Ex280 Exam Practice Questions & Answers

What should I know about the ex280 exam practice questions & answers

Setup your Lab by clicking here

ex280 Exam Practice Question 18


As the cluster administrator with the username, “kubeadmin” and password, ” LumDI-t5jjd-ciyWk-wKsoe”.
Perform the following operations.

NOTE: you can login with (oc login -u kubeadmin -p LumDI-t5jjd-ciyWk-wKsoe https://api.crc.testing:6443)


– create two groups, frontend-group and backend-group


– create six users, tekneed3, tekneed4, tekneed5, tekneed6, tekneed7, and tekneed8 users. They must all have the password, “open”
[NOTE: Update the already existing HTpasswd authentication file in /tmp/htpassword to create the users. Also use/create a secret with the name, “htpassword-secret” from /tmp/htpassword file.]


-The users, tekneed5, and tekneed6 must belong to the frontend-group, and the users, tekneed7, and tekneed8 must belong the backend-group


-create a project, “open-compute” project


-grant the user, tekneed4, project administration privileges on the open-compute project


– give the group, frontend-group read privileges, and the group, backend-group write privileges for the open-compute project


-grant the user, tekneed3 a cluster admin user


Answer

1. Login to the cluster

[victor@sno ~]$ oc login -u kubeadmin -p i4obN-b3jWo-hj82d-rZHLb
Login successful.

You have access to 67 projects, the list has been suppressed. You can list all projects with 'oc projects'

Using project "default".

2. create the two groups.

[victor@sno ~]$ oc adm groups new frontend-group

group.user.openshift.io/frontend-group created


[victor@sno ~]$ oc adm groups new backend-group

group.user.openshift.io/backend-group created

3. Verify that the groups have been created

[victor@sno ~]$ oc get groups

NAME             USERS
backend-group
frontend-group

4. create the users

*you can view the existing file already in /tmp/htpassword

[victor@sno ~]$ cat /tmp/htpassword
tekneed1:$apr1$9av9vl1X$PQqzv/AqEswZQoJqR86e2/
tekneed2:$apr1$dqwzrtyz$fEKau5yHQjyX.7klD9hao/

*create the users

[victor@sno ~]$ htpasswd -b /tmp/htpassword tekneed3 open
Adding password for user tekneed3
[victor@sno ~]$ htpasswd -b /tmp/htpassword tekneed4 open
Adding password for user tekneed4
[victor@sno ~]$ htpasswd -b /tmp/htpassword tekneed5 open
Adding password for user tekneed5
[victor@sno ~]$ htpasswd -b /tmp/htpassword tekneed6 open
Adding password for user tekneed6
[victor@sno ~]$ htpasswd -b /tmp/htpassword tekneed7 open
Adding password for user tekneed7
[victor@sno ~]$ htpasswd -b /tmp/htpassword tekneed8 open
Adding password for user tekneed8

5. Verify that the users have been created.

[victor@sno ~]$ cat /tmp/htpassword

tekneed1:$apr1$9av9vl1X$PQqzv/AqEswZQoJqR86e2/
tekneed2:$apr1$dqwzrtyz$fEKau5yHQjyX.7klD9hao/
tekneed3:$apr1$eMvkoUVJ$tkqWm3.4zkpJTtJQg.mR21
tekneed4:$apr1$y19G58eu$0oYA15lw3X8epAWRSQOPs0
tekneed5:$apr1$TbgBDP0a$.t2td3KP3KCLwx2OTM6Hb1
tekneed6:$apr1$bpkuO8Ka$6lRMiRoyPj0fMSShLNbjT0
tekneed7:$apr1$Yh29LNJ5$73E7P2U1KMjW6NIavlSwH1
tekneed8:$apr1$lUfhJL/n$n4tuArUkp7Smta7pkG6ut1

6. create a secrete for the /tmp/htpassword file

[victor@sno ~]$ oc create secret generic htpassword-secret --from-file  htpasswd=/tmp/htpassword -n openshift-config

secret/htpassword-secret created

7. Update the oauth server (oauth resource yaml manifest configuration file)

*extract the existing oauth resource yaml manifest config file

victor@sno ~]$ oc get oauth cluster -o yaml > oauth.yaml

*Edit the file and include the information from the /tmp/htpassword living in the secret, htpassword-secret

[victor@sno ~]$ vi oauth.yaml

.......
 - htpasswd:
      fileData:
        name: htpassword-secret
    mappingMethod: claim
    name: allusers
    type: HTPasswd
..........
ex280 exam practice questions

*update the oauth server/resource with the new information

[victor@sno ~]$ oc replace -f oauth.yaml
oauth.config.openshift.io/cluster replaced

8. Try loggingg in as one of the users created.

[victor@sno ~]$ oc login -u tekneed4 -p open

Login successful.

You don't have any projects. You can try to create a new project, by running

    oc new-project <projectname>

NB: You can watch the video on how we carried out some other tests.

9. You can also verify by using the “oc get” command.

NOTE: if you haven’t logged in with the user account for the first time, you may not see the users when you list them with the commands below.

[victor@sno ~]$ oc get users

NAME        UID                                    FULL NAME   IDENTITIES
developer   24b0c61d-2e67-44f5-86cb-56896c5488fc               developer:developer
kubeadmin   2eca97e7-277c-4aa4-a963-7ea45b3b4665               developer:kubeadmin
tekneed4    d148ad64-15e4-4e49-812a-b17b7fcb528a               allusers:tekneed4
[victor@sno ~]$ oc get identity

NAME                  IDP NAME    IDP USER NAME   USER NAME   USER UID
allusers:tekneed4     allusers    tekneed4        tekneed4    d148ad64-15e4-4e49-812a-b17b7fcb528a
developer:developer   developer   developer       developer   24b0c61d-2e67-44f5-86cb-56896c5488fc
developer:kubeadmin   developer   kubeadmin       kubeadmin   2eca97e7-277c-4aa4-a963-7ea45b3b4665

10. Add the users, tekneed5 and tekneed6 to the front-end group

[victor@sno ~]$ oc adm groups add-users frontend-group tekneed5

group.user.openshift.io/frontend-group added: "tekneed5"


[victor@sno ~]$ oc adm groups add-users frontend-group tekneed6

group.user.openshift.io/frontend-group added: "tekneed6"

11. Add the users, tekneed7 and tekneed8 to the back-end group

[victor@sno ~]$ oc adm groups add-users backend-group tekneed7

group.user.openshift.io/backend-group added: "tekneed7"


[victor@sno ~]$ oc adm groups add-users backend-group tekneed8

group.user.openshift.io/backend-group added: "tekneed8"

12. Verify that the users have been added to the group

[victor@sno ~]$ oc get groups

NAME             USERS
backend-group    tekneed7, tekneed8
frontend-group   tekneed5, tekneed6

13. create the project, open-compute

[victor@sno ~]$ oc new-project open-compute

Now using project "open-compute" on server "https://api.crc.testing:6443".

...................

14. grant the user, tekneed4 an admin privilege for the open-compute project

[victor@sno ~]$ oc policy add-role-to-user admin tekneed4

clusterrole.rbac.authorization.k8s.io/admin added: "tekneed4"

NOTE: You can also include the namespace at the end of the command. I did not include it because I am currently using the open-compute namespace.

15. grant the frontend-group read permission in the open-compute project

[victor@sno ~]$ oc policy add-role-to-group view frontend-group

clusterrole.rbac.authorization.k8s.io/view added: "frontend-group"

16. grant the backend-group write permission in the open-compute project

[victor@sno ~]$ oc policy add-role-to-group edit backend-group

clusterrole.rbac.authorization.k8s.io/edit added: "backend-group"

17. grant the user tekneed3, a cluster admin user privilege

[victor@sno ~]$ oc adm policy add-cluster-role-to-user cluster-admin tekneed3

Warning: User 'tekneed3' not found
clusterrole.rbac.authorization.k8s.io/cluster-admin added: "tekneed3"

NB: you are getting the warning because we haven’t logged in to the cluster with user, tekneed3 for the first time

18. Review all the role bindings in the open-compute project.

[victor@sno ~]$ oc get rolebindings -o wide

NAME                    ROLE                               AGE     USERS       GROUPS                                SERVICEACCOUNTS
admin                   ClusterRole/admin                  5m31s   kubeadmin                
admin-0                 ClusterRole/admin                  4m11s   tekneed4                 
edit                    ClusterRole/edit                   105s                back-end     
system:deployers        ClusterRole/system:deployer        5m31s                                                     open-compute/deployer
system:image-builders   ClusterRole/system:image-builder   5m31s                                                     open-compute/builder
system:image-pullers    ClusterRole/system:image-puller    5m31s               system:serviceaccounts:open-compute
view                    ClusterRole/view                   2m52s               fron-end     
view-0                  ClusterRole/view                   2m46s               front-end    

Solution Summary

# oc login -u kubeadmin -p i4obN-b3jWo-hj82d-rZHLb
# oc adm groups new frontend-group
# oc adm groups new backend-group
# oc get groups 
# cat /tmp/htpassword
# htpasswd -b /tmp/htpassword tekneed3 open
# htpasswd -b /tmp/htpassword tekneed4 open
# htpasswd -b /tmp/htpassword tekneed5 open
# htpasswd -b /tmp/htpassword tekneed6 open
# htpasswd -b /tmp/htpassword tekneed7 open
# htpasswd -b /tmp/htpassword tekneed8 open
# cat /tmp/htpassword
# oc create secret generic htpassword-secret --from-file  htpasswd=/tmp/htpassword -n openshift-config
# oc get oauth cluster -o yaml > oauth.yaml 
# vi oauth.yaml
# oc replace -f oauth.yaml
# oc get pods -n openshift-authentication
# oc get users
# oc get identity
# oc adm groups add-users frontend-group tekneed5
# oc adm groups add-users frontend-group tekneed6
# oc adm groups add-users backend-group tekneed7
# oc adm groups add-users backend-group tekneed8
# oc get groups
# oc new-project open-compute
# oc policy add-role-to-user admin tekneed4
# oc policy add-role-to-group view frontend-group
# oc policy add-role-to-group edit backend-group
# oc adm policy add-cluster-role-to-user cluster-admin tekneed3
# oc get rolebindings -o wide

Click here to get other ex280 premium preparation questions and answers

Setup your Lab by clicking here

Watch Video on ex280 exam practice questions & answer 18

Your feedback is welcomed. If you love others, you will share with others

3 Comments

Leave a Reply

Your email address will not be published.


*