:45:32 stdb01 mariadb-prepare-db-dir[23107]: The second is mysql@l>
Jun 17 14:45:32 stdb01 mariadb-prepare-db-dir[23107]: you need to be the sy>
Jun 17 14:45:32 stdb01 mariadb-prepare-db-dir[23107]: After connecting you >
Jun 17 14:45:32 stdb01 mariadb-prepare-db-dir[23107]: able to connect as an>
Jun 17 14:45:32 stdb01 mariadb-prepare-db-dir[23107]: See the MariaDB Knowl>
Jun 17 14:45:32 stdb01 mariadb-prepare-db-dir[23107]: Please report any pro>
Jun 17 14:45:32 stdb01 mariadb-prepare-db-dir[23107]: The latest informatio>
Jun 17 14:45:32 stdb01 mariadb-prepare-db-dir[23107]: Consider joining Mari>
Jun 17 14:45:32 stdb01 mariadb-prepare-db-dir[23107]: https://mariadb.org/g>
Jun 17 14:45:32 stdb01 systemd[1]: Started MariaDB 10.5 database server.


Day10 - Linux Bash Scripts

Problem

The production support team of xFusionCorp Industries is working on developing some bash scripts to automate different day to day tasks. One is to create a bash script for archiving website content files. They have a static website running on App Server 2 in Stratos Datacenter, and they need to create a bash script named beta_archive.sh which should accomplish the following tasks. (Also remember to place the script under the /scripts directory on App Server 2).

a. Create a zip archive named xfusioncorp_beta.zip of /var/www/html/beta directory.

b. Save the archive in the /archives/ directory on the App Server 2. This is a temporary storage, as archives from this location will be cleaned on a weekly basis. Therefore, the archive should also be copied to the Nautilus Storage Server so it can be retrieved later for validation purposes.

c. Copy the created archive to the Nautilus Storage Server server in the /archives/ location.

d. Please make sure script wonโ€™t ask for password while copying the archive file. Additionally, the respective server user (for example, tony in case of App Server 1) must be able to run it.

e. Do not use sudo inside the script.

Note: The zip package must be installed on given App Server before executing the script. This package is essential for creating the zip archive of the website files. Install it manually outside the script.


Explanation

๋ฌธ์ œ๋Š” ๊ธธ์ง€๋งŒ ํ•ต์‹ฌ ๋‚ด์šฉ์€ App Server 2์—์„œ /var/www/html/beta๋ฅผ zip์œผ๋กœ ์••์ถ•ํ•˜๊ณ , ๊ทธ zip ํŒŒ์ผ์„ ๋กœ์ปฌ /archives/์™€ Storage Server /archives/์— ์ €์žฅํ•˜๋Š” ์Šคํฌ๋ฆฝํŠธ๋ฅผ ๋งŒ๋“ค๋ผ๋Š” ๊ฒƒ์ด๋‹ค.


Answer

1
2
3
4
$ ssh steve@stapp02
$ sudo yum install -y zip

$ sudo vi /scripts/beta_archive.sh

beta_archive.sh ๋‚ด์šฉ

1
2
3
4
5
6
7
#!/bin/bash

cd /var/www/html || exit 1

zip -r /archives/xfusioncorp_beta.zip beta

scp /archives/xfusioncorp_beta.zip natasha@ststor01:/archives/
1
2
3
4
$ sudo chmod +x /scripts/beta_archive.sh

$ ssh-keygen
$ ssh-copy-id natasha@ststor01


Day11 - Install and Configure Tomcat Server

Problem

The Nautilus application development team recently finished the beta version of one of their Java-based applications, which they are planning to deploy on one of the app servers in Stratos DC. After an internal team meeting, they have decided to use the tomcat application server. Based on the requirements mentioned below complete the task:

a. Install tomcat server on App Server 3.

b. Configure it to run on port 6100.

c. There is a ROOT.war file on Jump host at location /tmp.

Deploy it on this tomcat server and make sure the webpage works directly on base URL i.e curl http://stapp03:6100


Explanation

App Server 3์— Tomcat ์„ค์น˜ํ•˜์—ฌ Tomcat ํฌํŠธ๋ฅผ 6100์œผ๋กœ ๋ณ€๊ฒฝ ํ›„ Jump host์˜ /tmp/ROOT.war๋ฅผ App Server 3 Tomcat์— ๋ฐฐํฌํ•˜์—ฌ http://stapp03:6100 ์œผ๋กœ ๋ฐ”๋กœ ์ ‘์†๋˜๊ฒŒ ๋งŒ๋“ค๋ฉด ๋œ๋‹ค.

์ถ”๊ฐ€๋กœ curl http://stapp03:6100 ๋ช…๋ น์ด ๋™์ž‘ํ•˜๋Š” ์ด์œ ๋Š” Jump Host์™€ App Server 3๊ฐ€ ๋™์ผํ•œ ๋‚ด๋ถ€ ๋„คํŠธ์›Œํฌ(Stratos Datacenter)์— ์—ฐ๊ฒฐ๋˜์–ด ์žˆ๊ธฐ ๋•Œ๋ฌธ์ด๋‹ค.

Tomcat์€ App Server 3์˜ 6100 ํฌํŠธ์—์„œ HTTP ์š”์ฒญ์„ ์ˆ˜์‹ (Listen)ํ•˜๊ณ  ์žˆ์œผ๋ฉฐ, Jump Host๋Š” ํ•ด๋‹น ํฌํŠธ๋กœ HTTP ์š”์ฒญ์„ ๋ณด๋‚ผ ์ˆ˜ ์žˆ๋‹ค.

์ฆ‰, Jump Host์—์„œ:

1
curl http://stapp03:6100

๋ฅผ ์‹คํ–‰ํ•˜๋ฉด ๋‚ด๋ถ€์ ์œผ๋กœ App Server 3์˜ 6100 ํฌํŠธ๋กœ HTTP ์š”์ฒญ์ด ์ „์†ก๋˜๊ณ , Tomcat์ด ๋ฐฐํฌ๋œ ROOT.war ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜์˜ ์‘๋‹ต์„ ๋ฐ˜ํ™˜ํ•˜๊ฒŒ ๋œ๋‹ค.

๋˜ํ•œ Tomcat์˜ webapps ๋””๋ ‰ํ† ๋ฆฌ์— ROOT.war๋ฅผ ๋ฐฐํฌํ–ˆ๊ธฐ ๋•Œ๋ฌธ์— ๋ณ„๋„์˜ Context Path ์—†์ด Base URL(/)๋กœ ์ ‘๊ทผํ•  ์ˆ˜ ์žˆ๋‹ค.


Answer

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
$ scp /tmp/ROOT.war banner@stapp03:/tmp/
$ ssh banner@stapp03

$ sudo yum install -y tomcat
$ sudo vi /etc/tomcat/server.xml
# <Connector port="6100" protocol="HTTP/1.1"๋กœ ๋ณ€๊ฒฝ 8080 -> 6100
$ sudo cp /tmp/ROOT.war /var/lib/tomcat/webapps/

$ sudo systemctl enable tomcat
$ sudo systemctl restart tomcat

#ํ™•์ธ
$ curl http://stapp03:6100
<!DOCTYPE html>
<!--
To change this license header, choose License Headers in Project Properties.
To change this template file, choose Tools | Templates
and open the template in the editor.
-->
<html>
    <head>
        <title>SampleWebApp</title>
        <meta charset="UTF-8">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
    </head>
    <body>
        <h2>Welcome to xFusionCorp Industries!</h2>
        <br>

    </body>
</html>


This post is licensed under CC BY 4.0 by the author.