diff --git a/README-zh_CN.md b/README-zh_CN.md
index 878a73a40..ea24bef71 100644
--- a/README-zh_CN.md
+++ b/README-zh_CN.md
@@ -1,17 +1,14 @@
-# DevOps 面试问题
+
-
+:information_source: 此存储库包含有关各种技术主题的问题和练习,有时与 DevOps 和 SRE 相关
-:information_source: 本仓库包含各种 DevOps 相关主题的面试问题
+:bar_chart: 当前有 **2624** 个问题
-:bar_chart: 当前有 **413** 个问题
+:warning: 您可以使用这些来准备面试,但大多数问题和练习并不代表实际的面试。请阅读[常见问题](faq.md)了解更多详情
+:page_facing_up: 不同的面试官专注于不同的事情。 有些人将重点放在你的简历上,而另一些人可能将重点放在方案问题或特定的技术问题上。 在这个仓库,我尽力覆盖各种类型的 DevOps 问题,供你练习和测试你的知识
-:warning: 你不需要知道回答这个仓库的所有问题。 DevOps并不是知道一切:)
-
-:page_facing_up: 不同的面试官专注于不同的事情。 有些人将重点放在你的简历上,而另一些人可能将重点放在方案问题或特定的技术问题上。 在这个仓库,我尽力覆盖各种类型的DevOps问题,供你练习和测试你的知识
-
-:pencil: 你可以通过PR来添加更多问题和答案:)
+:pencil: 你可以通过提交拉取请求来添加更多练习:) 在[此处](CONTRIBUTING.md)阅读贡献指南
****
@@ -21,41 +18,675 @@
+## 网络
+
+
+一般来说,你需要什么才能进行交流?
+
+ - 一种共同的语言(供两端理解)
+ - 与你想要沟通的人交流的方法
+ - 一个连接(以便通信内容能够到达接收者)
+
+
+
+
+什么是 TCP/IP?
+
+一组协议,定义了两个或多个设备如何相互通信。
+
+了解更多关于TCP/IP, 阅读 [这里](http://www.penguintutor.com/linux/basic-network-reference)
+
+
+
+
+什么是以太网?
+
+以太网简单地指的是当今最常见的局域网(LAN)类型。与跨越较大地理区域的广域网(WAN)相对,LAN是一个连接在小范围内的计算机网络,比如你的办公室、大学校园或者家庭。
+
+
+
+
+什么是 MAC 地址?它有什么用途?
+
+MAC地址是用于识别网络上各个设备的唯一标识号码或代码。
+
+通过以太网发送的数据包始终来自一个 MAC 地址并发送到一个 MAC 地址。如果网络适配器接收到一个数据包,它会将该数据包的目标 MAC 地址与适配器自身的 MAC 地址进行比较。
+
+
+
+
+这个 MAC 地址是在什么时候使用的?: ff:ff:ff:ff:ff:ff
+
+当设备向广播 MAC 地址(FF:FF:FF:FF:FF:FF)发送数据包时,它会传递给本地网络上的所有站点。以太网广播用于在数据链路层通过 ARP 解析 IP 地址到 MAC 地址。
+
+
+
+什么是 IP 地址?
+
+互联网协议地址(IP 地址)是分配给连接到使用互联网协议进行通信的计算机网络上的每个设备的数字标签。IP地址具有两个主要功能:主机或网络接口识别和位置寻址。
+
+
+
+解释子网掩码并举例说明
+
+子网掩码是一个32位的数字,用于屏蔽 IP 地址并将 IP 地址分为网络地址和主机地址。子网掩码通过将网络位设置为全部"1",将主机位设置为全部"0"来生成。在给定的网络中,总可用主机地址中始终保留两个用于特定目的,并且不能分配给任何主机。这些是第一个地址,被保留作为网络地址(也称为网络 ID),以及最后一个用于网络广播的地址。
+
+[例子](https://github.com/philemonnwanne/projects/tree/main/exercises/exe-09)
+
+
+
+
+私有 IP 地址是什么?在哪些场景/系统设计中应该使用它?
+私有IP地址被分配给同一网络中的主机,以便彼此通信。正如“私有”这个名字所暗示的那样,拥有私有IP地址的设备无法被来自任何外部网络的设备访问到。例如,如果我住在一个宿舍,并且我希望我的室友们加入我托管的游戏服务器,我会要求他们通过我的服务器的私有IP地址加入,因为该网络是局域网。
+
+
+
+什么是公共 IP 地址?在哪些场景/系统设计中,应该使用它?
+公共IP地址是面向公众的 IP 地址。如果你正在托管一个游戏服务器,希望你的朋友加入,你会给他们提供你的公共IP地址,以便他们的计算机能够识别和定位到你的网络和服务器,从而进行连接。在与与您连接到同一网络的朋友玩耍时,并不需要使用面向公众的IP地址,在这种情况下,您将使用私有IP地址。为了使某人能够连接到内部位置的服务器上,您需要设置端口转发来告诉路由器允许来自公共域名和网络之间的流量通信。
+
+
+
+解释 OSI 模型。有哪几层?每层负责什么?
+
+- 应用程序:用户端( HTTP 在此)。
+- 演示:建立应用层实体之间的上下文(加密在这里)。
+- 会话:建立、管理和终止连接。
+- 传输:将可变长度的数据序列从源主机传输到目标主机( TCP 和 UDP 在此)。
+- 网络:将数据报从一个网络传输到另一个网络( IP 在此)。
+- 数据链路:提供两个直接连接的节点之间的链接(MAC在此)。
+- 物理特性:数据连接的电气和物理规格(位数在此)。
+
+您可以在 [penguintutor.com](http://www.penguintutor.com/linux/basic-network-reference) 阅读有关OSI模型的更多信息。
+
+
+
+对于以下每个确定其属于哪个 OSI 层:
+
+ * 错误更正
+ * 数据包路由
+ * 电缆和电信号
+ * MAC 地址
+ * IP 地址
+ * 终止连接
+ * 3 次握手
+ * 错误纠正 - 数据链路
+ * 数据包路由 - 网络
+ * 电缆和电信号 - 物理
+ * MAC 地址 - 数据链路
+ * IP 地址 - 网络
+ * 终止连接 - 会话
+ * 3次握手 - 传输
+
+
+
+你熟悉哪些交付计划?
+
+单播:一对一的通信,其中有一个发送者和一个接收者。
+
+广播:向网络中的所有人发送消息。地址 ff:ff:ff:ff:ff:ff 用于广播。
+ 使用广播的两个常见协议是 ARP 和 DHCP。
+
+多播:向一组订阅者发送消息。它可以是一对多或多对多的。
+
+
+
+什么是 CSMA/CD?它在现代以太网网络中使用吗?
+
+CSMA/CD 代表载波侦听多路访问冲突检测。
+其主要目标是管理对共享介质/总线的访问,每次只有一个主机可以传输。
+
+CSMA/CD 算法:
+
+1. 在发送帧之前,它会检查是否有另一个主机正在传输帧。
+2. 如果没有人在传输,它就开始传输帧。
+3. 如果两个主机同时传输,就会发生碰撞。
+4. 两个主机都停止发送帧,并向所有人发送一个“干扰信号”,通知大家发生了碰撞。
+5. 他们正在等待一个随机的时间再次发送它。
+6. 一旦每个主机等待了随机时间,它们会再次尝试发送帧,从而重新开始循环。
+
+
+
+描述以下网络设备及其之间的区别:
+
+ * 路由器
+ * 交换机
+ * 集线器
+
+路由器、交换机和集线器都是用于连接局域网(LAN)中的设备的网络设备。然而,每个设备的操作方式不同,并且具有其特定的使用情况。以下是对每个设备及其之间区别的简要描述:
+
+1. 路由器:一种网络设备,用于连接多个网络段。它在OSI模型的网络层(第3层)上运行,并使用路由协议来指导网络之间的数据传输。路由器使用IP地址来识别设备并将数据包定向到正确的目标位置。
+2. 交换机:一种网络设备,用于连接局域网上的多个设备。它在OSI模型的数据链路层(第二层)工作,并使用MAC地址来识别设备并将数据包定向到正确的目标。交换机可以使同一网络上的设备更高效地相互通信,并且可以防止多个设备同时发送数据时可能发生的数据碰撞。
+3. 集线器:一种网络设备,通过单根电缆连接多个设备,并用于在不分割网络的情况下连接多个设备。然而,与交换机不同的是,它在OSI模型的物理层(第1层)上运行,并且只是将数据包广播到所有连接到它的设备,无论该设备是否为预期接收者。这意味着可能会发生数据碰撞,并且网络效率可能因此受到影响。由于交换机更高效并提供更好的网络性能,所以现代网络设置通常不使用集线器。
+
+
+
+什么是“冲突域”?
+冲突域是一个网络段,在这个网络段中,设备可能会因为试图同时传输数据而相互干扰。当两个设备同时传输数据时,可能会发生碰撞,导致数据丢失或损坏。在冲突域中,所有设备共享同样的带宽,并且任何设备都有可能干扰其他设备的数据传输。
+
+
+
+什么是“广播域”?
+广播域是一个网络段,其中所有设备可以通过发送广播消息相互通信。广播消息是一条发送给网络中所有设备而不是特定设备的消息。在广播域中,所有设备都可以接收和处理广播消息,无论该消息是否针对它们。
+
+
+
+连接到一个交换机的三台计算机。有多少个冲突域?有多少个广播域?
+
+三个冲突域和一个广播域
+
+
+
+路由器是如何工作的?
+
+路由器是一种物理或虚拟设备,用于在两个或多个分组交换的计算机网络之间传递信息。路由器检查给定数据包的目标互联网协议地址(IP地址),计算它到达目的地的最佳路径,然后相应地转发它。
+
+
+
+
+什么是NAT?
+
+网络地址转换(NAT)是一个过程,其中一个或多个本地IP地址被翻译成一个或多个全局IP地址,反之亦然,以便为本地主机提供互联网访问。
+
+
+
+
+什么是代理?它是如何工作的?我们为什么需要它?
+
+代理服务器充当您和互联网之间的网关。它是一个中介服务器,将最终用户与他们浏览的网站分离开来。
+
+如果您使用代理服务器,互联网流量将通过代理服务器传输到您请求的地址。然后,该请求再次通过相同的代理服务器返回(有一些例外情况),然后代理服务器将从网站接收到的数据转发给您。
+
+代理服务器根据您的使用情况、需求或公司政策提供不同级别的功能、安全性和隐私保护。
+
+
+
+TCP 是什么?它如何工作?三次握手是什么?
+
+TCP 三次握手,又称为三向握手,在 TCP/IP 网络中用于建立服务器和客户端之间的连接的过程。
+
+三次握手主要用于创建 TCP 套接字连接。它在以下情况下起作用:
+
+- 一个客户节点通过IP网络向同一网络或外部网络上的服务器发送SYN数据包。该数据包的目标是询问/推断服务器是否对新连接开放。
+- 目标服务器必须具有可以接受和发起新连接的开放端口。当服务器从客户节点收到SYN数据包时,它会响应并返回确认收据 - ACK 数据包或 SYN/ACK 数据包。
+- 客户端节点接收到来自服务器的 SYN/ACK,并用一个 ACK数据包作出响应。
+
+
+
+什么是往返延迟或往返时间?
+
+摘自 [维基百科](https://en.wikipedia.org/wiki/Round-trip_delay):"发送信号所需的时间加上收到信号确认所需的时间"。
+
+附加问题:局域网的 RTT 是多少?
+
+
+
+SSL 握手是如何进行的?
+SSL 握手是在客户端和服务器之间建立安全连接的过程。
+
+1. 客户端向服务器发送一个Client Hello消息,其中包括客户端的SSL/TLS协议版本、客户端支持的加密算法列表和一个随机值。
+2. 服务器响应一个Server Hello消息,其中包括服务器的SSL/TLS协议版本、一个随机值和会话ID。
+3. 服务器发送一个证书消息,其中包含了服务器的证书。
+4. 服务器发送 Server Hello Done 信息,表示服务器已完成服务器 Hello 阶段的信息发送。
+5. 客户发送包含客户公钥的客户密钥交换信息。
+6. 客户端发送 "更改密码规格 "报文,通知服务器客户端即将发送使用新密码规格加密的报文。
+7. 客户端发送一个加密的握手消息,其中包含使用服务器的公钥加密的预主密钥。
+8. 服务器发送 "更改密码规格 "信息,通知客户端服务器即将发送使用新密码规格加密的信息。
+9. 服务器发送加密握手信息,其中包含用客户机公钥加密的预主密钥。
+10. 客户端和服务器现在可以交换应用数据。
+
+
+
+TCP 和 UDP 有什么区别?
+
+TCP 在客户端和服务器之间建立连接,以保证数据包的顺序,而 UDP 不在客户端和服务器之间建立连接,也不处理数据包顺序。这使得 UDP 比 TCP 更轻便,是流媒体等服务的理想选择。
+
+[Penguintutor.com](http://www.penguintutor.com/linux/basic-network-reference) 提供了很好的解释。
+
+
+
+您熟悉哪些 TCP/IP 协议?
+
+
+
+解释“默认网关”
+
+默认网关是一个接入点或 IP 路由器,联网计算机利用它将信息发送到另一个网络或互联网上的计算机。
+
+
+
+什么是 ARP?它是如何工作的?
+
+ARP 是地址解析协议(Address Resolution Protocol)的缩写。当您尝试 ping 本地网络上的一个 IP 地址(如 192.168.1.1)时,您的系统必须将 IP 地址 192.168.1.1 转换为 MAC 地址。这就需要使用 ARP 来解析该地址,ARP 也因此而得名。
+
+系统会保存一个 ARP 查找表,其中存储了哪些 IP 地址与哪些 MAC 地址相关联的信息。当试图向某个 IP 地址发送数据包时,系统会首先查询该表,看是否已经知道该 MAC 地址。如果有缓存值,则不使用 ARP。
+
+
+
+什么是 TTL?它有助于防止什么?
+
+- TTL(生存时间)是IP(Internet Protocol,互联网协议)数据包中的一个值,它决定了在被丢弃之前数据包可以经过多少跳或路由器。每次通过路由器转发数据包时,TTL值会减少一。当TTL值达到零时,数据包将被丢弃,并向发送方发送ICMP(Internet Control Message Protocol,互联网控制消息协议)消息以指示该数据包已过期。
+- TTL 用于防止数据包在网络中无限循环,否则会造成拥塞并降低网络性能。
+- 它还有助于防止数据包陷入路由环路,即数据包在同一组路由器之间不断往返而永远无法到达目的地。
+- 此外,TTL 还可用于帮助检测和防止 IP 欺骗攻击,在这种攻击中,攻击者试图通过使用虚假或伪造的 IP 地址来冒充网络上的其他设备。通过限制数据包的跳数,TTL 可以帮助防止数据包被路由到不合法的目的地。
+
+
+
+什么是 DHCP?它是如何工作的?
+
+它代表动态主机配置协议,为主机分配 IP 地址、子网掩码和网关。它是这样工作的:
+
+* 主机在进入网络时广播一条寻找 DHCP 服务器的信息(DHCP DISCOVER)。
+* DHCP 服务器会以数据包的形式发回要约信息,其中包含租用时间、子网掩码、IP 地址等信息(DHCP OFFER)。
+* 根据接受的提议,客户端会发送回复广播,让所有 DHCP 服务器都知道(DHCP 请求)。
+* 服务器发送确认(DHCP ACK)
+
+更多信息 [此处](https://linuxjourney.com/lesson/dhcp-overview)
+
+
+
+同一个网络中可以有两个 DHCP 服务器吗?它是如何工作的?
+
+可以在同一网络上安装两个 DHCP 服务器,但不建议这样做,而且必须仔细配置,以防止冲突和配置问题。
+- 在同一网络上配置两个 DHCP 服务器时,两个服务器都有可能为同一设备分配 IP 地址和其他网络配置设置,从而导致冲突和连接问题。此外,如果 DHCP 服务器配置了不同的网络设置或选项,网络上的设备可能会收到冲突或不一致的配置设置。
+- 不过,在某些情况下,可能有必要在同一网络中设置两个 DHCP 服务器,例如在大型网络中,一个 DHCP 服务器可能无法处理所有请求。在这种情况下,可以将 DHCP 服务器配置为不同的 IP 地址范围或不同的子网,这样它们就不会相互干扰。
+
+
+
+什么是 SSL 隧道?它是如何工作的?
+
+- SSL(安全套接字层)隧道是一种技术,用于在互联网等不安全网络上的两个端点之间建立安全的加密连接。SSL 隧道是通过将流量封装在 SSL 连接中创建的,SSL 连接可提供保密性、完整性和身份验证。
+
+下面介绍 SSL 隧道的工作原理:
+
+1. 客户端启动与服务器的 SSL 连接,其中包括建立 SSL 会话的握手过程。
+2. SSL 会话建立后,客户端和服务器会协商加密参数,如加密算法和密钥长度,然后交换数字证书,以验证彼此的身份。
+3. 客户端随后通过 SSL 隧道将流量发送到服务器,服务器解密流量并将其转发到目标位置。
+4. 服务器通过 SSL 隧道将流量发送回客户端,客户端对流量进行解密并将其转发给应用程序。
+
+
+
+什么是套接字?在哪里可以看到系统中的套接字列表?
+
+- 套接字是一种软件端点,可使进程之间通过网络进行双向通信。套接字为网络通信提供了一个标准化接口,允许应用程序在网络上发送和接收数据。查看 Linux 系统上打开的套接字列表:
+***netstat -an***
+- 该命令显示所有打开套接字的列表,以及它们的协议、本地地址、外来地址和状态。
+
+
+
+什么是 IPv6?如果我们有 IPv4,为什么还要考虑使用它?
+
+- IPv6(互联网协议版本 6)是互联网协议(IP)的最新版本,用于识别网络上的设备并与之通信。IPv6 地址是 128 位地址,用十六进制表示,如 2001:0db8:85a3:0000:0000:8a2e:0370:7334。
+
+我们应该考虑使用 IPv6 而不是 IPv4 有几个原因:
+
+1. 地址空间:IPv4 的地址空间有限,在世界上许多地方已经耗尽。IPv6 提供了更大的地址空间,可提供数万亿个唯一的 IP 地址。
+2. 安全性:IPv6 包含对 IPsec 的内置支持,为网络流量提供端到端加密和身份验证。
+3. 性能:IPv6 包括一些有助于提高网络性能的功能,例如组播路由,它允许将一个数据包同时发送到多个目的地。
+4. 简化网络配置:IPv6 包含可简化网络配置的功能,例如无状态自动配置,它允许设备自动配置自己的 IPv6 地址,而无需 DHCP 服务器。
+5. 更好的移动性支持:IPv6 包含可改进移动性支持的功能,如移动 IPv6,它允许设备在不同网络之间移动时保持其 IPv6 地址。
+
+
+
+什么是 VLAN?
+
+- VLAN(虚拟局域网)是一种逻辑网络,它将物理网络上的一组设备组合在一起,而不管它们的物理位置如何。创建 VLAN 的方法是配置网络交换机,为连接到交换机上特定端口或端口组的设备发送的帧分配特定的 VLAN ID。
+
+
+
+什么是 MTU?
+
+MTU 是最大传输单元(Maximum Transmission Unit)的缩写。它是指单个事务中可发送的最大 PDU(协议数据单元)的大小。
+
+
+
+如果发送的数据包大于 MTU,会发生什么情况?
+
+在 IPv4 协议中,路由器可以对 PDU 进行分片,然后通过事务发送所有已分片的 PDU。
+
+使用 IPv6 协议时,它会向用户计算机发出错误信息。
+
+
+
+真还是假?Ping 使用 UDP 是因为它不在乎连接是否可靠
+
+错。Ping 实际上使用的是 ICMP(互联网控制报文协议),这是一种用于发送与网络通信有关的诊断信息和控制信息的网络协议。
+
+
+
+什么是 SDN?
+
+- SDN 是软件定义网络(Software-Defined Networking)的缩写。它是一种网络管理方法,强调网络控制的集中化,使管理员能够通过软件抽象来管理网络行为。
+- 在传统网络中,路由器、交换机和防火墙等网络设备需要使用专用软件或命令行界面进行单独配置和管理。相比之下,SDN 将网络控制平面与数据平面分开,允许管理员通过集中式软件控制器管理网络行为。
+
+
+
+什么是 ICMP?它有什么用途?
+
+- ICMP 是 Internet Control Message Protocol 的缩写。它是 IP 网络中用于诊断和控制的协议。它是互联网协议套件的一部分,在网络层运行。
+
+ICMP消息被用于各种目的,包括:
+1. 错误报告:ICMP消息用于报告网络中发生的错误,例如无法将数据包传递到其目的地。
+2. Ping:ICMP 用于发送 ping 信息,该信息用于测试主机或网络是否可连接,并测量数据包的往返时间。
+3. 路径 MTU 发现:ICMP 用于发现路径的最大传输单元(MTU),即无需分片即可传输的最大数据包大小。
+4. 跟踪路由跟踪路由实用程序使用 ICMP 跟踪数据包通过网络的路径。
+5. 路由器发现ICMP 用于发现网络中的路由器。
+
+
+
+什么是 NAT?它是如何工作的?
+
+NAT 是网络地址转换的缩写。它是一种在传输信息前将多个本地专用地址映射到一个公共地址的方法。希望多个设备使用一个 IP 地址的组织和大多数家用路由器一样,都会使用 NAT。
+例如,你电脑的私有 IP 可能是 192.168.1.100,但你的路由器会将流量映射到它的公共 IP(如 1.1.1.1)。互联网上的任何设备都会看到来自公共 IP(1.1.1.1)而不是私人 IP(192.168.1.100)的流量。
+
+
+
+下列协议中使用的端口号分别是?
+
+ * SSH
+ * SMTP
+ * HTTP
+ * DNS
+ * HTTPS
+ * FTP
+ * SFTP
+
+
+ * SSH - 22
+ * SMTP - 25
+ * HTTP - 80
+ * DNS - 53
+ * HTTPS - 443
+ * FTP - 21
+ * SFTP - 22
+
+
+
+哪些因素会影响网络性能?
+
+有几个因素会影响网络性能,包括:
+
+1. 带宽:网络连接的可用带宽会极大地影响其性能。带宽有限的网络可能会出现数据传输速率慢、延迟高和响应速度差等问题。
+2. 延迟:延迟是指数据从网络中的一个点传输到另一个点时发生的延迟。高延迟会导致网络性能缓慢,尤其是视频会议和在线游戏等实时应用。
+3. 网络拥塞:当太多设备同时使用网络时,就会出现网络拥塞,导致数据传输速率缓慢和网络性能低下。
+4. 数据包丢失:当数据包在传输过程中丢失时,就会出现丢包现象。这会导致网络速度变慢,整体网络性能降低。
+5. 网络拓扑:网络的物理布局,包括交换机、路由器和其他网络设备的位置,都会影响网络性能。
+6. 网络协议:不同的网络协议具有不同的性能特征,会影响网络性能。例如,TCP 是一种可靠的协议,可以保证数据的传输,但也会因错误检查和重传所需的开销而导致性能降低。
+7. 网络安全:防火墙和加密等安全措施会影响网络性能,尤其是在需要大量处理能力或引入额外延迟的情况下。
+8. 距离:网络设备之间的物理距离会影响网络性能,尤其是无线网络,信号强度和干扰会影响连接性和数据传输速率。
+
+
+
+什么是 APIPA?
+
+APIPA 是分配给设备的一组 IP 地址
+当主 DHCP 服务器无法访问时分配给设备的 IP 地址
+
+
+
+
+APIPA 使用哪个 IP 范围?
+
+APIPA 使用的 IP 范围是169.254.0.1 - 169.254.255.254.
+
+
+
+#### 控制平面和数据平面
+
+
+"控制平面"是指什么?
+
+控制平面是网络的一部分,它决定如何将数据包路由和转发到不同的位置。
+
+
+
+数据平面 "指的是什么?
+
+数据平面是网络中实际转发数据/数据包的部分。
+
+
+
+管理平面 "指的是什么?
+
+它指的是监测和管理功能。
+
+
+
+创建路由表属于哪个平面(数据、控制......)?
+
+控制平面。
+
+
+
+解释生成树协议(STP)。
+
+
+
+什么是链路聚合?为什么要使用?
+
+
+
+什么是非对称路由?如何处理?
+
+
+
+您熟悉哪些覆盖(隧道)协议?
+
+
+
+什么是 GRE?它是如何运作的?
+
+
+
+什么是 VXLAN?它是如何工作的?
+
+
+
+什么是 SNAT?
+
+
+
+解释 OSPF。
+
+
+OSPF(开放式最短路径优先)是一种路由协议,可在各种类型的路由器上实施。一般来说,大多数现代路由器都支持 OSPF,包括思科、瞻博网络和华为等供应商的路由器。该协议设计用于基于 IP 的网络,包括 IPv4 和 IPv6。此外,它采用分层网络设计,将路由器分组为区域,每个区域都有自己的拓扑图和路由表。这种设计有助于减少路由器之间需要交换的路由信息量,提高网络的可扩展性。
+
+OSPF 4 路由器类型有
+ * Internal Router
+ * Area Border Routers
+ * Autonomous Systems Boundary Routers
+ * Backbone Routers
+
+ 了解有关 OSPF 路由器类型的更多信息: https://www.educba.com/ospf-router-types
+
+
+
+什么是延迟?
+
+延迟是指信息从信息源到达目的地所需的时间。
+
+
+
+什么是带宽?
+
+带宽是通信信道的容量,用于衡量后者在特定时间段内可处理的数据量。带宽越大,意味着处理的流量越多,数据传输量也就越大。
+
+
+
+什么是吞吐量?
+
+吞吐量是指在一定时间内通过任何传输通道传输的实际数据量。
+
+
+
+在进行搜索查询时,延迟和吞吐量哪个更重要?如何确保我们对全球基础设施进行管理?
+
+
+延迟。要获得良好的延迟,搜索查询应转发到最近的数据中心。
+
+
+
+上传视频时,延迟和吞吐量哪个更重要?如何确保这一点?
+
+吞吐量。为获得良好的吞吐量,上传数据流应被路由到未充分利用的链路。
+
+
+
+转发请求时还需要考虑哪些因素(除了延迟和吞吐量)?
+
+* 保持缓存更新(这意味着请求可能不会被转发到最近的数据中心)
+
+
+
+解释 Spine & Leaf
+
+
+
+什么是网络拥塞?什么原因会导致网络拥塞?
+
+当网络上需要传输的数据过多,而网络容量不足以满足需求时,就会出现网络拥塞。
+这会导致延迟和数据包丢失增加。原因可能是多方面的,如网络使用率高、文件传输量大、恶意软件、硬件问题或网络设计问题。
+为防止网络拥塞,必须监控网络使用情况,并实施策略来限制或管理需求。
+
+
+
+关于 UDP 数据包格式,您能告诉我什么?TCP 数据包格式如何?有何不同?
+
+
+
+什么是指数后退算法?在哪里使用?
+
+
+
+使用汉明码,以下数据字 100111010001101 的码字是什么?
+
+00110011110100011101
+
+
+
+举例说明应用层中的协议
+
+* 超文本传输协议(HTTP)--用于互联网上的网页
+* 简单邮件传输协议(SMTP)--用于电子邮件传输
+* 电信网络(TELNET)--终端模拟,允许客户端访问 telnet 服务器
+* 文件传输协议(FTP)--便于在任何两台机器之间传输文件
+* 域名系统 (DNS) - 域名转换
+* 动态主机配置协议(DHCP)--为主机分配 IP 地址、子网掩码和网关
+* 简单网络管理协议(SNMP)--收集网络设备数据
+
+
+
+举例说明网络层中的协议
+
+* 互联网协议 (IP) - 协助将数据包从一台机器路由到另一台机器
+* 互联网控制消息协议(ICMP)--让人知道发生了什么,如错误信息和调试信息
+
+
+
+什么是 HSTS?
+HTTP 严格传输安全(HTTP Strict Transport Security)是一种网络服务器指令,它通过在开始时发送并返回给浏览器的响应标头,告知用户代理和网络浏览器如何处理其连接。这将强制通过 HTTPS 加密连接,忽略任何脚本通过 HTTP 加载该域中任何资源的调用。
+
+阅读更多 [此处](https://www.globalsign.com/en/blog/what-is-hsts-and-how-do-i-use-it#:~:text=HTTP%20Strict%20Transport%20Security%20(HSTS,and%20back%20to%20the%20browser.)
+
+
+#### 网络 - 其他
+
+
+什么是互联网?它和万维网一样吗?
+
+互联网是一个由网络组成的网络,在全球范围内传输大量数据。
+万维网是一个运行在数百万服务器上的应用程序,它位于互联网之上,可通过所谓的网络浏览器访问
+
+
+
+什么是ISP?
+
+ISP(互联网服务提供商)是当地的互联网公司。
+
+
## DevOps
diff --git a/README.md b/README.md
index 16f3f630d..a881cdb2d 100644
--- a/README.md
+++ b/README.md
@@ -3953,10 +3953,31 @@ True
What is the workflow of retrieving data from Ceph?
+The work flow is as follows:
+
+1. The client sends a request to the ceph cluster to retrieve data:
+> **Client could be any of the following**
+>> * Ceph Block Device
+>> * Ceph Object Gateway
+>> * Any third party ceph client
+
+
+2. The client retrieves the latest cluster map from the Ceph Monitor
+3. The client uses the CRUSH algorithm to map the object to a placement group. The placement group is then assigned to a OSD.
+4. Once the placement group and the OSD Daemon are determined, the client can retrieve the data from the appropriate OSD
+
+
-What is the workflow of retrieving data from Ceph?
+What is the workflow of writing data to Ceph?
+The work flow is as follows:
+
+1. The client sends a request to the ceph cluster to retrieve data
+2. The client retrieves the latest cluster map from the Ceph Monitor
+3. The client uses the CRUSH algorithm to map the object to a placement group. The placement group is then assigned to a Ceph OSD Daemon dynamically.
+4. The client sends the data to the primary OSD of the determined placement group. If the data is stored in an erasure-coded pool, the primary OSD is responsible for encoding the object into data chunks and coding chunks, and distributing them to the other OSDs.
+
diff --git a/certificates/aws-cloud-practitioner.md b/certificates/aws-cloud-practitioner.md
index 7e72b631e..80f70ecb5 100644
--- a/certificates/aws-cloud-practitioner.md
+++ b/certificates/aws-cloud-practitioner.md
@@ -1,6 +1,6 @@
## AWS - Cloud Practitioner
-A summary of what you need to know for the exam can be found [here](https://codingshell.com/aws-cloud-practitioner)
+A summary of what you need to know for the exam can be found [here](https://aws.amazon.com/certification/certified-cloud-practitioner/)
#### Cloud 101
diff --git a/scripts/aws s3 event triggering/README.md b/scripts/aws s3 event triggering/README.md
new file mode 100644
index 000000000..de9ef00f9
--- /dev/null
+++ b/scripts/aws s3 event triggering/README.md
@@ -0,0 +1 @@
+[](./sample.png)
diff --git a/scripts/aws s3 event triggering/aws_s3_event_trigger.sh b/scripts/aws s3 event triggering/aws_s3_event_trigger.sh
new file mode 100644
index 000000000..1e6f275c5
--- /dev/null
+++ b/scripts/aws s3 event triggering/aws_s3_event_trigger.sh
@@ -0,0 +1,122 @@
+#!/bin/bash
+
+# always put up the detail of scripts . version, author, what it does, what event triggers and all ..
+
+###
+# Author: Adarsh Rawat
+# Version: 1.0.0
+# Objective: Automate Notification for a object uploaded or created in s3 bucket.
+###
+
+# debug what is happening
+set -x
+
+# all these cmds are aws cli commands | abhishek veermalla day 4-5 devops
+
+# store aws account id in a variable
+aws_account_id=$(aws sts get-caller-identity --query 'Account' --output text)
+
+# print the account id from the variable
+echo "aws account id: $aws_account_id"
+
+# set aws region, bucket name and other variables
+aws_region="us-east-1"
+aws_bucket="s3-lambda-event-trigger-bucket"
+aws_lambda="s3-lambda-function-1"
+aws_role="s3-lambda-sns"
+email_address="adarshrawat8304@gmail.com"
+
+# create iam role for the project
+role_response=$(aws iam create-role --role-name s3-lambda-sns --assume-role-policy-document '{
+ "Version": "2012-10-17",
+ "Statement": [{
+ "Action": "sts:AssumeRole",
+ "Effect": "Allow",
+ "Principal": {
+ "Service": [
+ "lambda.amazonaws.com",
+ "s3.amazonaws.com",
+ "sns.amazonaws.com"
+ ]
+ }
+ }]
+}')
+
+# jq is json parser here parse the role we created
+
+# extract the role arn from json resposne and store in variable
+role_arn=$(echo "$role_response" | jq -r '.Role.Arn')
+
+# print the role arn
+echo "Role ARN: $role_arn"
+
+# attach permissions to the role
+aws iam attach-role-policy --role-name $aws_role --policy-arn arn:aws:iam::aws:policy/AWSLambda_FullAccess
+aws iam attach-role-policy --role-name $aws_role --policy-arn arn:aws:iam::aws:policy/AmazonSNSFullAccess
+
+# create s3 bucket and get the output in a variable
+bucket_output=$(aws s3api create-bucket --bucket "$aws_bucket" --region "$aws_region")
+
+# print the output from the variable
+echo "bucket output: $bucket_output"
+
+# upload a file to the bucket
+aws s3 cp ./sample.png s3://"$aws_bucket"/sample.png
+
+# create a zip file to upload lambda function
+zip -r s3-lambda.zip ./s3-lambda
+
+sleep 5
+
+# create a lambda function
+aws lambda create-function \
+ --region $aws_region \
+ --function $aws_lambda \
+ --runtime "python3.8" \
+ --handler "s3-lambda/s3-lambda.lambda_handler" \
+ --memory-size 128 \
+ --timeout 30 \
+ --role "arn:aws:iam::$aws_account_id:role/$aws_role" \
+ --zip-file "fileb://./s3-lambda.zip"
+
+# add permissions to s3 bucket to invoke lambda
+LambdaFunctionArn="arn:aws:lambda:us-east-1:$aws_account_id:function:s3-lambda"
+aws s3api put-bucket-notification-configuration \
+ --region "$aws_region" \
+ --bucket "$aws_bucket" \
+ --notification-configuration '{
+ "LambdaFunctionConfigurations": [{
+ "LambdaFunctionArn": "'"$LambdaFunctionArn"'",
+ "Events": ["s3:ObjectCreated:*"]
+ }]
+}'
+
+aws s3api put-bucket-notification-configuration \
+ --region "$aws_region" \
+ --bucket "$aws_bucket" \
+ --notification-configuration '{
+ "LambdaFunctionConfigurations": [{
+ "LambdaFunctionArn": "'"$LambdaFunctionArn"'",
+ "Events": ["s3:ObjectCreated:*"]
+ }]
+}'
+
+# create an sns topic and save the topic arn to a variable
+topic_arn=$(aws sns create-topic --name s3-lambda-sns --output json | jq -r '.TopicArn')
+
+# print the topic arn
+echo "SNS Topic ARN: $topic_arn"
+
+# Trigger SNS topic using lambda function
+
+# Add sns topic using lambda function
+aws sns subscribe \
+ --topic-arn "$topic_arn" \
+ --protocol email \
+ --notification-endpoint "$email_address"
+
+# publish sns
+aws sns publish \
+ --topic-arn "$topic_arn" \
+ --subject "A new object created in s3 bucket" \
+ --message "Hey, a new data object just got delievered into the s3 bucket $aws_bucket"
diff --git a/scripts/aws s3 event triggering/s3-lambda/requirements.txt b/scripts/aws s3 event triggering/s3-lambda/requirements.txt
new file mode 100644
index 000000000..58bd758fb
--- /dev/null
+++ b/scripts/aws s3 event triggering/s3-lambda/requirements.txt
@@ -0,0 +1 @@
+boto3==1.17.95
\ No newline at end of file
diff --git a/scripts/aws s3 event triggering/s3-lambda/s3-lambda.py b/scripts/aws s3 event triggering/s3-lambda/s3-lambda.py
new file mode 100644
index 000000000..0fab7aa84
--- /dev/null
+++ b/scripts/aws s3 event triggering/s3-lambda/s3-lambda.py
@@ -0,0 +1,38 @@
+import boto3
+import json
+
+def lambda_handler(event, context):
+
+ # i want to know that event thing
+ print(event)
+
+ # extract relevant information from the s3 event trigger
+ bucket_name=event['Records'][0]['s3']['bucket']['name']
+ object_key=event['Records'][0]['s3']['object']['key']
+
+ # perform desired operations with the upload file
+ print(f"File '{object_key}' was uploaded to bucket '{bucket_name}'")
+
+ # example: send a notification via sns
+ sns_client=boto3.client('sns')
+ topic_arn='arn:aws:sns:us-east-1::s3-lambda-sns'
+ sns_client.publish(
+ TopicArn=topic_arn,
+ Subject='s3 object created !!',
+ Message=f"File '{object_key}' was uploaded to bucket '{bucket_name}"
+ )
+
+ # Example: Trigger another Lambda function
+ # lambda_client = boto3.client('lambda')
+ # target_function_name = 'my-another-lambda-function'
+ # lambda_client.invoke(
+ # FunctionName=target_function_name,
+ # InvocationType='Event',
+ # Payload=json.dumps({'bucket_name': bucket_name, 'object_key': object_key})
+ # )
+ # in case of queuing and other objective similar to the netflix flow of triggering
+
+ return {
+ 'statusCode': 200,
+ 'body': json.dumps("Lambda function executed successfully !!")
+ }
diff --git a/scripts/aws s3 event triggering/sample.png b/scripts/aws s3 event triggering/sample.png
new file mode 100644
index 000000000..c260ba505
Binary files /dev/null and b/scripts/aws s3 event triggering/sample.png differ
diff --git a/topics/aws/README.md b/topics/aws/README.md
index c17d49305..d8d9ce2e2 100644
--- a/topics/aws/README.md
+++ b/topics/aws/README.md
@@ -1,8 +1,8 @@
# AWS
-**Note**: Some of the exercises cost $$$ and can't be performed using the free tier/resources
+**Note**: Some of the exercises cost $$$ and can't be performed using the free tier or resources
-**2nd Note**: Provided solutions are using the AWS console. It's recommended you'll use IaC technologies to solve the exercises (e.g. Terraform, Pulumi).
+**2nd Note**: The provided solutions are using the AWS console. It's recommended you use IaC technologies to solve the exercises (e.g., Terraform, Pulumi).
- [AWS](#aws)
- [Exercises](#exercises)
@@ -10,7 +10,7 @@
- [EC2](#ec2)
- [S3](#s3)
- [ELB](#elb)
- - [Auto Scaling Groups](#auto-scaling-groups)
+ - [Auto Scaling Groups] (#auto-scaling-groups)
- [VPC](#vpc)
- [Databases](#databases)
- [DNS](#dns)
@@ -24,14 +24,14 @@
- [Global Infrastructure](#global-infrastructure)
- [IAM](#iam-1)
- [EC2](#ec2-1)
- - [AMI](#ami)
- - [EBS](#ebs)
- - [Instance Store](#instance-store)
- - [EFS](#efs)
- - [Pricing Models](#pricing-models)
- - [Launch Template](#launch-template)
- - [ENI](#eni)
- - [Placement Groups](#placement-groups)
+ - [AMI](#ami)
+ - [EBS](#ebs)
+ - [Instance Store](#instance-store)
+ - [EFS](#efs)
+ - [Pricing Models](#pricing-models)
+ - [Launch Template](#launch-template)
+ - [ENI](#eni)
+ - [Placement Groups](#placement-groups)
- [VPC](#vpc-1)
- [Default VPC](#default-vpc)
- [Lambda](#lambda-1)
@@ -63,7 +63,7 @@
- [SNS](#sns)
- [Monitoring and Logging](#monitoring-and-logging)
- [Billing and Support](#billing-and-support)
- - [AWS Organizations](#aws-organizations)
+ - [AWS Organizations](#aws-organizations)
- [Automation](#automation)
- [Misc](#misc-2)
- [High Availability](#high-availability)
@@ -3485,6 +3485,6 @@ More details are missing to determine for sure but it might be better to decoupl
What's an ARN?
-ARN (Amazon Resources Names) used for uniquely identifying different AWS resources.
-It is used when you would like to identify resource uniqely across all AWS infra.
+ARN (Amazon Resources Names) are used for uniquely identifying different AWS resources.
+It is used when you would like to identify resource uniqely across all AWS infrastructures.
diff --git a/topics/cloud/README.md b/topics/cloud/README.md
index c56cca66c..af139ce0b 100644
--- a/topics/cloud/README.md
+++ b/topics/cloud/README.md
@@ -91,6 +91,16 @@ AWS definition: "AWS Auto Scaling monitors your applications and automatically a
Read more about auto scaling [here](https://aws.amazon.com/autoscaling)
+
+What is the difference between horizontal scaling and vertical scaling?
+
+[AWS Docs](https://wa.aws.amazon.com/wellarchitected/2020-07-02T19-33-23/wat.concept.horizontal-scaling.en.html):
+
+A "horizontally scalable" system is one that can increase capacity by adding more computers to the system. This is in contrast to a "vertically scalable" system, which is constrained to running its processes on only one computer; in such systems the only way to increase performance is to add more resources into one computer in the form of faster (or more) CPUs, memory or storage.
+
+Horizontally scalable systems are oftentimes able to outperform vertically scalable systems by enabling parallel execution of workloads and distributing those across many different computers.
+
+
True or False? Auto Scaling is about adding resources (such as instances) and not about removing resource
@@ -105,4 +115,4 @@ False. Auto scaling adjusts capacity and this can mean removing some resources b
* Instance should have minimal permissions needed. You don't want an instance-level incident to become an account-level incident
* Instances should be accessed through load balancers or bastion hosts. In other words, they should be off the internet (in a private subnet behind a NAT).
* Using latest OS images with your instances (or at least apply latest patches)
-
+
\ No newline at end of file
diff --git a/topics/linux/README.md b/topics/linux/README.md
index 92e3cac74..800d61e2c 100644
--- a/topics/linux/README.md
+++ b/topics/linux/README.md
@@ -360,6 +360,7 @@ It contains useful information about the processes that are currently running, i
What makes /proc different from other filesystems?
+/proc is a special virtual filesystem in Unix-like operating systems, including Linux, that provides information about processes and system resources.
@@ -433,6 +434,10 @@ Its a bit that only allows the owner or the root user to delete or modify the fi
What is sudo? How do you set it up?
+sudo is a command-line utility in Unix-like operating systems that allows users to run programs with the privileges of another user, usually the superuser (root). It stands for "superuser do.
+
+The sudo program is installed by default in almost all Linux distributions. If you need to install sudo in Debian/Ubuntu, use the command apt-get install sudo
+
@@ -2138,6 +2143,20 @@ This is a good article about the topic: https://ops.tips/blog/how-linux-creates-
You executed a script and while still running, it got accidentally removed. Is it possible to restore the script while it's still running?
+It is possible to restore a script while it's still running if it has been accidentally removed. The running script process still has the code in memory. You can use the /proc filesystem to retrieve the content of the running script.
+1.Find the Process ID by running
+```
+ps aux | grep yourscriptname.sh
+```
+Replace yourscriptname.sh with your script name.
+2.Once you have the PID, you can access the script's memory through the /proc filesystem. The script will be available at /proc//fd/, where is the process ID of the running script. Typically, the script's file descriptor is 0 or 1.
+
+You can copy the script content to a new file using the cp command:
+```
+cp /proc//fd/0 /path_to_restore_your_file/yourscriptname.sh
+```
+Replace with the actual PID of the script and /path_to_restore_your_file/yourscriptname.sh with the path where you want to restore the script.
+
diff --git a/topics/terraform/README.md b/topics/terraform/README.md
index 1f01fd5bd..c656baa77 100644
--- a/topics/terraform/README.md
+++ b/topics/terraform/README.md
@@ -1,4 +1,4 @@
-# Terraform
+# Terraform
- [Terraform](#terraform)
- [Exercises](#exercises)
@@ -71,7 +71,7 @@
- Full automation: In the past, resource creation, modification and removal were handled manually or by using a set of tooling. With Terraform or other IaC technologies, you manage the full lifecycle in an automated fashion.
- Modular and Reusable: Code that you write for certain purposes can be used and assembled in different ways. You can write code to create resources on a public cloud and it can be shared with other teams who can also use it in their account on the same (or different) cloud>
- Improved testing: Concepts like CI can be easily applied on IaC based projects and code snippets. This allow you to test and verify operations beforehand
--
+-
@@ -80,7 +80,7 @@
- Declarative: Terraform uses the declarative approach (rather than the procedural one) in order to define end-status of the resources
- No agents: as opposed to other technologies (e.g. Puppet) where you use a model of agent and server, with Terraform you use the different APIs (of clouds, services, etc.) to perform the operations
- Community: Terraform has strong community who constantly publishes modules and fixes when needed. This ensures there is good modules maintenance and users can get support quite quickly at any point
--
+-
@@ -186,7 +186,7 @@ Run `terraform apply`. That will apply the changes described in your .tf files.
A user should be careful with this command because there is no way to revert it. Sure, you can always run again "apply" but that can take time, generates completely new resources, etc.
-### Dependencies
+### Dependencies
Sometimes you need to reference some resources in the same or separate .tf file. Why and how it's done?
@@ -201,7 +201,7 @@ In your AWS instance it would like that:
```
resource "aws_instance" "some-instance" {
-
+
ami = "some-ami"
instance_type = "t2.micro"
vpc_security_group_ids = [aws_security_group.instance.id]
@@ -215,7 +215,7 @@ resource "aws_instance" "some-instance" {
Yes, when there is a dependency between different Terraform resources, you want the resources to be created in the right order and this is exactly what Terraform does.
-To make it ever more clear, if you have a resource X that references the ID of resource Y, it doesn't makes sense to create first resource X because it won't have any ID to get from a resource that wasn't created yet.
+To make it ever more clear, if you have a resource X that references the ID of resource Y, it doesn't makes sense to create first resource X because it won't have any ID to get from a resource that wasn't created yet.
@@ -237,7 +237,7 @@ The output is in DOT - A graph description language.
Where can you find publicly available providers?
-In the [Terraform Registry](https://registry.terraform.io/browse/providers)
+In the [Terraform Registry](https://registry.terraform.io/browse/providers)
@@ -419,10 +419,10 @@ True
- The file `terraform.tfvars`
- Environment variable
- Using `-var` or `-var-file`
-
+
According to variable precedence, which source will be used first?
-The order is:
+Terraform loads variables in the following order, with later sources taking precedence over earlier ones:
- Environment variable
- The file `terraform.tfvars`
@@ -487,9 +487,9 @@ You have multiple hardcoded values that repeat themselves in different sections,
```
variable "app_id" {
- type = string
+ type = string
description = "The id of application"
- default = "some_value"
+ default = "some_value"
}
```
@@ -638,7 +638,7 @@ data "aws_vpc" "default {
}
```
-You can retrieve the ID attribute this way: `data.aws_vpc.default.id`
+You can retrieve the ID attribute this way: `data.aws_vpc.default.id`
@@ -716,6 +716,9 @@ Since a provisioner can run a variety of actions, it's not always feasible to pl
What is local-exec
and remote-exec
in the context of provisioners?
+
+local-exec
provisioners run commands on the machine where Terraform is executed, while remote-exec
provisioners run commands on the remote resource.
+
@@ -747,11 +750,6 @@ There are quite a few cases you might need to use them:
Output variables are named values that are sourced from the attributes of a module. They are stored in terraform state, and can be used by other modules through remote_state
-
-Explain remote-exec
and local-exec
-
-
-
Explain "Remote State". When would you use it and how?
Terraform generates a `terraform.tfstate` json file that describes components/service provisioned on the specified provider. Remote
@@ -833,7 +831,7 @@ There is more than one answer to this question. It's very much depends on whethe
- tfstate contains credentials in plain text. You don't want to put it in publicly shared location
- tfstate shouldn't be modified concurrently so putting it in a shared location available for everyone with "write" permissions might lead to issues. (Terraform remote state doesn't has this problem).
- tfstate is an important file. As such, it might be better to put it in a location that has regular backups and good security.
-
+
As such, tfstate shouldn't be stored in git repositories. secured storage such as secured buckets, is a better option.
@@ -855,7 +853,7 @@ In general, storing state file on your computer isn't a problem. It starts to be
- Don't edit it manually. tfstate was designed to be manipulated by terraform and not by users directly.
- Store it in secured location (since it can include credentials and sensitive data in general)
- - Backup it regularly so you can roll-back easily when needed
+ - Backup it regularly so you can roll-back easily when needed
- Store it in remote shared storage. This is especially needed when working in a team and the state can be updated by any of the team members
- Enabled versioning if the storage where you store the state file, supports it. Versioning is great for backups and roll-backs in case of an issue.
@@ -902,7 +900,7 @@ Let's say we chose use Amazon s3 as a remote Terraform backend where we can stor
4. Block public access
5. Handle locking. One way is to add DB for it
6. Add the point you'll want to run init and apply commands to avoid an issue where you at the same time create the resources for remote backend and also switch to a remote backend
-7. Once resources were created, add Terraform backend code
+7. Once resources were created, add Terraform backend code
```
terraform {
@@ -911,7 +909,7 @@ terraform {
}
}
```
-7. Run `teraform init` as it will configure the backend
+7. Run `terraform init` as it will configure the backend
@@ -1044,14 +1042,25 @@ resource "some_resource" "some_name" {
-You have a list variable called "users". How to access the second item in that list and attribute called "name"?
+You have a list variable called "users" with an object containing a name attribute like this:
+
+```
+variable "users" {
+ type = list(object({
+ name = string
+ age = number
+ }))
+}
+```
+
+How to access the name attribute of the second item in that list?
`users[1].name`
-You have a list variable called "users". How to access attribute "name" of all items?
+Given the same list, how to access attribute "name" of all items?
`users[*].name`
@@ -1139,7 +1148,7 @@ resource "aws_iam_user" "user" {
```
resource “google_compute_instance” “instances” {
-
+
for_each = var.names_map
name = each.value
}
@@ -1147,11 +1156,11 @@ resource “google_compute_instance” “instances” {
-The following resource tries to use for_each loop on a list of string but it fails, why?
+The following resource tries to use for_each loop on a list of strings but it fails, why?
```
resource “google_compute_instance” “instances” {
-
+
for_each = var.names
name = each.value
}
@@ -1261,11 +1270,11 @@ output "name_and_age" {
-You have a map variable, called "users", with the keys "name" (string) and "age" (float). Define an output map variable with the key being name in uppercase and value being age in the closest whole number
+You have a map variable, called "users", with the keys "name" (string) and "age" (number). Define an output map variable with the key being name in uppercase and value being age in the closest whole number
```
output "name_and_age" {
- value = {for name, age in var.users : upper(name) => floor(age)
+ value = {for name, age in var.users : upper(name) => floor(age)
}
```
@@ -1357,7 +1366,7 @@ Renders a template file and returns the result as string.
You are trying to use templatefile as part of a module and you use a relative path to load a file but sometimes it fails, especially when others try to reuse the module. How can you deal with that?
-Switch relative paths with what is known as path references. These are fixes paths like module root path, module expression file path, etc.
+Switch relative paths with what is known as path references. These are fixes: paths like module root path, module expression file path, etc.
@@ -1387,7 +1396,7 @@ False. terraform console is ready-only.
Explain what depends_on
used for and given an example
-`depends_on` used to create a dependency between resources in Terraform. For example, there is an application you would like to deploy in a cluster. If the cluster isn't ready (and also managed by Terraform of course) then you can't deploy the app. In this case, you will define "depends_on" in the app configuration and its value will be the cluster resource.
+`depends_on` used to create an explicit dependency between resources in Terraform. For example, there is an application you would like to deploy in a cluster. If the cluster isn't ready (and also managed by Terraform of course) then you can't deploy the app. In this case, you will define "depends_on" in the app configuration and its value will be the cluster resource.
@@ -1490,7 +1499,7 @@ module "amazing_module" {
What should be done every time you modify the source parameter of a module?
-`terraform init` should be executed as it takes care of downloading and installing the module from the new path.
+`terraform get -update` should be executed as it takes care of downloading and installing the module from the new path.
@@ -1550,9 +1559,11 @@ It's does NOT create the definitions/configuration for creating such infrastruct
You have a Git repository with Terraform files but no .gitignore. What would you add to a .gitignore file in Terraform repository?
```
-.terraform
+**/.terraform/*
*.tfstate
-*.tfstate.backup
+*.tfstate.*
+*.tfvars
+*.tfvars.json
```
You don't want to store state file nor any downloaded providers in .terraform directory. It also doesn't makes sense to share/store the state backup files.
@@ -1562,17 +1573,18 @@ You don't want to store state file nor any downloaded providers in .terraform di
### AWS
-What happens if you update user_data in the following case apply the changes?
+What happens if you update user_data in the following case and apply the changes?
```
resource "aws_instance" "example" {
ami = "..."
instance_type = "t2.micro"
-user_data = <<-EOF
- #!/bin/bash
- echo "Hello, World" > index.xhtml
- EOF
+ user_data = <<-EOF
+ #!/bin/bash
+ echo "Hello, World" > index.xhtml
+ EOF
+}
```
@@ -1703,7 +1715,7 @@ provider "aws" {
```
-It's not secure! you should never store credentials in plain text this way.
+It's not secure! you should never store credentials in plain text this way.
@@ -1787,7 +1799,7 @@ terraform_project/
Each environment has its own backend (as you don't want to use the same authentication and access controls for all environments)
-Going further, under each environment you'll separate between comoponents, applications and services
+Going further, under each environment you'll separate between components, applications and services
```
diff --git a/topics/terraform/exercises/s3_bucket_rename/exercise.md b/topics/terraform/exercises/s3_bucket_rename/exercise.md
index b3a8a4bb0..f2d92dd6f 100644
--- a/topics/terraform/exercises/s3_bucket_rename/exercise.md
+++ b/topics/terraform/exercises/s3_bucket_rename/exercise.md
@@ -11,10 +11,12 @@ resource "aws_s3_bucket" "some_bucket" {
}
```
+Attention: Since S3 buckets are globally unique, you will likely have to rename the bucket as someone else might have named it that way already.
+
## Objectives
1. Rename an existing S3 bucket and make sure it's still tracked by Terraform
## Solution
-Click [here to view the solution](solution.md)
\ No newline at end of file
+Click [here to view the solution](solution.md)
diff --git a/topics/terraform/exercises/s3_bucket_rename/solution.md b/topics/terraform/exercises/s3_bucket_rename/solution.md
index c7ecaf437..622328be0 100644
--- a/topics/terraform/exercises/s3_bucket_rename/solution.md
+++ b/topics/terraform/exercises/s3_bucket_rename/solution.md
@@ -11,6 +11,8 @@ resource "aws_s3_bucket" "some_bucket" {
}
```
+Attention: Since S3 buckets are globally unique, you will likely have to rename the bucket as someone else might have named it that way already.
+
## Objectives
1. Rename an existing S3 bucket and make sure it's still tracked by Terraform
@@ -24,10 +26,12 @@ aws s3 mb s3://some-new-bucket-123
# Sync old bucket to new bucket
aws s3 sync s3://some-old-bucket s3://some-new-bucket-123
-# Remove the old bucket from Terraform's state
+# Option 1 (remove and import)
+
+## Remove the old bucket from Terraform's state
terraform state rm aws_s3_bucket.some_bucket
-# Import new bucket to Terraform's state
+## Import new bucket to Terraform's state
terraform import aws_s3_bucket.some_bucket some-new-bucket-123
: '
@@ -38,6 +42,18 @@ The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.
'
+# Option 2 (move)
+
+## Move the old bucket from Terraform's state to the new one
+terraform state mv aws_s3_bucket.some_bucket some-new-bucket-123
+
+: '
+Move "aws_s3_bucket.some_bucket" to "aws_s3_bucket.some-new-bucket-123"
+Successfully moved 1 object(s).
+'
+
+# Modify Terraform file
+
# Modify the Terraform definition to include the new name
# resource "aws_s3_bucket" "some_bucket" {
# bucket = "some-new-bucket-123"
@@ -46,4 +62,4 @@ your Terraform state and will henceforth be managed by Terraform.
# Remove old bucket
aws s3 rm s3://some-old-bucket --recursive
aws s3 rb s3://some-old-bucket
-```
\ No newline at end of file
+```