Linux Olympics Report + Tasks with Answers
On December 7, the final GNU / Linux Olympiad round was held among students and young professionals. Here is the topic with the announcement : the first round was held remotely, the second - in person in Moscow. Below is a report and examples of tasks for absentee and full-time tours.
Gennady Mazurov won first place.
Winners:
')
We are already far from the first year of the Olympiad on system administration, but this time the events developed somewhat faster than usual. After the topic with the announcement, we caught habraeffekt, which, in particular, was expressed in the fact that the format of the inter-university very quickly grew into an international one. Part of the applicants asked to participate out of the competition - out of interest. We decided not to limit anyone, and allowed everyone to participate in the first round. According to our calculations, about 60% of the participants came from Habr, the rest learned about the Olympiad in social networks, as well as from announcements at universities. Many called friends.
Due to the fact that there were many participants not from Moscow, we had to change the dates of the second round on the go (not everyone had time to come) and some rules. There were also discrepancies in the interpretation of who these "young professionals". We focused on people who graduated from universities 1-3 years ago (that is, up to about 25 years), but we didn’t say it clearly. I apologize to all the participants who, because of this, could feel some organization’s crumple. The second time on this rake will not come.
We intend to simplify the tasks of the first round, so that there is no scaring effect, as it was a year ago, when only 12 people reached the final. This year we selected 30 best participants for the second round, of which 22 people were able to come to us on December 7. But, according to our winner, Gennady Mazurov, who already participated in our Olympiad 2 years ago, this time in the second round, the tasks were significantly more difficult than before.
Gennady came forward with a large margin. In the first round, it was possible to score a maximum of 30 points, in the second - 70. The winner scored 80 points following the results of two rounds (on average, participants had 45 points each). Gennady lives in Moscow, he graduated from Bauman Moscow State Technical University and is already working. The second place was won by Bova Bovaev (66 points), who, one can say, made his way to the finals: he was allowed to take part in the first round out of the competition, and then he figured out that he had no higher education. Bova comes from Elista (Kalmykia), graduates from the university and now also lives in Moscow. Third place went to Vyacheslav Karpukhin from Ufa (63 points).
Participants could guess about the format of the second round: we made it clear in every possible way that our final would be similar to the RedHat exams. It was possible to prepare by Exam Objectives on the RedHat website. But unlike the RedHat exams, we were allowed to use the Internet. In the second round there were 20 tasks with different points that needed to be completed in 4 hours and a half. After summing up, we sent out all the finalists the correct solutions for the tasks of the second round.
All those who came to visit us during the inspection of the works were entertained with a tour around the office and one of our data centers. After the Olympiad, several participants expressed a desire to work with us, and now we are reviewing their resumes. But we do not expect a large number of new employees to appear after the Olympics - as a rule, those who are already working somewhere show good results: it is clear that having practical experience is a great advantage. Our Olympiad is more likely focused on other people: on those who came, tried it and understood that there is still something to learn - and decided to improve. At one of the past Olympics, we had a participant, a student of Baumanki, who was far from winning a prize. But in the next year, he again participated and won the first place - well pumped.
By the way, we are ready to consider all those who scored more than 60% in the first round as applicants without an input technical interview.
UPD: Download PDF
Initial situation: at your disposal are 2 virtual machines with CentOS 6.3 x64 installed, located in the same VLAN. The names of the machines are node1 and node2. SELinux should work in the targeted enforcing mode at the time the tasks are verified. Before checking the jobs of the machine will be restarted.
7. Create a / pub directory on node1. The root file system that owns the / pub directory must be mounted with the default options. The / pub directory is intended for user1 and user2 to work together. It is necessary that each of them can create files in / pub, and the other user can edit them. Other users should not have access to this directory.
11. On node1, provide the directory / d01 and its subdirectories with NFS shared read-only for all network addresses. Ensure that the contents of all directories are accessible from node2.
With this task, none of the participants 100% failed.
15. On node2, use part of unallocated 2GB disk space and connect it via iSCSI to node1. On node1, this space should be available as a block device.
Only one participant coped with this task.
17. On node2, install and configure a web server with two virtual sites — www.example.com and www.test.net . The site www.example.com should be accessible when accessing the server via port 8088, and www.test.net - via 8088 and 443. The web-server should start automatically when the system is started.
This task caused a lot of difficulties, apparently due to the dependence on the SELinux settings. About SSL in the task was not explicitly stated, but we laid on the obviousness of such a requirement.
Next year will be the next Olympiad on system administration. I would love to hear your suggestions and feedback on this. Of the possible highlights of the next year, most likely these will not be scattered tasks, but the stages of creating one solution, each of which complements the rest.
Gennady Mazurov won first place.
Winners:
- I place - Gennady Mazurov
- II place - Bova Bovaev
- III place - Vyacheslav Karpukhin
')
Report
We are already far from the first year of the Olympiad on system administration, but this time the events developed somewhat faster than usual. After the topic with the announcement, we caught habraeffekt, which, in particular, was expressed in the fact that the format of the inter-university very quickly grew into an international one. Part of the applicants asked to participate out of the competition - out of interest. We decided not to limit anyone, and allowed everyone to participate in the first round. According to our calculations, about 60% of the participants came from Habr, the rest learned about the Olympiad in social networks, as well as from announcements at universities. Many called friends.
Due to the fact that there were many participants not from Moscow, we had to change the dates of the second round on the go (not everyone had time to come) and some rules. There were also discrepancies in the interpretation of who these "young professionals". We focused on people who graduated from universities 1-3 years ago (that is, up to about 25 years), but we didn’t say it clearly. I apologize to all the participants who, because of this, could feel some organization’s crumple. The second time on this rake will not come.
We intend to simplify the tasks of the first round, so that there is no scaring effect, as it was a year ago, when only 12 people reached the final. This year we selected 30 best participants for the second round, of which 22 people were able to come to us on December 7. But, according to our winner, Gennady Mazurov, who already participated in our Olympiad 2 years ago, this time in the second round, the tasks were significantly more difficult than before.
Gennady came forward with a large margin. In the first round, it was possible to score a maximum of 30 points, in the second - 70. The winner scored 80 points following the results of two rounds (on average, participants had 45 points each). Gennady lives in Moscow, he graduated from Bauman Moscow State Technical University and is already working. The second place was won by Bova Bovaev (66 points), who, one can say, made his way to the finals: he was allowed to take part in the first round out of the competition, and then he figured out that he had no higher education. Bova comes from Elista (Kalmykia), graduates from the university and now also lives in Moscow. Third place went to Vyacheslav Karpukhin from Ufa (63 points).
Participants could guess about the format of the second round: we made it clear in every possible way that our final would be similar to the RedHat exams. It was possible to prepare by Exam Objectives on the RedHat website. But unlike the RedHat exams, we were allowed to use the Internet. In the second round there were 20 tasks with different points that needed to be completed in 4 hours and a half. After summing up, we sent out all the finalists the correct solutions for the tasks of the second round.
All those who came to visit us during the inspection of the works were entertained with a tour around the office and one of our data centers. After the Olympiad, several participants expressed a desire to work with us, and now we are reviewing their resumes. But we do not expect a large number of new employees to appear after the Olympics - as a rule, those who are already working somewhere show good results: it is clear that having practical experience is a great advantage. Our Olympiad is more likely focused on other people: on those who came, tried it and understood that there is still something to learn - and decided to improve. At one of the past Olympics, we had a participant, a student of Baumanki, who was far from winning a prize. But in the next year, he again participated and won the first place - well pumped.
By the way, we are ready to consider all those who scored more than 60% in the first round as applicants without an input technical interview.
Tasks of the first round with answers
UPD: Download PDF
Selected tasks of the second round, which caused the greatest difficulties
Initial situation: at your disposal are 2 virtual machines with CentOS 6.3 x64 installed, located in the same VLAN. The names of the machines are node1 and node2. SELinux should work in the targeted enforcing mode at the time the tasks are verified. Before checking the jobs of the machine will be restarted.
7. Create a / pub directory on node1. The root file system that owns the / pub directory must be mounted with the default options. The / pub directory is intended for user1 and user2 to work together. It is necessary that each of them can create files in / pub, and the other user can edit them. Other users should not have access to this directory.
Answer
This task is about the SETGID directory, which is used to organize user collaboration. Correctly this task was performed only by 2 participants.
SETGID (s) ensures that all files and directories that are created inside / pub have the same group as / pub, i.e. grp1.
Next, you had to make sure that for grp1 users the parameter umask = 0002, so that by default the newly created objects allowed the group to write g = rwx.
mkdir / pub
chown root: grp1 / pub
chmod u = rwx, g = rws, o = / pub
SETGID (s) ensures that all files and directories that are created inside / pub have the same group as / pub, i.e. grp1.
Next, you had to make sure that for grp1 users the parameter umask = 0002, so that by default the newly created objects allowed the group to write g = rwx.
11. On node1, provide the directory / d01 and its subdirectories with NFS shared read-only for all network addresses. Ensure that the contents of all directories are accessible from node2.
With this task, none of the participants 100% failed.
Answer
The first trick was that / d01 contains mount points for other file systems that are not exported by default. Therefore, the preferred solution is to add to / etc / exports separate entries for / d01, / d01 / public and / d01 / private.
Another option is to use the nohide option when exporting / d01, but in real life it should be used with care (man 5 exports)
The second trick that waited on the way is the record:
You also had to remember to enable the autostart of services:
and open the NFS ports in the firewall. In principle, it was enough to allow all connections, since in other tasks the restrictions are not imposed:
Another option is to use the nohide option when exporting / d01, but in real life it should be used with care (man 5 exports)
The second trick that waited on the way is the record:
rpcbind: ALL
in /etc/hosts.deny on node2.
You also had to remember to enable the autostart of services:
chkconfig nfs on
and open the NFS ports in the firewall. In principle, it was enough to allow all connections, since in other tasks the restrictions are not imposed:
iptables -A INPUT -m state --state ESTABLISHED, RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -j ACCEPT
15. On node2, use part of unallocated 2GB disk space and connect it via iSCSI to node1. On node1, this space should be available as a block device.
Only one participant coped with this task.
Answer
To make LVM a logical volume of 2GB in size (but you could, of course, just make a partition on the disk). Tweak on the node2 scsi-target-utils package. Add to /etc/tgt/targets.conf:
Restart the tgtd service and activate its autoload:
Open the iscsi-target port 3260 / tcp using iptables.
On node1, make sure that the iscsi-initiator-utils package is installed, detect target:
Check that a new disk is available:
<target iqn.2012-12.bla-bla-bla: target0>
backing-store / dev / newvg / iscsi-vol
</ target> Restart the tgtd service and activate its autoload:
service tgtd restart
chkconfig tgtd on
Open the iscsi-target port 3260 / tcp using iptables.
On node1, make sure that the iscsi-initiator-utils package is installed, detect target:
iscsiadm -m discovery -t st -p 10.1.x.2: 3260
Starting iscsid: [OK]
10.1.x.2: 3260.1 iqn.2012-12.com.example: server.target0
Check that a new disk is available:
fdisk –l
17. On node2, install and configure a web server with two virtual sites — www.example.com and www.test.net . The site www.example.com should be accessible when accessing the server via port 8088, and www.test.net - via 8088 and 443. The web-server should start automatically when the system is started.
This task caused a lot of difficulties, apparently due to the dependence on the SELinux settings. About SSL in the task was not explicitly stated, but we laid on the obviousness of such a requirement.
Answer
It was necessary to install the httpd and mod_ssl packages. In the /etc/httpd/conf/httpd.conf config fix:
The virtual hosts configuration in the minimalist version can be like this (available there in httpd.conf):
For the SSL part, it was necessary to change it in /etc/httpd/conf.d/ssl.conf:
The rest is the default.
Since SELinux operates in targeted enforcing mode, apache cannot use port 8088, this port is not among those allowed for it by the policy:
we add another permitted port for the http_port_t context (the semanage utility is included in the policycoreutils-python package, it had to be installed):
After these steps, you can start apache and set autoload:
It was also necessary to open ports 8088 and 443 using iptables.
Listen 8088
NameVirtualHost *: 8088
The virtual hosts configuration in the minimalist version can be like this (available there in httpd.conf):
<VirtualHost *: 8088> ServerName www.example.com </ Virtualhost> <VirtualHost *: 8088> ServerName www.test.net </ Virtualhost>
For the SSL part, it was necessary to change it in /etc/httpd/conf.d/ssl.conf:
Listen 443
<VirtualHost *: 443>
ServerName www.test.net : 443
The rest is the default.
Since SELinux operates in targeted enforcing mode, apache cannot use port 8088, this port is not among those allowed for it by the policy:
semanage port -l | grep -w http_port_t
http_port_t tcp 8080, 80, 443, 488, 8008, 8009, 8443
we add another permitted port for the http_port_t context (the semanage utility is included in the policycoreutils-python package, it had to be installed):
semanage port -a -t http_port_t -p tcp 8088
After these steps, you can start apache and set autoload:
service httpd start
chkconfig httpd on
It was also necessary to open ports 8088 and 443 using iptables.
Next Olympiad
Next year will be the next Olympiad on system administration. I would love to hear your suggestions and feedback on this. Of the possible highlights of the next year, most likely these will not be scattered tasks, but the stages of creating one solution, each of which complements the rest.
Source: https://habr.com/ru/post/162909/
All Articles