DevOps Tools Engineer Objectives V2.0: Difference between revisions

From LPI Wiki
Jump to navigationJump to search
Bootstrap by copying version 1.0
 
 
(23 intermediate revisions by 2 users not shown)
Line 16: Line 16:
==Version Information==
==Version Information==


These objectives are version 1.0.0.  
These objectives are '''A DRAFT FOR''' version 2.0.0.  


<br />
<br />
Line 24: Line 24:
The following translations of the objectives are available on this wiki:
The following translations of the objectives are available on this wiki:


* [[DevOps_Tools_Engineer_Objectives_V1|English]]
* [[DevOps_Tools_Engineer_Objectives_V2.0|English]]
* [[DevOps_Tools_Engineer_Objectives_V1(ES)|Spanish]]
* [[DevOps_Tools_Engineer_Objectives_V1(JA)|Japanese]]
* [[DevOps_Tools_Engineer_Objectives_V1(IT)|Italian]]


<br />
<br />
Line 33: Line 30:
==Exams and Requirements==
==Exams and Requirements==


The Linux Professional Institute DevOps Tools Engineer certification is awarded after passing this exam. There is no requirement to posses another certifications. LPI recommends all Linux Professional Institute DevOps Tools Engineers to maintain at least one active certification in either system administration or software development. This certification should be on a level equivalent to LPIC-1.
The Linux Professional Institute DevOps Tools Engineer certification is awarded after passing this exam. There is no requirement to possess any other certifications. However, LPI recommends that all Linux Professional Institute DevOps Tools Engineers maintain at least one active certification in either system administration or software development. This certification should be at a level equivalent to LPIC-1.


<br />
<br />
Line 70: Line 67:


* Understand aspects of data storage, service status and session handling
* Understand aspects of data storage, service status and session handling
* Understand the properties of cloud native applications


* Design software to be run in containers
* Design software to be run in containers
Line 77: Line 76:
* Awareness of risks in the migration and integration of monolithic legacy software
* Awareness of risks in the migration and integration of monolithic legacy software


* Understand common application security risks and ways to mitigate them
* Awareness of database schema updates and database migrations


* Understand the concept of agile software development
* Understand the concept of agile software development
Line 87: Line 86:
* REST, JSON
* REST, JSON


* Service Orientated Architectures (SOA)
* Service Oriented Architectures (SOA)


* Microservices
* Microservices
Line 95: Line 94:
* Loose coupling
* Loose coupling


* Cross site scripting, SQL injections, verbose error reports, API authentication, consistent enforcement of transport encryption
* Test-driven development
 
* CORS headers and CSRF tokens
 
* ACID properties and CAP theorem


<br />
<br />


====<span style="color:navy">701.2 Standard Components and Platforms for Software (weight: 2)</span>====
====<span style="color:navy">701.2 Standard Components and Platforms for Software (weight: 3)</span>====


{|
{|
Line 110: Line 105:
'''Weight'''
'''Weight'''


| style="background:#eaeaea" | 2
| style="background:#eaeaea" | 3
|-
|-
| style="background:#dadada; padding-right:1em" |
| style="background:#dadada; padding-right:1em" |
Line 118: Line 113:
| style="background:#eaeaea" |
| style="background:#eaeaea" |


Candidates should understand services offered by common cloud platforms. They should be able to include these services in their application architectures and deployment toolchains and understand the required service configurations. OpenStack service components are used as a reference implementation.
Candidates should understand services offered by common cloud platforms. They should be able to include these services in their application architectures and deployment toolchains and understand the required service configurations. Furthermore, the candidate should be aware of the commonly used open source implementations of the various services.


|}
|}
Line 131: Line 126:


* Features and concepts of big data services
* Features and concepts of big data services
* Features and concepts of computing services / IaaS


* Features and concepts of application runtimes / PaaS
* Features and concepts of application runtimes / PaaS
* Features and concepts of hosted applications / SaaS
* Features and concepts of function applications / FaaS


* Features and concepts of content delivery networks
* Features and concepts of content delivery networks
* Awareness of identity and access management in cloud services


'''The following is a partial list of the used files, terms and utilities:'''
'''The following is a partial list of the used files, terms and utilities:'''


* OpenStack Swift
* Objects, Buckets, ACLs, S3


* OpenStack Trove
* MariaDB, MySQL, PostgreSQL,


* OpenStack Zaqar
* Redis, MongoDB, InfluxDB


* CloudFoundry
* Elasticsearch and OpenSearch


* OpenShift
* Kafka, MQTT
 
* IAM


<br />
<br />


====<span style="color:navy">701.3 Source Code Management (weight: 5)</span>====
====<span style="color:navy">701.3 Source Code Management (weight: 6)</span>====


{|
{|
Line 157: Line 162:
'''Weight'''
'''Weight'''


| style="background:#eaeaea" | 5
| style="background:#eaeaea" | 6
|-
|-
| style="background:#dadada; padding-right:1em" |
| style="background:#dadada; padding-right:1em" |
Line 191: Line 196:
<br />
<br />


====<span style="color:navy">701.4 Continuous Integration and Continuous Delivery (weight: 5)</span>====
====<span style="color:navy">701.4 Continuous Integration and Continuous Delivery (weight: 3)</span>====


{|
{|
Line 198: Line 203:
'''Weight'''
'''Weight'''


| style="background:#eaeaea" | 5
| style="background:#eaeaea" | 3
|-
|-
| style="background:#dadada; padding-right:1em" |
| style="background:#dadada; padding-right:1em" |
Line 206: Line 211:
| style="background:#eaeaea" |
| style="background:#eaeaea" |


Candidates should understand the principles and components of a continuous integration and continuous delivery pipeline. Candidates should be able to implement a CI/CD pipeline using Jenkins, including triggering the CI/CD pipeline, running unit, integration and acceptance tests, packaging software and handling the deployment of tested software artifacts. This objective covers the feature set of Jenkins version 2.0 or later.
Candidates should understand the principles and components of a continuous integration and continuous delivery pipeline. Candidates should understand how CI/CD pipelines support the development and release of software and how they integrate with source code repositories and the target runtime environment. Furthermore, candidates should be aware of commonly used CI/CD platforms.


|}
|}
Line 215: Line 220:


* Understand the components of a CI/CD pipeline, including builds, unit, integration and acceptance tests, artifact management, delivery and deployment
* Understand the components of a CI/CD pipeline, including builds, unit, integration and acceptance tests, artifact management, delivery and deployment
* Understand the concepts of GitOps
* Understand the role of build artifacts and caches


* Understand deployment best practices
* Understand deployment best practices


* Understand the architecture and features of Jenkins, including Jenkins Plugins, Jenkins API, notifications and distributed builds
* Understand semantic versioning
 
* Awareness of Jenkins and Gitlab CI
 
* Awareness of Artifactory and Nexus
 
'''The following is a partial list of the used files, terms and utilities:'''
 
* Declarative Pipeline
 
* Production, Staging and Development Environments
 
* Feature toggles
 
* Preview releases
 
* Reconciliation loops
 
* A/B testing
 
* Blue-green and canary deployment
 
<br />
 
====<span style="color:navy">701.5 Software Composition, Licensing and Open Source (weight: 2)</span>====
 
{|
| style="background:#dadada" |
 
'''Weight'''
 
| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |
 
'''Description'''
 
| style="background:#eaeaea" |


* Define and run jobs in Jenkins, including parameter handling
Candidates should understand the principles of software licenses. This includes how software from multiple authors and sources are combined to implement a specific service and how licensing affects such compositions. Furthermore, the candidate should understand the concepts of open source software, including the most important aspects of common open source licenses.


* Fingerprinting, artifacts and artifact repositories
|}


* Understand how Jenkins models continuous delivery pipelines and implement a declarative continuous delivery pipeline in Jenkins
'''Key Knowledge Areas:'''


* Awareness of possible authentication and authorization models
* Understand how an application is build out of multiple software components


* Understanding of the Pipeline Plugin
* Awareness of dependency managers like NPM, gradle or composer


* Understand the features of important Jenkins modules such as Copy Artifact Plugin, Fingerprint Plugin, Docker Pipeline, Docker Build and Publish plugin, Git Plugin, Credentials Plugin
* Understand the concepts proprietary and open source software


* Awareness of Artifactory and Nexus
* Understand the concepts of open source software licenses
 
* Awareness of commonly used open source licenses (GPL, LGPL, AGPL, BSD, MIT and Apache License)
 
* Awareness of license compatibility and multi licensing


'''The following is a partial list of the used files, terms and utilities:'''
'''The following is a partial list of the used files, terms and utilities:'''


* Step, Node, Stage
* Software libraries
 
* Software Bill Of Materials


* Jenkins DSL
* Proprietary software


* Jenkinsfile
* Open Source Software and Free Software


* Declarative Pipeline
* Copyleft open source software licenses


* Blue-green and canary deployment
* Permissive open source software licenses


<br />


===''702 Container Management''===
===''702 Application Container''===


====<span style="color:navy">702.1 Container Usage (weight: 7)</span>====
====<span style="color:navy">702.1 Application Container Management (weight: 5)</span>====


{|
{|
Line 257: Line 308:
'''Weight'''
'''Weight'''


| style="background:#eaeaea" | 7
| style="background:#eaeaea" | 5
|-
|-
| style="background:#dadada; padding-right:1em" |
| style="background:#dadada; padding-right:1em" |
Line 265: Line 316:
| style="background:#eaeaea" |
| style="background:#eaeaea" |


Candidates should be able to build, share and operate Docker containers. This includes creating Dockerfiles, using a Docker registry, creating and interacting with containers as well as connecting containers to networks and storage volumes. This objective covers the feature set of Docker version 17.06 or later.
Candidates should be able to operate Docker and Podman containers. This includes creating and interacting with containers as well as connecting containers to networks and storage volumes.


|}
|}
Line 271: Line 322:
'''Key Knowledge Areas:'''
'''Key Knowledge Areas:'''


* Understand the Docker architecture
* Understand the Docker and Podman architecture
 
* Use existing images from an OCI registry


* Use existing Docker images from a Docker registry
* Operate and access containers


* Create Dockerfiles and build images from Dockerfiles
* Understand Docker networking concepts, including overlay networks


* Upload images to a Docker registry
* Understand the concepts of DNS service discovery


* Operate and access Docker containers
* Connect container to container networks and use DNS for service discovery


* Connect container to Docker networks
* Understand Docker storage concepts


* Use Docker volumes for shared and persistent container storage
* Use Docker volumes for shared and persistent container storage
* Awareness of rootless containers


'''The following is a partial list of the used files, terms and utilities:'''
'''The following is a partial list of the used files, terms and utilities:'''


* docker
* docker container *
 
* docker network *
 
* docker image *
 
* docker volume *
 
* podman container *


* Dockerfile
* podman network *
 
* podman image *


* .dockerignore
* podman volume *


<br />
<br />


====<span style="color:navy">702.2 Container Deployment and Orchestration (weight: 5)</span>====
====<span style="color:navy">702.2 Container Orchestration (weight: 3)</span>====


{|
{|
Line 302: Line 367:
'''Weight'''
'''Weight'''


| style="background:#eaeaea" | 5
| style="background:#eaeaea" | 3
|-
|-
| style="background:#dadada; padding-right:1em" |
| style="background:#dadada; padding-right:1em" |
Line 310: Line 375:
| style="background:#eaeaea" |
| style="background:#eaeaea" |


Candidates should be able to run and manage multiple containers that work together to provide a service. This includes the orchestration of Docker containers using Docker Compose in conjunction with an existing Docker Swarm cluster as well as using an existing Kubernetes cluster. This objective covers the feature sets of Docker Compose version 1.14 or later, Docker Swarm included in Docker 17.06 or later and Kubernetes 1.6 or later.
Candidates should be able to run and manage multiple containers that work together to provide a service. This includes the orchestration of Docker containers using Docker Compose.


|}
|}
Line 316: Line 381:
'''Key Knowledge Areas:'''
'''Key Knowledge Areas:'''


* Understand the application model of Docker Compose
* Understand the application model of Docker Compose and Podman Compose


* Create and run Docker Compose Files (version 3 or later)
* Create and run Docker Compose Files (version 3 or later)


* Understand the architecture and functionality of Docker Swarm mode
* Define services, networks and volumes, along with their commonly used properties, in Docker Compose files


* Run containers in a Docker Swarm, including the definition of services, stacks and the usage of secrets
* Use Docker Compose to update running containers to newer images
 
* Understand the architecture and application model Kubernetes
 
* Define and manage a container-based application for Kubernetes, including the definition of Deployments, Services, ReplicaSets and Pods


'''The following is a partial list of the used files, terms and utilities:'''
'''The following is a partial list of the used files, terms and utilities:'''


* docker-compose
* docker compose


* docker
* podman-compose


* kubectl
* docker-compose.yml


<br />
<br />


====<span style="color:navy">702.3 Container Infrastructure (weight: 4)</span>====
====<span style="color:navy">702.3 Container Image Building (weight: 5)</span>====


{|
{|
Line 345: Line 406:
'''Weight'''
'''Weight'''


| style="background:#eaeaea" | 4
| style="background:#eaeaea" | 5
|-
|-
| style="background:#dadada; padding-right:1em" |
| style="background:#dadada; padding-right:1em" |
Line 354: Line 415:


Candidates should be able to set up a runtime environment for containers. This includes running containers on a local workstation as well as setting up a dedicated container host. Furthermore, candidates should be aware of other container infrastructures, storage, networking and container specific security aspects. This objective covers the feature set of Docker version 17.06 or later and Docker Machine 0.12 or later.
Candidates should be able to set up a runtime environment for containers. This includes running containers on a local workstation as well as setting up a dedicated container host. Furthermore, candidates should be aware of other container infrastructures, storage, networking and container specific security aspects. This objective covers the feature set of Docker version 17.06 or later and Docker Machine 0.12 or later.
Candidates should be able to build OCI container images. This includes creating Dockerfiles or Containerfiles, building containers and publishing container images on an existing OCI registry.


|}
|}
Line 359: Line 422:
'''Key Knowledge Areas:'''
'''Key Knowledge Areas:'''


* Use Docker Machine to setup a Docker host
* Create Dockerfiles and build images from Dockerfiles
 
* Understand OCI image names
 
* Upload images to a Docker registry
 
* Understand the principles of image scanners
 
* Understand security risks of container virtualization and container images and how to mitigate them
 
* Awareness Docker buildx, Docker Buildkit, Podman build and Buildah
 
'''The following is a partial list of the used files, terms and utilities:'''
 
* docker image *
 
* docker login
 
* Dockerfile
 
* Containerfile
 
* .dockerignore
 
* FROM
 
* COPY


* Understand Docker networking concepts, including overlay networks
* ADD


* Create and manage Docker networks
* RUN


* Understand Docker storage concepts
* VOLUME


* Create and manage Docker volumes
* EXPOSE


* Awareness of Flocker and flannel
* USER


* Understand the concepts of service discovery
* WORKDIR


* Basic feature knowledge of CoreOS Container Linux, rkt and etcd
* ENV


* Understand security risks of container virtualization and container images and how to mitigate them
* ARG


'''The following is a partial list of the used files, terms and utilities:'''
* CMD


* docker-machine
* ENTRYPOINT


<br />
<br />


===''703 Machine Deployment''===
===''703 Kubernetes''===




====<span style="color:navy">703.1 Virtual Machine Deployment (weight: 4)</span>====
====<span style="color:navy">703.1 Kubernetes Architecture and Usage (weight: 4)</span>====


{|
{|
Line 401: Line 490:
| style="background:#eaeaea" |
| style="background:#eaeaea" |


Candidates should be able to automate the deployment of a virtual machine with an operating system and a specific set of configuration files and software.
Candidates should understand the major components of Kubernetes. Furthermore, candidates should be able to interact with an existing Kubernetes platform to retrieve information about the current Kubernetes state, and create, modify and delete resources.


|}
|}
Line 407: Line 496:
'''Key Knowledge Areas:'''
'''Key Knowledge Areas:'''


* Understand Vagrant architecture and concepts, including storage and networking
* Understand the major components and services in a Kubernetes cluster
 
* Configure kubectl to use an existing Kubernetes cluster
 
* Use kubectl to get information about Kubernetes resources
 
* Use kubectl to create, modify and delete resources
 
* Awareness of Kubernetes Operators
 
'''Partial list of the used files, terms and utilities:'''
 
* API-Server, etcd, Controller Manager, Scheduler
 
* ~/.kube/config
 
* kubectl get
 
* kubectl describe
 
* kubectl apply
 
* kubectl create


* Retrieve and use boxes from Atlas
* kubectl run


* Create and run Vagrantfiles
* kubectl expose


* Access Vagrant virtual machines
* kubectl scale


* Share and synchronize folder between a Vagrant virtual machine and the host system
* kubectl set


* Understand Vagrant provisioning, including File, Shell, Ansible and Docker
* kubectl edit


* Understand multi-machine setup
* kubectl explain


'''The following is a partial list of the used files, terms and utilities:'''
* kubectl config


* vagrant
* kubectl logs


* Vagrantfile
* kubectl exec


<br />
<br />


====<span style="color:navy">703.2 Cloud Deployment (weight: 2)</span>====
====<span style="color:navy">703.2 Basic Kubernetes Operations (weight: 7)</span>====


{|
{|
Line 436: Line 547:
'''Weight'''
'''Weight'''


| style="background:#eaeaea" | 2
| style="background:#eaeaea" | 7
|-
|-
| style="background:#dadada; padding-right:1em" |
| style="background:#dadada; padding-right:1em" |
Line 444: Line 555:
| style="background:#eaeaea" |
| style="background:#eaeaea" |


Candidates should be able to configure IaaS cloud instances and adjust them to match their available hardware resources, specifically, disk space and volumes.  Additionally, candidates should be able to configure instances to allow secure SSH logins and prepare the instances to be ready for a configuration management tool such as Ansible.
Candidates should be able to set up applications running on Kubernetes. This includes understanding the most important kinds of Kubernetes resources, including their most important properties.


|}
|}
Line 450: Line 561:
'''Key Knowledge Areas:'''
'''Key Knowledge Areas:'''


* Understanding the features and concepts of cloud-init, including user-data and initializing and configuring cloud-init
* Understanding the use of YAML files to declare Kubernetes resources
 
* Understanding the principle of a Pod
 
* Understanding how to use Deployments, including scaling and rolling updates
 
* Understanding how to make services accessible using Services and Ingress
 
* Understanding how to use storage using PersistentVolumeClaims
 
* Awareness of other Kubernetes orchestration resources, i.e. DaemonSets, StatefulSets, Jobs and CronJobs
 
'''Partial list of the used files, terms and utilities:'''
 
* Pods
 
* ReplicaSets
 
* Deployments
 
* Services
 
* Ingress
 
* PersistentVolumeClaims


* Use cloud-init to create, resize and mount file systems, configure user accounts, including login credentials such as SSH keys and install software packages from the distribution’s repository
* ConfigMaps


* Understand the features and implications of IaaS clouds and virtualization for a computing instance, such as snapshotting, pausing, cloning and resource limits.
* Secrets


<br />
<br />


====<span style="color:navy">703.3 System Image Creation (weight: 2)</span>====
====<span style="color:navy">703.3 Kubernetes Package Management (weight: 2)</span>====


{|
{|
Line 473: Line 608:
| style="background:#eaeaea" |
| style="background:#eaeaea" |


Candidates should be able to create images for containers, virtual machines and IaaS cloud instances.
Candidates should be able to use Helm to install software on Kubernetes.


|}
|}
Line 479: Line 614:
'''Key Knowledge Areas:'''
'''Key Knowledge Areas:'''


* Understand the functionality and features of Packer
* Understanding the concepts of Charts, Releases and Values
 
* Installation, upgrading and uninstalling software using Helm


* Create and maintain template files
* Specify custom values to configure software installed using Helm


* Build images from template files using different builders
* Awareness of Kustomize
 
* Awareness of Flux CD and Argo CD


'''The following is a partial list of the used files, terms and utilities:'''
'''The following is a partial list of the used files, terms and utilities:'''


* packer
* helm install
 
* helm upgrade
 
* helm list
 
* helm uninstall
 
* values.yaml


<br />
<br />


===''704 Configuration Management''===
===''704 Security and Observability''===
 


====<span style="color:navy">704.1 Ansible (weight: 8)</span>====
====<span style="color:navy">704.1 Cloud Native Security (weight: 4)</span>====


{|
{|
Line 500: Line 648:
'''Weight'''
'''Weight'''


| style="background:#eaeaea" | 8
| style="background:#eaeaea" | 4
|-
|-
| style="background:#dadada; padding-right:1em" |
| style="background:#dadada; padding-right:1em" |
Line 508: Line 656:
| style="background:#eaeaea" |
| style="background:#eaeaea" |


Candidates should be able to use Ansible to ensure a target server is in a specific state regarding its configuration and installed software. This objective covers the feature set of Ansible version 2.2 or later.
Candidates should understand the major kinds of IT threats against cloud native infrastructure, as well as common approaches to prevent such attacks and mitigate their risk. This includes handling security aspects of foreign software as well as common standards for authentication and authorization.


|}
|}
Line 514: Line 662:
'''Key Knowledge Areas:'''
'''Key Knowledge Areas:'''


* Understand the principles of automated system configuration and software installation
* Understand core IT infrastructure components and their role in deployment
 
* Understand common IT infrastructure security risks and ways to mitigate them
 
* Understand supply chain security and dependencies on foreign code
 
* Understand common application security risks and ways to mitigate them
 
* Understand the concepts of asymmetric cryptography and digital certificates
 
* Understand the principles of common standard for authentication and authorization


* Create and maintain inventory files
* Understand how to manage user credentials and how to use advanced authentication technologies


* Understand how Ansible interacts with remote systems
'''The following is a partial list of the used files, terms and utilities:'''


* Manage SSH login credentials for Ansible, including using unprivileged login accounts
* Service exploits, brute force attacks, and denial of service attacks


* Create, maintain and run Ansible playbooks, including tasks, handlers, conditionals, loops and registers
* Security updates, packet filtering, load balancers and application gateways


* Set and use variables
* Cross site scripting, verbose error reports


* Maintain secrets using Ansible vaults
* API authentication


* Write Jinja2 templates, including using common filters, loops and conditionals
* Buffer overflows, SQL injections


* Understand and use Ansible roles and install Ansible roles from Ansible Galaxy
* API access, permissions, verbosity and rate limits


* Understand and use important Ansible tasks, including file, copy, template, ini_file, lineinfile, patch, replace, user, group, command, shell, service, systemd, cron, apt, debconf, yum, git, and debug
* CORS headers and CSRF tokens


* Awareness of dynamic inventory
* Common Vulnerabilities and Exposures (CVE)


* Awareness of Ansibles features for non-Linux systems
* CVE IDs and CVE scores


* Awareness of Ansible containers
* Public key, private key, X.509 certificate, certificate authority


'''The following is a partial list of the used files, terms and utilities:'''
* TLS, transport encryption
 
* Single sign-on (SSO)


* ansible.cfg
* OAuth2, OpenID Connect and SAML


* ansible-playbook
* Two-factor authentication (2FA) and multi-factor authentication (MFA)


* ansible-vault
* One-time passwords (OTP), time-based one-time passwords (TOTP)


* ansible-galaxy
* Authenticator applications


* ansible-doc
* Password hashing and salting


<br />
<br />


====<span style="color:navy">704.2 Other Configuration Management Tools (weight: 2)</span>====
====<span style="color:navy">704.2 Prometheus Monitoring (weight: 6)</span>====


{|
{|
Line 561: Line 721:
'''Weight'''
'''Weight'''


| style="background:#eaeaea" | 2
| style="background:#eaeaea" | 6
|-
|-
| style="background:#dadada; padding-right:1em" |
| style="background:#dadada; padding-right:1em" |
Line 569: Line 729:
| style="background:#eaeaea" |
| style="background:#eaeaea" |


Candidates should understand the main features and principles of important configuration management tools other than Ansible.
Candidates should understand the role of monitoring for application and IT infrastructures. They should be familiar with the architecture and components of Prometheus. The candidate should be able to set up Prometheus and use PromQL to query monitoring data.


|}
|}
Line 575: Line 735:
'''Key Knowledge Areas:'''
'''Key Knowledge Areas:'''


* Basic feature and architecture knowledge of Puppet.
* Understand goals of IT operations and service provisioning, including nonfunctional properties such as availability, latency, responsiveness
 
* Understand and identify metrics and indicators to monitor and measure the technical functionality of a service
 
* Understand and identify metrics and indicators to monitor and measure the logical functionality of a service
 
* Understand the concepts of Prometheus, including Exporters, Pushgateway, Alertmanager and Grafana
 
* Understand the architecture of Prometheus
 
* Set up Prometheus and configure file based service discovery
 
* Monitor containers and microservices using Prometheus
 
* Use PromQL to retrieve log data


* Basic feature and architecture knowledge of Chef.
* Aggregate metrics for specific labels


'''The following is a partial list of the used files, terms and utilities:'''
* Aggregate metrics over time


* Manifest, Class, Recipe, Cookbook
* Awareness of common exporters


* puppet
* Awareness of application instrumentation


* chef
* Awareness of Thanos


* chef-solo
'''The following is a partial list of the used files, terms and utilities:'''


* chef-client
* Prometheus, Exporters, AlertManager, Grafana


* chef-server-ctl
* Label selectors


* knife
* Instant vectors and aggregate functions


<br />
* Range vectors and aggregate functions


===''705 Service Operations''===
* Node Exporter and Blackbox Exporter


<br />


====<span style="color:navy">705.1 IT Operations and Monitoring (weight: 4)</span>====
====<span style="color:navy">704.3 Log Management and Analysis (weight: 2)</span>====


{|
{|
Line 607: Line 782:
'''Weight'''
'''Weight'''


| style="background:#eaeaea" | 4
| style="background:#eaeaea" | 2
|-
|-
| style="background:#dadada; padding-right:1em" |
| style="background:#dadada; padding-right:1em" |
Line 615: Line 790:
| style="background:#eaeaea" |
| style="background:#eaeaea" |


Candidates should understand how IT infrastructure is involved in delivering a service. This includes knowledge about the major goals of IT operations, understanding functional and nonfunctional properties of an IT services and ways to monitor and measure them using Prometheus. Furthermore candidates should understand major security risks in IT infrastructure. This objective covers the feature set of Prometheus 1.7 or later.
Candidates should understand the role of log files in operations and troubleshooting. They should be understand the major properties and features of commonly used Open Source logging stacks.


|}
|}
Line 621: Line 796:
'''Key Knowledge Areas:'''
'''Key Knowledge Areas:'''


* Understand goals of IT operations and service provisioning, including nonfunctional properties such as availability, latency, responsiveness
* Understand how application and system logging works


* Understand and identify metrics and indicators to monitor and measure the technical functionality of a service
* Understand the architecture and features of commonly used open source logging stacks


* Understand and identify metrics and indicators to monitor and measure the logical functionality of a service
* Awareness of syslogd and systemd-journald


* Understand the architecture of Prometheus, including Exporters, Pushgateway, Alertmanager and Grafana
'''The following is a partial list of the used files, terms and utilities:'''
 
* Monitor containers and microservices using Prometheus


* Understand the principles of IT attacks against IT infrastructure
* Elasticsearch and OpenSearch


* Understand the principles of the most important ways to protect IT infrastructure
* Logstash and filebeat
 
* Understand core IT infrastructure components and their role in deployment


'''The following is a partial list of the used files, terms and utilities:'''
* Fluentd and FluentBit


* Prometheus, Node exporter, Pushgateway, Altermanager, Grafana
* Kibana


* Service exploits, brute force attacks, and denial of service attacks
* Loki and promtail


* Security updates, packet filtering and application gateways
* Grafana


* Virtualization hosts, DNS and load balancers
* Graylog2


<br />
<br />


====<span style="color:navy">705.2 Log Management and Analysis (weight: 4)</span>====
====<span style="color:navy">704.4 Tracing (weight: 2)</span>====


{|
{|
Line 656: Line 827:
'''Weight'''
'''Weight'''


| style="background:#eaeaea" | 4
| style="background:#eaeaea" | 2
|-
|-
| style="background:#dadada; padding-right:1em" |
| style="background:#dadada; padding-right:1em" |
Line 664: Line 835:
| style="background:#eaeaea" |
| style="background:#eaeaea" |


Candidates should understand the role of log files in operations and troubleshooting. They should be able to set up centralized logging infrastructure based on Logstash to collect and normalize log data. Furthermore, candidates should understand how Elasticsearch and Kibana help to store and access log data.
Candidates should understand the concepts and importance of tracing and be familiar with the architecture of OpenTelemetry.


|}
|}
Line 670: Line 841:
'''Key Knowledge Areas:'''
'''Key Knowledge Areas:'''


* Understand how application and system logging works
* Understanding the concepts of tracing


* Understand the architecture and functionality of Logstash, including the lifecycle of a log message and Logstash plugins
* Understanding the concepts of OpenTelemetry


* Understand the architecture and functionality of Elasticsearch and Kibana in the context of log data management (Elastic Stack)
* Awareness of commonly used open source telemetry analysis tools


* Configure Logstash to collect, normalize, transform and ship log data
* Awareness of application instrumentation
 
* Configure syslog and Filebeat to send log data to Logstash
 
* Configure Logstash to send email alerts
 
* Understand application support for log management


'''The following is a partial list of the used files, terms and utilities:'''
'''The following is a partial list of the used files, terms and utilities:'''


* logstash
* OpenTelemetry
 
* input, filter, output
 
* grok filter
 
* Log files, metrics
 
* syslog.conf
 
* /etc/logstash/logstash.yml
 
* /etc/filebeat/filebeat.yml
 
<br />
 


==Future Change Considerations==
* Spans and Distributed Traces


Future changes to the objective will/may include:
* Contexts, Span and Trace IDs


* 701.2: Remove the OpenStack examples and focus on the general features
* Span attributes, events, links, status and kind


* 702.2: Reconsider Swarm and potentially increase Kubernetes
* Grafana Tempo


* 703.1: Reconsider Vagrant (or its weight)
* Jaeger

Latest revision as of 23:02, 4 January 2026

Introduction

This is a required exam for the Linux Professional Institute DevOps Tools Engineer certification. It covers basic skills in using tools commonly used to implement DevOps.

This page covers the currently released objective for the Linux Professional Institute DevOps Tools Engineer certification.


Candidate Description

The certification holder is either a professional software developer or a professional system administrator who is involved in the production of IT solutions which require a robust and efficient process to get from original source materials to a final deployed or distributable product or service with a particular focus on using Open Source technology. The certification holder has the ability to create, deliver and operate software using collaborative methods which address aspects of software development as well as system administration. In particular, the certification holder is adept at bridging the gap between the development and operations of a solution or product. The certification holder understands how these tools facilitate development and operational tasks in the delivery of stable, scalable and up to date services to users and customers.


Version Information

These objectives are A DRAFT FOR version 2.0.0.


Translations of Objectives

The following translations of the objectives are available on this wiki:


Exams and Requirements

The Linux Professional Institute DevOps Tools Engineer certification is awarded after passing this exam. There is no requirement to possess any other certifications. However, LPI recommends that all Linux Professional Institute DevOps Tools Engineers maintain at least one active certification in either system administration or software development. This certification should be at a level equivalent to LPIC-1.


Objectives

701 Software Engineering

701.1 Modern Software Development (weight: 6)

Weight

6

Description

Candidates should be able to design software solutions suitable for modern runtime environments. Candidates should understand how services handle data persistence, sessions, status information, transactions, concurrency, security, performance, availability, scaling, load balancing, messaging, monitoring and APIs. Furthermore, candidates should understand the implications of agile and DevOps on software development.

Key Knowledge Areas:

  • Understand and design service based applications
  • Understand common API concepts and standards
  • Understand aspects of data storage, service status and session handling
  • Understand the properties of cloud native applications
  • Design software to be run in containers
  • Design software to be deployed to cloud services
  • Awareness of risks in the migration and integration of monolithic legacy software
  • Awareness of database schema updates and database migrations
  • Understand the concept of agile software development
  • Understand the concept of DevOps and its implications to software developers and operators

The following is a partial list of the used files, terms and utilities:

  • REST, JSON
  • Service Oriented Architectures (SOA)
  • Microservices
  • Immutable servers
  • Loose coupling
  • Test-driven development


701.2 Standard Components and Platforms for Software (weight: 3)

Weight

3

Description

Candidates should understand services offered by common cloud platforms. They should be able to include these services in their application architectures and deployment toolchains and understand the required service configurations. Furthermore, the candidate should be aware of the commonly used open source implementations of the various services.

Key Knowledge Areas:

  • Features and concepts of object storage
  • Features and concepts of relational and NoSQL databases
  • Features and concepts of message brokers and message queues
  • Features and concepts of big data services
  • Features and concepts of computing services / IaaS
  • Features and concepts of application runtimes / PaaS
  • Features and concepts of hosted applications / SaaS
  • Features and concepts of function applications / FaaS
  • Features and concepts of content delivery networks
  • Awareness of identity and access management in cloud services

The following is a partial list of the used files, terms and utilities:

  • Objects, Buckets, ACLs, S3
  • MariaDB, MySQL, PostgreSQL,
  • Redis, MongoDB, InfluxDB
  • Elasticsearch and OpenSearch
  • Kafka, MQTT
  • IAM


701.3 Source Code Management (weight: 6)

Weight

6

Description

Candidates should be able to use Git to manage and share source code. This includes creating and contributing to a repository as well as the usage of tags, branches and remote repositories. Furthermore, the candidate should be able to merge files and resolve merging conflicts.

Key Knowledge Areas:

  • Understand Git concepts and repository structure
  • Manage files within a Git repository
  • Manage branches and tags
  • Work with remote repositories and branches as well as submodules
  • Merge files and branches
  • Awareness of SVN and CVS, including concepts of centralized and distributed SCM solutions

The following is a partial list of the used files, terms and utilities:

  • git
  • .gitignore


701.4 Continuous Integration and Continuous Delivery (weight: 3)

Weight

3

Description

Candidates should understand the principles and components of a continuous integration and continuous delivery pipeline. Candidates should understand how CI/CD pipelines support the development and release of software and how they integrate with source code repositories and the target runtime environment. Furthermore, candidates should be aware of commonly used CI/CD platforms.

Key Knowledge Areas:

  • Understand the concepts of Continuous Integration and Continuous Delivery
  • Understand the components of a CI/CD pipeline, including builds, unit, integration and acceptance tests, artifact management, delivery and deployment
  • Understand the concepts of GitOps
  • Understand the role of build artifacts and caches
  • Understand deployment best practices
  • Understand semantic versioning
  • Awareness of Jenkins and Gitlab CI
  • Awareness of Artifactory and Nexus

The following is a partial list of the used files, terms and utilities:

  • Declarative Pipeline
  • Production, Staging and Development Environments
  • Feature toggles
  • Preview releases
  • Reconciliation loops
  • A/B testing
  • Blue-green and canary deployment


701.5 Software Composition, Licensing and Open Source (weight: 2)

Weight

2

Description

Candidates should understand the principles of software licenses. This includes how software from multiple authors and sources are combined to implement a specific service and how licensing affects such compositions. Furthermore, the candidate should understand the concepts of open source software, including the most important aspects of common open source licenses.

Key Knowledge Areas:

  • Understand how an application is build out of multiple software components
  • Awareness of dependency managers like NPM, gradle or composer
  • Understand the concepts proprietary and open source software
  • Understand the concepts of open source software licenses
  • Awareness of commonly used open source licenses (GPL, LGPL, AGPL, BSD, MIT and Apache License)
  • Awareness of license compatibility and multi licensing

The following is a partial list of the used files, terms and utilities:

  • Software libraries
  • Software Bill Of Materials
  • Proprietary software
  • Open Source Software and Free Software
  • Copyleft open source software licenses
  • Permissive open source software licenses


702 Application Container

702.1 Application Container Management (weight: 5)

Weight

5

Description

Candidates should be able to operate Docker and Podman containers. This includes creating and interacting with containers as well as connecting containers to networks and storage volumes.

Key Knowledge Areas:

  • Understand the Docker and Podman architecture
  • Use existing images from an OCI registry
  • Operate and access containers
  • Understand Docker networking concepts, including overlay networks
  • Understand the concepts of DNS service discovery
  • Connect container to container networks and use DNS for service discovery
  • Understand Docker storage concepts
  • Use Docker volumes for shared and persistent container storage
  • Awareness of rootless containers

The following is a partial list of the used files, terms and utilities:

  • docker container *
  • docker network *
  • docker image *
  • docker volume *
  • podman container *
  • podman network *
  • podman image *
  • podman volume *


702.2 Container Orchestration (weight: 3)

Weight

3

Description

Candidates should be able to run and manage multiple containers that work together to provide a service. This includes the orchestration of Docker containers using Docker Compose.

Key Knowledge Areas:

  • Understand the application model of Docker Compose and Podman Compose
  • Create and run Docker Compose Files (version 3 or later)
  • Define services, networks and volumes, along with their commonly used properties, in Docker Compose files
  • Use Docker Compose to update running containers to newer images

The following is a partial list of the used files, terms and utilities:

  • docker compose
  • podman-compose
  • docker-compose.yml


702.3 Container Image Building (weight: 5)

Weight

5

Description

Candidates should be able to set up a runtime environment for containers. This includes running containers on a local workstation as well as setting up a dedicated container host. Furthermore, candidates should be aware of other container infrastructures, storage, networking and container specific security aspects. This objective covers the feature set of Docker version 17.06 or later and Docker Machine 0.12 or later.

Candidates should be able to build OCI container images. This includes creating Dockerfiles or Containerfiles, building containers and publishing container images on an existing OCI registry.

Key Knowledge Areas:

  • Create Dockerfiles and build images from Dockerfiles
  • Understand OCI image names
  • Upload images to a Docker registry
  • Understand the principles of image scanners
  • Understand security risks of container virtualization and container images and how to mitigate them
  • Awareness Docker buildx, Docker Buildkit, Podman build and Buildah

The following is a partial list of the used files, terms and utilities:

  • docker image *
  • docker login
  • Dockerfile
  • Containerfile
  • .dockerignore
  • FROM
  • COPY
  • ADD
  • RUN
  • VOLUME
  • EXPOSE
  • USER
  • WORKDIR
  • ENV
  • ARG
  • CMD
  • ENTRYPOINT


703 Kubernetes

703.1 Kubernetes Architecture and Usage (weight: 4)

Weight

4

Description

Candidates should understand the major components of Kubernetes. Furthermore, candidates should be able to interact with an existing Kubernetes platform to retrieve information about the current Kubernetes state, and create, modify and delete resources.

Key Knowledge Areas:

  • Understand the major components and services in a Kubernetes cluster
  • Configure kubectl to use an existing Kubernetes cluster
  • Use kubectl to get information about Kubernetes resources
  • Use kubectl to create, modify and delete resources
  • Awareness of Kubernetes Operators

Partial list of the used files, terms and utilities:

  • API-Server, etcd, Controller Manager, Scheduler
  • ~/.kube/config
  • kubectl get
  • kubectl describe
  • kubectl apply
  • kubectl create
  • kubectl run
  • kubectl expose
  • kubectl scale
  • kubectl set
  • kubectl edit
  • kubectl explain
  • kubectl config
  • kubectl logs
  • kubectl exec


703.2 Basic Kubernetes Operations (weight: 7)

Weight

7

Description

Candidates should be able to set up applications running on Kubernetes. This includes understanding the most important kinds of Kubernetes resources, including their most important properties.

Key Knowledge Areas:

  • Understanding the use of YAML files to declare Kubernetes resources
  • Understanding the principle of a Pod
  • Understanding how to use Deployments, including scaling and rolling updates
  • Understanding how to make services accessible using Services and Ingress
  • Understanding how to use storage using PersistentVolumeClaims
  • Awareness of other Kubernetes orchestration resources, i.e. DaemonSets, StatefulSets, Jobs and CronJobs

Partial list of the used files, terms and utilities:

  • Pods
  • ReplicaSets
  • Deployments
  • Services
  • Ingress
  • PersistentVolumeClaims
  • ConfigMaps
  • Secrets


703.3 Kubernetes Package Management (weight: 2)

Weight

2

Description

Candidates should be able to use Helm to install software on Kubernetes.

Key Knowledge Areas:

  • Understanding the concepts of Charts, Releases and Values
  • Installation, upgrading and uninstalling software using Helm
  • Specify custom values to configure software installed using Helm
  • Awareness of Kustomize
  • Awareness of Flux CD and Argo CD

The following is a partial list of the used files, terms and utilities:

  • helm install
  • helm upgrade
  • helm list
  • helm uninstall
  • values.yaml


704 Security and Observability

704.1 Cloud Native Security (weight: 4)

Weight

4

Description

Candidates should understand the major kinds of IT threats against cloud native infrastructure, as well as common approaches to prevent such attacks and mitigate their risk. This includes handling security aspects of foreign software as well as common standards for authentication and authorization.

Key Knowledge Areas:

  • Understand core IT infrastructure components and their role in deployment
  • Understand common IT infrastructure security risks and ways to mitigate them
  • Understand supply chain security and dependencies on foreign code
  • Understand common application security risks and ways to mitigate them
  • Understand the concepts of asymmetric cryptography and digital certificates
  • Understand the principles of common standard for authentication and authorization
  • Understand how to manage user credentials and how to use advanced authentication technologies

The following is a partial list of the used files, terms and utilities:

  • Service exploits, brute force attacks, and denial of service attacks
  • Security updates, packet filtering, load balancers and application gateways
  • Cross site scripting, verbose error reports
  • API authentication
  • Buffer overflows, SQL injections
  • API access, permissions, verbosity and rate limits
  • CORS headers and CSRF tokens
  • Common Vulnerabilities and Exposures (CVE)
  • CVE IDs and CVE scores
  • Public key, private key, X.509 certificate, certificate authority
  • TLS, transport encryption
  • Single sign-on (SSO)
  • OAuth2, OpenID Connect and SAML
  • Two-factor authentication (2FA) and multi-factor authentication (MFA)
  • One-time passwords (OTP), time-based one-time passwords (TOTP)
  • Authenticator applications
  • Password hashing and salting


704.2 Prometheus Monitoring (weight: 6)

Weight

6

Description

Candidates should understand the role of monitoring for application and IT infrastructures. They should be familiar with the architecture and components of Prometheus. The candidate should be able to set up Prometheus and use PromQL to query monitoring data.

Key Knowledge Areas:

  • Understand goals of IT operations and service provisioning, including nonfunctional properties such as availability, latency, responsiveness
  • Understand and identify metrics and indicators to monitor and measure the technical functionality of a service
  • Understand and identify metrics and indicators to monitor and measure the logical functionality of a service
  • Understand the concepts of Prometheus, including Exporters, Pushgateway, Alertmanager and Grafana
  • Understand the architecture of Prometheus
  • Set up Prometheus and configure file based service discovery
  • Monitor containers and microservices using Prometheus
  • Use PromQL to retrieve log data
  • Aggregate metrics for specific labels
  • Aggregate metrics over time
  • Awareness of common exporters
  • Awareness of application instrumentation
  • Awareness of Thanos

The following is a partial list of the used files, terms and utilities:

  • Prometheus, Exporters, AlertManager, Grafana
  • Label selectors
  • Instant vectors and aggregate functions
  • Range vectors and aggregate functions
  • Node Exporter and Blackbox Exporter


704.3 Log Management and Analysis (weight: 2)

Weight

2

Description

Candidates should understand the role of log files in operations and troubleshooting. They should be understand the major properties and features of commonly used Open Source logging stacks.

Key Knowledge Areas:

  • Understand how application and system logging works
  • Understand the architecture and features of commonly used open source logging stacks
  • Awareness of syslogd and systemd-journald

The following is a partial list of the used files, terms and utilities:

  • Elasticsearch and OpenSearch
  • Logstash and filebeat
  • Fluentd and FluentBit
  • Kibana
  • Loki and promtail
  • Grafana
  • Graylog2


704.4 Tracing (weight: 2)

Weight

2

Description

Candidates should understand the concepts and importance of tracing and be familiar with the architecture of OpenTelemetry.

Key Knowledge Areas:

  • Understanding the concepts of tracing
  • Understanding the concepts of OpenTelemetry
  • Awareness of commonly used open source telemetry analysis tools
  • Awareness of application instrumentation

The following is a partial list of the used files, terms and utilities:

  • OpenTelemetry
  • Spans and Distributed Traces
  • Contexts, Span and Trace IDs
  • Span attributes, events, links, status and kind
  • Grafana Tempo
  • Jaeger
Retrieved from "https://wiki.lpi.org/w/index.php?title=DevOps_Tools_Engineer_Objectives_V2.0&oldid=5876"