I had my interview round in which I discussed my architecture on which I was working, which includes AWS, Linux Administrations, troubleshooting, monitoring, grafana, Docker containerization, scripting, etc. The interviewer was more focusing on Linux, AWS, and scripting as those were his primary requirements.
He began with a basic Linux understanding of mine, with containerization, and then AWS. Their infrastructure was completely on AWS.
In Linux, he began with the basic operations, I start my day with, for example, health check of the server. Commands, automation scripts if any.
What is the specific command used for and explain output in detail? - why we see 3 values of load average.
18:51:01 up 2 days, 6:42, 0 users, load average: 0.27, 0.15, 0.10
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHATThe difference between symlink and hardink
System calls
Kernel
Operating system concepts
What if I want to run a specific command or script while server boots up? - rc.local.
How can I make a service in Linux? (/etc/init.d/your-service-name)
How to check the memory utilization of a specific process? ps aux|grep PID or top command
How to check which port is used by which process? - netstat -antp
Follow up question:- please explain tags used with netstat, -antp
What services have you used in AWS?
What is the AWS EC2 service? - Server/Workstation/Development server
What is AWS VPC? - it's a network in the cloud containing a network block/CIDR example:- 10.0.0.0/16
What is the difference between the public subnet and private subnet? -
- The subnet which is directly attached to Internet Gateway is a public subnet. (Web servers are normally in the public subnet)
- The subnet which is attached to NAT Gateway is a private subnet.
Follow-up question:- What is NAT gateway?
If I have database servers involved in my infrastructure, I won't be keeping those servers in public subnet/exposing to the public. In fact, I will be keeping them in a private subnet, and attaching a NAT gateway to those route table which is associated with subnets so that database servers should talk to the internet for updating patches, etc.
In short NAT gateway is used for the internet access for those servers which are in a private subnet.
What is the difference between ALB and ELB? Basically you can do context path-based routing in ALB, can't do it in ELB (key difference). Obviously ALB is your application load balancer which is Layer7.
What are AWS Autoscaling groups and AWS Launch Configuration?
And then I got an assignment to create 3 nodes of Nginx web servers with an AWS Application Load Balancer on top of those 3 nodes. This question includes almost all resources which were asked in an interview
This is the main terraform file, where all resources are defined
provider "aws"{
region = "us-east-2"
}
resource "aws_vpc" "tf_vpc" {
cidr_block = "10.0.0.0/16"
}
resource "aws_subnet" "tf_subnet"{
cidr_block = "10.0.0.0/24"
vpc_id = "${aws_vpc.tf_vpc.id}"
map_public_ip_on_launch = true
}
resource "aws_internet_gateway" "ig"{
vpc_id = "${aws_vpc.tf_vpc.id}"
}
resource "aws_route_table" "routes" {
vpc_id = "${aws_vpc.tf_vpc.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.ig.id}"
}
}
resource "aws_route_table_association" "ra" {
subnet_id = "${aws_subnet.tf_subnet.id}"
route_table_id = "${aws_route_table.routes.id}"
}
resource "aws_security_group" "sg_ec2" {
name = "Web Security Group"
description = "Security group to access ec2 instances"
vpc_id = "${aws_vpc.tf_vpc.id}"
#SSH access from anywhere
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
#HTTP access from anywhere
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
#ELB security group
resource "aws_security_group" "elb_sg" {
name = "elb security"
description = "for accessing ELB"
vpc_id = "${aws_vpc.tf_vpc.id}"
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
# ensure the VPC has an Internet gateway or this step will fail
depends_on = ["aws_internet_gateway.ig"]
}
resource "aws_elb" "web" {
name = "test-elb"
subnets = ["${aws_subnet.tf_subnet.id}"]
security_groups = ["${aws_security_group.elb_sg.id}"]
listener {
instance_port = 80
instance_protocol = "http"
lb_port = 80
lb_protocol = "http"
}
health_check {
healthy_threshold = 2
unhealthy_threshold = 2
timeout = 3
target = "HTTP:80/"
interval = 30
}
instances = ["${aws_instance.web.*.id}"]
cross_zone_load_balancing = true
idle_timeout = 400
#connection_draining = true
#connection_drain_timeout = 400
}
resource "aws_instance" "web" {
count = "${var.aws_instance_count}"
instance_type = "t2.micro"
ami = "${lookup(var.aws_amis,var.aws_region)}"
key_name = "awsshop"
vpc_security_group_ids = ["${aws_security_group.sg_ec2.id}"]
subnet_id = "${aws_subnet.tf_subnet.id}"
connection {
type = "ssh"
user = "ubuntu"
private_key = "${file("/root/terraform/awsshop.pem")}"
}
provisioner "remote-exec" {
inline = [
"sudo apt-get update -y && sudo apt-get update -y",
"sudo apt-get install apache2 -y",
]
}
}Here we go with the variables.tf for inputs. If inputs not provided it will take default values.
variable "key_name" {
description = "name of ssh keypair"
}
variable "aws_region" {
default = "us-east-2"
}
variable "aws_amis" {
default = {
"us-east-2" = "ami-0c55b159cbfafe1f0"
}
}
variable "aws_instance_count" {
default = "3"
}I also have output file which will print the CNAME or DNS name of ALB for accessing our web server.
output "address" {
value = "${aws_elb.web.dns_name}"
}Here is my Github link for this project.
Comentarios