ping -c 4 <controller -ip> netstat -tulnp | grep 5672 # Verify RabbitMQ connectivity 4. If necessary, restart the Nova compute service: systemctl restart openstack -nova -compute 5. Ensure that the compute node is enabled in OpenStack: openstack compute service set <compute -node> nova -compute --enable openstack compute service list --host <compute -node> You need to perform a rolling restart of the OpenStack Overcloud without downtime. How would you restart services one at a time to maintain availability?
Your OpenStack Overcloud is experiencing slow performance, and users report delays in launching instances. How would you diagnose and resolve performance bottlenecks?
1. Install SSL/TLS packages if not already installed: yum install -y mod_ssl openssl 2. Generate an SSL certificate for the API service: openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -keyout /etc/pki/tls/private/openstack -api.key \ -out /etc/pki/tls/certs/openstack -api.crt 3. Update OpenStack configuration to use SSL (Example for Keystone): vi /etc/keystone/keystone.conf Add the following lines under [ssl]: enable=true cert_file=/etc/pki/tls/certs/openstack -api.crt key_file=/etc/pki/tls/private/openstack -api.key 4. Restart Keystone to apply changes: systemctl restart openstack -keystone 5. Verify HTTPS connectivity: curl -k https://<controller -ip>:5000/v3 To secure OpenStack authentication, you need to enforce strong password policies for Keystone users. How would you configure password complexity and expiration policies?
lockout_duration = 300 lockout_failure_attempts = 5 3. Restart Keystone to apply changes: systemctl restart openstack -keystone 4. Test the new policy by creating a user with an invalid password: openstack user create --domain default --password weakpass testuser You need to secure SSH access to OpenStack nodes by disabling root login and enforcing key-based authentication. How would you configure these security measures?
Explanation: 1. Check current SELinux mode: getenforce 2. Set SELinux to enforcing mode if not already enabled: setenforce 1 sed -i 's/SELINUX=permissive/SELINUX=enforcing/' /etc/selinux/config 3. Verify OpenStack services are running under correct SELinux policies: ps -eZ | grep openstack 4. Restore correct SELinux contexts if necessary: restorecon -Rv /var/lib/nova /var/lib/glance You need to configure AIDE (Advanced Intrusion Detection Environment) to monitor system files for unauthorized changes. How would you install and configure AIDE?
➢ TOTAL QUESTIONS: 290 You are responsible for managing the OpenStack control plane and ensuring all core services are running without failure. A user reports that OpenStack Compute (Nova) is not responding. Your task is to check the status of all OpenStack services on the control plane, restart any failed services, and verify that they are running correctly. How would you achieve this?
