DevOps Tools Engineer Objectives V2.0: Difference between revisions

From LPI Wiki
Jump to navigationJump to search
Newer edit →
Bootstrap by copying version 1.0
 
No edit summary
Line 16: Line 16:
==Version Information==
==Version Information==


These objectives are version 1.0.0.  
These objectives are '''A DRAFT FOR''' version 2.0.0.  


<br />
<br />
Line 24: Line 24:
The following translations of the objectives are available on this wiki:
The following translations of the objectives are available on this wiki:


* [[DevOps_Tools_Engineer_Objectives_V1|English]]
* [[DevOps_Tools_Engineer_Objectives_V2.0|English]]
* [[DevOps_Tools_Engineer_Objectives_V1(ES)|Spanish]]
* [[DevOps_Tools_Engineer_Objectives_V1(JA)|Japanese]]
* [[DevOps_Tools_Engineer_Objectives_V1(IT)|Italian]]


<br />
<br />
Line 76: Line 73:


* Awareness of risks in the migration and integration of monolithic legacy software
* Awareness of risks in the migration and integration of monolithic legacy software
* Understand common application security risks and ways to mitigate them


* Understand the concept of agile software development
* Understand the concept of agile software development
Line 98: Line 93:


* CORS headers and CSRF tokens
* CORS headers and CSRF tokens
* ACID properties and CAP theorem


<br />
<br />


====<span style="color:navy">701.2 Standard Components and Platforms for Software (weight: 2)</span>====
====<span style="color:navy">701.2 Standard Components and Platforms for Software (weight: 3)</span>====


{|
{|
Line 110: Line 103:
'''Weight'''
'''Weight'''


| style="background:#eaeaea" | 2
| style="background:#eaeaea" | 3
|-
|-
| style="background:#dadada; padding-right:1em" |
| style="background:#dadada; padding-right:1em" |
Line 118: Line 111:
| style="background:#eaeaea" |
| style="background:#eaeaea" |


Candidates should understand services offered by common cloud platforms. They should be able to include these services in their application architectures and deployment toolchains and understand the required service configurations. OpenStack service components are used as a reference implementation.
Candidates should understand services offered by common cloud platforms. They should be able to include these services in their application architectures and deployment toolchains and understand the required service configurations. Futhermore, the candidate should be aware of the commonly used open source implementations of the various services.


|}
|}
Line 133: Line 126:


* Features and concepts of application runtimes / PaaS
* Features and concepts of application runtimes / PaaS
* Features and concepts of hosted applications / SaaS
* Features and concepts of function applications / FaaS


* Features and concepts of content delivery networks
* Features and concepts of content delivery networks
* Awareness of identity and access management in cloud services


'''The following is a partial list of the used files, terms and utilities:'''
'''The following is a partial list of the used files, terms and utilities:'''


* OpenStack Swift
* Objects, Buckets, ACLs, S3


* OpenStack Trove
* MariaDB, MySQL, PostgreSQL,


* OpenStack Zaqar
* Redis, MongoDB, InfluxDB


* CloudFoundry
* ElasticSearch and OpenSearch


* OpenShift
* Kafka, MQTT
 
* IAM


<br />
<br />


====<span style="color:navy">701.3 Source Code Management (weight: 5)</span>====
====<span style="color:navy">701.3 Source Code Management (weight: 6)</span>====


{|
{|
Line 157: Line 158:
'''Weight'''
'''Weight'''


| style="background:#eaeaea" | 5
| style="background:#eaeaea" | 6
|-
|-
| style="background:#dadada; padding-right:1em" |
| style="background:#dadada; padding-right:1em" |
Line 191: Line 192:
<br />
<br />


====<span style="color:navy">701.4 Continuous Integration and Continuous Delivery (weight: 5)</span>====
====<span style="color:navy">701.4 Continuous Integration and Continuous Delivery (weight: 3)</span>====


{|
{|
Line 198: Line 199:
'''Weight'''
'''Weight'''


| style="background:#eaeaea" | 5
| style="background:#eaeaea" | 3
|-
|-
| style="background:#dadada; padding-right:1em" |
| style="background:#dadada; padding-right:1em" |
Line 206: Line 207:
| style="background:#eaeaea" |
| style="background:#eaeaea" |


Candidates should understand the principles and components of a continuous integration and continuous delivery pipeline. Candidates should be able to implement a CI/CD pipeline using Jenkins, including triggering the CI/CD pipeline, running unit, integration and acceptance tests, packaging software and handling the deployment of tested software artifacts. This objective covers the feature set of Jenkins version 2.0 or later.
Candidates should understand the principles and components of a continuous integration and continuous delivery pipeline. Candidates should understand how CI/CD pipelines support the development and release of software and how they integrate with source code repositories and the target runtime environment. Furthermore, candidates should be aware of commonly used CI/CD platforms.


|}
|}
Line 215: Line 216:


* Understand the components of a CI/CD pipeline, including builds, unit, integration and acceptance tests, artifact management, delivery and deployment
* Understand the components of a CI/CD pipeline, including builds, unit, integration and acceptance tests, artifact management, delivery and deployment
* Understand the concepts of GitOps
* Understand the role of build artifacts and caches


* Understand deployment best practices
* Understand deployment best practices


* Understand the architecture and features of Jenkins, including Jenkins Plugins, Jenkins API, notifications and distributed builds
* Awareness of Jenkins and Gitlab CI
 
* Awareness of Flux CD and Argo CD
 
* Awareness of Artifactory and Nexus
 
'''The following is a partial list of the used files, terms and utilities:'''
 
* Declarative Pipeline
 
* Production, Staging and Development Environments
 
* Feature toggles
 
* Preview releases
 
* Reconciliation loops
 
* A/B testing
 
* Blue-green and canary deployment
 
<br />
 
 
 
 
 
 
<br />
 
====<span style="color:navy">701.5 Software Composition, Licensing and Open Source (weight: 2)</span>====
 
{|
| style="background:#dadada" |
 
'''Weight'''
 
| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |
 
'''Description'''
 
| style="background:#eaeaea" |
 
Candidates should understand the principles of software licenses. This includes how software from multiple authors and sources are combined to implement a specific service and how licensing affects such compositions. Futhermore, the candidate should understand the concepts of open source software, including the most important aspects of common open source licenses.
 
|}


* Define and run jobs in Jenkins, including parameter handling
'''Key Knowledge Areas:'''


* Fingerprinting, artifacts and artifact repositories
* Understand how an application is build out of multiple software components


* Understand how Jenkins models continuous delivery pipelines and implement a declarative continuous delivery pipeline in Jenkins
* Awareness of dependency managers like NPM, gradle or composer


* Awareness of possible authentication and authorization models
* Understand the concepts proprietary and open source software


* Understanding of the Pipeline Plugin
* Understand the concepts of open source software licenses


* Understand the features of important Jenkins modules such as Copy Artifact Plugin, Fingerprint Plugin, Docker Pipeline, Docker Build and Publish plugin, Git Plugin, Credentials Plugin
* Awareness of commonly used open source licenses (GPL, LGPL, AGPL, BSD, MIT and Apache License)


* Awareness of Artifactory and Nexus
* Awareness of license compatibility and multi licensing


'''The following is a partial list of the used files, terms and utilities:'''
'''The following is a partial list of the used files, terms and utilities:'''


* Step, Node, Stage
* Software libraries
 
* Software Bill Of Materials


* Jenkins DSL
* Proprietary software


* Jenkinsfile
* Open Source Software and Free Software


* Declarative Pipeline
* Copyleft open source sofware licenses


* Blue-green and canary deployment
* Permissive open source software licenses


<br />


===''702 Container Management''===
===''702 Application Container''===


====<span style="color:navy">702.1 Container Usage (weight: 7)</span>====
====<span style="color:navy">702.1 Application Container Management (weight: 5)</span>====


{|
{|
Line 257: Line 311:
'''Weight'''
'''Weight'''


| style="background:#eaeaea" | 7
| style="background:#eaeaea" | 5
|-
|-
| style="background:#dadada; padding-right:1em" |
| style="background:#dadada; padding-right:1em" |
Line 265: Line 319:
| style="background:#eaeaea" |
| style="background:#eaeaea" |


Candidates should be able to build, share and operate Docker containers. This includes creating Dockerfiles, using a Docker registry, creating and interacting with containers as well as connecting containers to networks and storage volumes. This objective covers the feature set of Docker version 17.06 or later.
Candidates should be able to operate Docker and Podman containers. This includes creating and interacting with containers as well as connecting containers to networks and storage volumes.


|}
|}
Line 271: Line 325:
'''Key Knowledge Areas:'''
'''Key Knowledge Areas:'''


* Understand the Docker architecture
* Understand the Docker and Podman architecture
 
* Use existing images from an OCI registry


* Use existing Docker images from a Docker registry
* Operate and access containers


* Create Dockerfiles and build images from Dockerfiles
* Understand Docker networking concepts, including overlay networks


* Upload images to a Docker registry
* Understand the concepts of DNS service discovery


* Operate and access Docker containers
* Connect container to container networks and use DNS for service discovery


* Connect container to Docker networks
* Understand Docker storage concepts


* Use Docker volumes for shared and persistent container storage
* Use Docker volumes for shared and persistent container storage
* Awareness of rootless containers


'''The following is a partial list of the used files, terms and utilities:'''
'''The following is a partial list of the used files, terms and utilities:'''


* docker
* docker container *
 
* docker network *
 
* docker image *


* Dockerfile
* docker volume *
 
* podman container *
 
* podman network *
 
* podman image *


* .dockerignore
* podman volume *


<br />
<br />


====<span style="color:navy">702.2 Container Deployment and Orchestration (weight: 5)</span>====
====<span style="color:navy">702.2 Container Orchestration (weight: 3)</span>====


{|
{|
Line 302: Line 370:
'''Weight'''
'''Weight'''


| style="background:#eaeaea" | 5
| style="background:#eaeaea" | 3
|-
|-
| style="background:#dadada; padding-right:1em" |
| style="background:#dadada; padding-right:1em" |
Line 310: Line 378:
| style="background:#eaeaea" |
| style="background:#eaeaea" |


Candidates should be able to run and manage multiple containers that work together to provide a service. This includes the orchestration of Docker containers using Docker Compose in conjunction with an existing Docker Swarm cluster as well as using an existing Kubernetes cluster. This objective covers the feature sets of Docker Compose version 1.14 or later, Docker Swarm included in Docker 17.06 or later and Kubernetes 1.6 or later.
Candidates should be able to run and manage multiple containers that work together to provide a service. This includes the orchestration of Docker containers using Docker Compose.


|}
|}
Line 316: Line 384:
'''Key Knowledge Areas:'''
'''Key Knowledge Areas:'''


* Understand the application model of Docker Compose
* Understand the application model of Docker Compose and Podman Compose


* Create and run Docker Compose Files (version 3 or later)
* Create and run Docker Compose Files (version 3 or later)


* Understand the architecture and functionality of Docker Swarm mode
* Define services, networks and volumes, along with their commonly used properties, in Docker Compose files
 
* Run containers in a Docker Swarm, including the definition of services, stacks and the usage of secrets
 
* Understand the architecture and application model Kubernetes


* Define and manage a container-based application for Kubernetes, including the definition of Deployments, Services, ReplicaSets and Pods
* Use Docker Compose to update running containers to newer images


'''The following is a partial list of the used files, terms and utilities:'''
'''The following is a partial list of the used files, terms and utilities:'''


* docker-compose
* docker compose


* docker
* podman-compose


* kubectl
* docker-compose.yml


<br />
<br />


====<span style="color:navy">702.3 Container Infrastructure (weight: 4)</span>====
====<span style="color:navy">702.3 Container Image Building (weight: 5)</span>====


{|
{|
Line 345: Line 409:
'''Weight'''
'''Weight'''


| style="background:#eaeaea" | 4
| style="background:#eaeaea" | 5
|-
|-
| style="background:#dadada; padding-right:1em" |
| style="background:#dadada; padding-right:1em" |
Line 354: Line 418:


Candidates should be able to set up a runtime environment for containers. This includes running containers on a local workstation as well as setting up a dedicated container host. Furthermore, candidates should be aware of other container infrastructures, storage, networking and container specific security aspects. This objective covers the feature set of Docker version 17.06 or later and Docker Machine 0.12 or later.
Candidates should be able to set up a runtime environment for containers. This includes running containers on a local workstation as well as setting up a dedicated container host. Furthermore, candidates should be aware of other container infrastructures, storage, networking and container specific security aspects. This objective covers the feature set of Docker version 17.06 or later and Docker Machine 0.12 or later.
Candidates should be able to build OCI container images. This includes creating Dockerfiles or Containerfiles, building containers and publishing containter images on an existing OCI registry.


|}
|}
Line 359: Line 425:
'''Key Knowledge Areas:'''
'''Key Knowledge Areas:'''


* Use Docker Machine to setup a Docker host
* Create Dockerfiles and build images from Dockerfiles
 
* Understand OCI image names
 
* Upload images to a Docker registry
 
* Understand the principles of image scanners
 
* Understand security risks of container virtualization and container images and how to mitigate them
 
* Awareness Docker buildx, Docker Buildkit, Podman build and Buildah
 
'''The following is a partial list of the used files, terms and utilities:'''
 
* docker image *
 
* docker login
 
* Dockerfile
 
* Containerfile
 
* .dockerignore
 
* FROM


* Understand Docker networking concepts, including overlay networks
* COPY
 
* ADD


* Create and manage Docker networks
* RUN


* Understand Docker storage concepts
* VOLUME


* Create and manage Docker volumes
* EXPOSE


* Awareness of Flocker and flannel
* USER


* Understand the concepts of service discovery
* WORKDIR


* Basic feature knowledge of CoreOS Container Linux, rkt and etcd
* ENV


* Understand security risks of container virtualization and container images and how to mitigate them
* ARG


'''The following is a partial list of the used files, terms and utilities:'''
* CMD


* docker-machine
* ENTRYPOINT


<br />
<br />


===''703 Machine Deployment''===
===''703 Kuberetes''===




====<span style="color:navy">703.1 Virtual Machine Deployment (weight: 4)</span>====
====<span style="color:navy">703.1 Kuberetes Architecture and Usage (weight: 4)</span>====


{|
{|
Line 401: Line 493:
| style="background:#eaeaea" |
| style="background:#eaeaea" |


Candidates should be able to automate the deployment of a virtual machine with an operating system and a specific set of configuration files and software.
Candidates should understand the major components of Kubernetes. Futhermore, candidates should be able to interact with an existing Kubernetes platform to retrieve information about the current Kubernets state, and create, modify and delete resources.


|}
|}
Line 407: Line 499:
'''Key Knowledge Areas:'''
'''Key Knowledge Areas:'''


* Understand Vagrant architecture and concepts, including storage and networking
* Understand the major components and services in a Kubernetes cluster
 
* Configure kubectl to use an existing Kubernetes cluster
 
* Use kubectl to get information about Kubernetes resources
 
* Use kubectl to create, modify and delete resources
 
* Awareness of Kubernetes Operators
 
'''Partial list of the used files, terms and utilities:'''
 
* API-Server, etcd, Controller Manager, Scheduler
 
* ~/.kube/config
 
* kubectl get
 
* kubectl describe
 
* kubectl apply


* Retrieve and use boxes from Atlas
* kubectl create


* Create and run Vagrantfiles
* kubectl run


* Access Vagrant virtual machines
* kubectl expose


* Share and synchronize folder between a Vagrant virtual machine and the host system
* kubectl scale


* Understand Vagrant provisioning, including File, Shell, Ansible and Docker
* kubectl set


* Understand multi-machine setup
* kubectl edit


'''The following is a partial list of the used files, terms and utilities:'''
* kubectl explain
 
* kubectl config


* vagrant
* kubectl logs


* Vagrantfile
* kubectl exec


<br />
<br />


====<span style="color:navy">703.2 Cloud Deployment (weight: 2)</span>====
====<span style="color:navy">703.2 Basic Kubernetes Operations (weight: 7)</span>====


{|
{|
Line 436: Line 550:
'''Weight'''
'''Weight'''


| style="background:#eaeaea" | 2
| style="background:#eaeaea" | 7
|-
|-
| style="background:#dadada; padding-right:1em" |
| style="background:#dadada; padding-right:1em" |
Line 444: Line 558:
| style="background:#eaeaea" |
| style="background:#eaeaea" |


Candidates should be able to configure IaaS cloud instances and adjust them to match their available hardware resources, specifically, disk space and volumes.  Additionally, candidates should be able to configure instances to allow secure SSH logins and prepare the instances to be ready for a configuration management tool such as Ansible.
Cadidates should be able to set up applications running on Kubernetes. This includes understanding the most important kinds of Kubernetes resources, including their most important properties.


|}
|}
Line 450: Line 564:
'''Key Knowledge Areas:'''
'''Key Knowledge Areas:'''


* Understanding the features and concepts of cloud-init, including user-data and initializing and configuring cloud-init
* Understanding the use of Yaml files to declare Kubernetes resources


* Use cloud-init to create, resize and mount file systems, configure user accounts, including login credentials such as SSH keys and install software packages from the distribution’s repository
* Understanding the principle of a Pod


* Understand the features and implications of IaaS clouds and virtualization for a computing instance, such as snapshotting, pausing, cloning and resource limits.
* Understanding how to use Deployments, including scaling and rolling updates
 
* Understanding how to make services accessible using Services and Ingress
 
* Understanding how to use storage using PersistentVolumeClaims
 
* Awareness of other Kubernetes orchestation resources, i.e. DaemonSets, StatefulSets, Jobs and CronJobs
 
'''Partial list of the used files, terms and utilities:'''
 
* Pods
 
* ReplicaSets
 
* Deployments
 
* Services
 
* Ingress
 
* PersistentVolumeClaims


<br />
<br />


====<span style="color:navy">703.3 System Image Creation (weight: 2)</span>====
====<span style="color:navy">703.3 Kubernetes Package Management (weight: 2)</span>====


{|
{|
Line 473: Line 607:
| style="background:#eaeaea" |
| style="background:#eaeaea" |


Candidates should be able to create images for containers, virtual machines and IaaS cloud instances.
Candidates should be able to use Helm to install software on Kubernetes.


|}
|}
Line 479: Line 613:
'''Key Knowledge Areas:'''
'''Key Knowledge Areas:'''


* Understand the functionality and features of Packer
* Understanding the concepts of Charts, Releases and Values
 
* Installation, upgrading and uninstalling software using Helm


* Create and maintain template files
* Specify custom values to configure software installed using Helm


* Build images from template files using different builders
* Awareness of Kustomize


'''The following is a partial list of the used files, terms and utilities:'''
'''The following is a partial list of the used files, terms and utilities:'''


* packer
* helm install
 
* helm upgrade
 
* helm list
 
* helm uninstall
 
* values.yaml


<br />
<br />


===''704 Configuration Management''===
===''705 Security and Observability''===
 


====<span style="color:navy">704.1 Ansible (weight: 8)</span>====
====<span style="color:navy">705.1 IT Operations (weight: 4)</span>====


{|
{|
Line 500: Line 645:
'''Weight'''
'''Weight'''


| style="background:#eaeaea" | 8
| style="background:#eaeaea" | 4
|-
|-
| style="background:#dadada; padding-right:1em" |
| style="background:#dadada; padding-right:1em" |
Line 508: Line 653:
| style="background:#eaeaea" |
| style="background:#eaeaea" |


Candidates should be able to use Ansible to ensure a target server is in a specific state regarding its configuration and installed software. This objective covers the feature set of Ansible version 2.2 or later.
Candidates should understand the major kinds of IT threats against cloud native infrastructure, as well as common approaches to prevent such attacks and mitigate their risk. This includes    as well as common standards for authentication and authorization.
 
Candidates should understand how IT infrastructure is involved in delivering a service. This includes knowledge about the major goals of IT operations, understanding functional and nonfunctional properties of an IT services. Furthermore candidates should understand major security risks in IT infrastructure.


|}
|}
Line 514: Line 661:
'''Key Knowledge Areas:'''
'''Key Knowledge Areas:'''


* Understand the principles of automated system configuration and software installation
* Understand core IT infrastructure components and their role in deployment


* Create and maintain inventory files
* Understand common IT infrastructure security risks and ways to mitigate them


* Understand how Ansible interacts with remote systems
* Understand supply chain security and dependencies on foreign code


* Manage SSH login credentials for Ansible, including using unprivileged login accounts
* Understand common application security risks and ways to mitigate them


* Create, maintain and run Ansible playbooks, including tasks, handlers, conditionals, loops and registers
* Understand the concepts of asymetric cryptography and digital certificates


* Set and use variables
* Understand the principles of common standard for authentication and authorization


* Maintain secrets using Ansible vaults
* Understand how to manage user credentials and how to use advanced authentication technologies


* Write Jinja2 templates, including using common filters, loops and conditionals
'''The following is a partial list of the used files, terms and utilities:'''


* Understand and use Ansible roles and install Ansible roles from Ansible Galaxy
* Service exploits, brute force attacks, and denial of service attacks
 
* Security updates, packet filtering and application gateways


* Understand and use important Ansible tasks, including file, copy, template, ini_file, lineinfile, patch, replace, user, group, command, shell, service, systemd, cron, apt, debconf, yum, git, and debug
* Buffer overflows, SQL injections


* Awareness of dynamic inventory
* Common Vulnerabilities and Exposures (CVE)


* Awareness of Ansibles features for non-Linux systems
* CVE IDs and CVE scores


* Awareness of Ansible containers
* Public key, private key, X.509 certificate, certificate authority


'''The following is a partial list of the used files, terms and utilities:'''
* Single sign-on (SSO)


* ansible.cfg
* OAuth2, OpenID Connect and SAML


* ansible-playbook
* Two-factor authentication (2FA) and multi-factor authentication (MFA)


* ansible-vault
* One-time passwords (OTP), time-based one-time passwords (TOTP)


* ansible-galaxy
* Authenticator applications


* ansible-doc
* Password hashing and salting


<br />
<br />


====<span style="color:navy">704.2 Other Configuration Management Tools (weight: 2)</span>====
====<span style="color:navy">705.2 Prometheus Monitoring (weight: 6)</span>====


{|
{|
Line 561: Line 710:
'''Weight'''
'''Weight'''


| style="background:#eaeaea" | 2
| style="background:#eaeaea" | 6
|-
|-
| style="background:#dadada; padding-right:1em" |
| style="background:#dadada; padding-right:1em" |
Line 569: Line 718:
| style="background:#eaeaea" |
| style="background:#eaeaea" |


Candidates should understand the main features and principles of important configuration management tools other than Ansible.
Candidates should understand the role of monitoring for application and IT infrastructure. They should be familiar with the architecture and components of Prometheus. The candidate should be able to set up Prometheus and use PromQL to query monitoring data.


|}
|}
Line 575: Line 724:
'''Key Knowledge Areas:'''
'''Key Knowledge Areas:'''


* Basic feature and architecture knowledge of Puppet.
* Understand goals of IT operations and service provisioning, including nonfunctional properties such as availability, latency, responsiveness
 
* Understand and identify metrics and indicators to monitor and measure the technical functionality of a service
 
* Understand and identify metrics and indicators to monitor and measure the logical functionality of a service
 
* Understand the concepts of Prometheus, including Exporters, Pushgateway, Alertmanager and Grafana
 
* Understand the architecture of Prometheus
 
* Set up prometheus and configure file based service discovery
 
* Monitor containers and microservices using Prometheus


* Basic feature and architecture knowledge of Chef.
* Use PromQL to retrieve log data


'''The following is a partial list of the used files, terms and utilities:'''
* Aggregate metrics for specific labels


* Manifest, Class, Recipe, Cookbook
* Aggregate metrics over time


* puppet
* Awareness of common exporters


* chef
* Awareness of application instrumentation


* chef-solo
'''The following is a partial list of the used files, terms and utilities:'''


* chef-client
* Prometheus, Exporters, AlertManager, Grafana


* chef-server-ctl
* Label selectors


* knife
* Instant vectors and aggregate functions


<br />
* Range vectors and aggregate functions


===''705 Service Operations''===
* Node Exporter and Blackbox Exporter


<br />


====<span style="color:navy">705.1 IT Operations and Monitoring (weight: 4)</span>====
====<span style="color:navy">705.3 Log Management and Analysis (weight: 2)</span>====


{|
{|
Line 607: Line 769:
'''Weight'''
'''Weight'''


| style="background:#eaeaea" | 4
| style="background:#eaeaea" | 2
|-
|-
| style="background:#dadada; padding-right:1em" |
| style="background:#dadada; padding-right:1em" |
Line 615: Line 777:
| style="background:#eaeaea" |
| style="background:#eaeaea" |


Candidates should understand how IT infrastructure is involved in delivering a service. This includes knowledge about the major goals of IT operations, understanding functional and nonfunctional properties of an IT services and ways to monitor and measure them using Prometheus. Furthermore candidates should understand major security risks in IT infrastructure. This objective covers the feature set of Prometheus 1.7 or later.
Candidates should understand the role of log files in operations and troubleshooting. They should be understand the major properties and features of commonly used Open Source logging stacks.


|}
|}
Line 621: Line 783:
'''Key Knowledge Areas:'''
'''Key Knowledge Areas:'''


* Understand goals of IT operations and service provisioning, including nonfunctional properties such as availability, latency, responsiveness
* Understand how application and system logging works


* Understand and identify metrics and indicators to monitor and measure the technical functionality of a service
* Understand the architecture and features of commonly used open source logging stacks


* Understand and identify metrics and indicators to monitor and measure the logical functionality of a service
'''The following is a partial list of the used files, terms and utilities:'''


* Understand the architecture of Prometheus, including Exporters, Pushgateway, Alertmanager and Grafana
* ElasticSearch and OpenSearch


* Monitor containers and microservices using Prometheus
* Logstash and filebeat
 
* Understand the principles of IT attacks against IT infrastructure
 
* Understand the principles of the most important ways to protect IT infrastructure
 
* Understand core IT infrastructure components and their role in deployment


'''The following is a partial list of the used files, terms and utilities:'''
* Fluentd and FluentBit


* Prometheus, Node exporter, Pushgateway, Altermanager, Grafana
* Kibana


* Service exploits, brute force attacks, and denial of service attacks
* Loki and promtail


* Security updates, packet filtering and application gateways
* Grafana


* Virtualization hosts, DNS and load balancers
* Greylog2


<br />
<br />


====<span style="color:navy">705.2 Log Management and Analysis (weight: 4)</span>====
====<span style="color:navy">705.4 Tracking (weight: 2)</span>====


{|
{|
Line 656: Line 812:
'''Weight'''
'''Weight'''


| style="background:#eaeaea" | 4
| style="background:#eaeaea" | 2
|-
|-
| style="background:#dadada; padding-right:1em" |
| style="background:#dadada; padding-right:1em" |
Line 664: Line 820:
| style="background:#eaeaea" |
| style="background:#eaeaea" |


Candidates should understand the role of log files in operations and troubleshooting. They should be able to set up centralized logging infrastructure based on Logstash to collect and normalize log data. Furthermore, candidates should understand how Elasticsearch and Kibana help to store and access log data.
Candidates should understand the concepts and importance of tracing and be familiar with the architecture of OpenTelemetry.


|}
|}
Line 670: Line 826:
'''Key Knowledge Areas:'''
'''Key Knowledge Areas:'''


* Understand how application and system logging works
* Understanding the concepts of tracing


* Understand the architecture and functionality of Logstash, including the lifecycle of a log message and Logstash plugins
* Understanding the concepts of OpenTelemetry


* Understand the architecture and functionality of Elasticsearch and Kibana in the context of log data management (Elastic Stack)
* Awareness of commonly used open source telemetry analysis tools


* Configure Logstash to collect, normalize, transform and ship log data
* Awareness of application instrumentation
 
* Configure syslog and Filebeat to send log data to Logstash
 
* Configure Logstash to send email alerts
 
* Understand application support for log management


'''The following is a partial list of the used files, terms and utilities:'''
'''The following is a partial list of the used files, terms and utilities:'''


* logstash
* Open Telemetry
 
* input, filter, output
 
* grok filter
 
* Log files, metrics
 
* syslog.conf
 
* /etc/logstash/logstash.yml
 
* /etc/filebeat/filebeat.yml
 
<br />
 


==Future Change Considerations==
* Spans and Distributed Traces


Future changes to the objective will/may include:
* Contexts, Span and Trace IDs


* 701.2: Remove the OpenStack examples and focus on the general features
* Span attributes, events, links, status and kind


* 702.2: Reconsider Swarm and potentially increase Kubernetes
* Grafana Tempo


* 703.1: Reconsider Vagrant (or its weight)
* Jaeger

Revision as of 15:28, 9 June 2023

Introduction

This is a required exam for the Linux Professional Institute DevOps Tools Engineer certification. It covers basic skills in using tools commonly used to implement DevOps.

This page covers the currently released objective for the Linux Professional Institute DevOps Tools Engineer certification.


Candidate Description

The certification holder is either a professional software developer or a professional system administrator who is involved in the production of IT solutions which require a robust and efficient process to get from original source materials to a final deployed or distributable product or service with a particular focus on using Open Source technology. The certification holder has the ability to create, deliver and operate software using collaborative methods which address aspects of software development as well as system administration. In particular, the certification holder is adept at bridging the gap between the development and operations of a solution or product. The certification holder understands how these tools facilitate development and operational tasks in the delivery of stable, scalable and up to date services to users and customers.


Version Information

These objectives are A DRAFT FOR version 2.0.0.


Translations of Objectives

The following translations of the objectives are available on this wiki:


Exams and Requirements

The Linux Professional Institute DevOps Tools Engineer certification is awarded after passing this exam. There is no requirement to posses another certifications. LPI recommends all Linux Professional Institute DevOps Tools Engineers to maintain at least one active certification in either system administration or software development. This certification should be on a level equivalent to LPIC-1.


Objectives

701 Software Engineering

701.1 Modern Software Development (weight: 6)

Weight

6

Description

Candidates should be able to design software solutions suitable for modern runtime environments. Candidates should understand how services handle data persistence, sessions, status information, transactions, concurrency, security, performance, availability, scaling, load balancing, messaging, monitoring and APIs. Furthermore, candidates should understand the implications of agile and DevOps on software development.

Key Knowledge Areas:

  • Understand and design service based applications
  • Understand common API concepts and standards
  • Understand aspects of data storage, service status and session handling
  • Design software to be run in containers
  • Design software to be deployed to cloud services
  • Awareness of risks in the migration and integration of monolithic legacy software
  • Understand the concept of agile software development
  • Understand the concept of DevOps and its implications to software developers and operators

The following is a partial list of the used files, terms and utilities:

  • REST, JSON
  • Service Orientated Architectures (SOA)
  • Microservices
  • Immutable servers
  • Loose coupling
  • Cross site scripting, SQL injections, verbose error reports, API authentication, consistent enforcement of transport encryption
  • CORS headers and CSRF tokens


701.2 Standard Components and Platforms for Software (weight: 3)

Weight

3

Description

Candidates should understand services offered by common cloud platforms. They should be able to include these services in their application architectures and deployment toolchains and understand the required service configurations. Futhermore, the candidate should be aware of the commonly used open source implementations of the various services.

Key Knowledge Areas:

  • Features and concepts of object storage
  • Features and concepts of relational and NoSQL databases
  • Features and concepts of message brokers and message queues
  • Features and concepts of big data services
  • Features and concepts of application runtimes / PaaS
  • Features and concepts of hosted applications / SaaS
  • Features and concepts of function applications / FaaS
  • Features and concepts of content delivery networks
  • Awareness of identity and access management in cloud services

The following is a partial list of the used files, terms and utilities:

  • Objects, Buckets, ACLs, S3
  • MariaDB, MySQL, PostgreSQL,
  • Redis, MongoDB, InfluxDB
  • ElasticSearch and OpenSearch
  • Kafka, MQTT
  • IAM


701.3 Source Code Management (weight: 6)

Weight

6

Description

Candidates should be able to use Git to manage and share source code. This includes creating and contributing to a repository as well as the usage of tags, branches and remote repositories. Furthermore, the candidate should be able to merge files and resolve merging conflicts.

Key Knowledge Areas:

  • Understand Git concepts and repository structure
  • Manage files within a Git repository
  • Manage branches and tags
  • Work with remote repositories and branches as well as submodules
  • Merge files and branches
  • Awareness of SVN and CVS, including concepts of centralized and distributed SCM solutions

The following is a partial list of the used files, terms and utilities:

  • git
  • .gitignore


701.4 Continuous Integration and Continuous Delivery (weight: 3)

Weight

3

Description

Candidates should understand the principles and components of a continuous integration and continuous delivery pipeline. Candidates should understand how CI/CD pipelines support the development and release of software and how they integrate with source code repositories and the target runtime environment. Furthermore, candidates should be aware of commonly used CI/CD platforms.

Key Knowledge Areas:

  • Understand the concepts of Continuous Integration and Continuous Delivery
  • Understand the components of a CI/CD pipeline, including builds, unit, integration and acceptance tests, artifact management, delivery and deployment
  • Understand the concepts of GitOps
  • Understand the role of build artifacts and caches
  • Understand deployment best practices
  • Awareness of Jenkins and Gitlab CI
  • Awareness of Flux CD and Argo CD
  • Awareness of Artifactory and Nexus

The following is a partial list of the used files, terms and utilities:

  • Declarative Pipeline
  • Production, Staging and Development Environments
  • Feature toggles
  • Preview releases
  • Reconciliation loops
  • A/B testing
  • Blue-green and canary deployment






701.5 Software Composition, Licensing and Open Source (weight: 2)

Weight

2

Description

Candidates should understand the principles of software licenses. This includes how software from multiple authors and sources are combined to implement a specific service and how licensing affects such compositions. Futhermore, the candidate should understand the concepts of open source software, including the most important aspects of common open source licenses.

Key Knowledge Areas:

  • Understand how an application is build out of multiple software components
  • Awareness of dependency managers like NPM, gradle or composer
  • Understand the concepts proprietary and open source software
  • Understand the concepts of open source software licenses
  • Awareness of commonly used open source licenses (GPL, LGPL, AGPL, BSD, MIT and Apache License)
  • Awareness of license compatibility and multi licensing

The following is a partial list of the used files, terms and utilities:

  • Software libraries
  • Software Bill Of Materials
  • Proprietary software
  • Open Source Software and Free Software
  • Copyleft open source sofware licenses
  • Permissive open source software licenses


702 Application Container

702.1 Application Container Management (weight: 5)

Weight

5

Description

Candidates should be able to operate Docker and Podman containers. This includes creating and interacting with containers as well as connecting containers to networks and storage volumes.

Key Knowledge Areas:

  • Understand the Docker and Podman architecture
  • Use existing images from an OCI registry
  • Operate and access containers
  • Understand Docker networking concepts, including overlay networks
  • Understand the concepts of DNS service discovery
  • Connect container to container networks and use DNS for service discovery
  • Understand Docker storage concepts
  • Use Docker volumes for shared and persistent container storage
  • Awareness of rootless containers

The following is a partial list of the used files, terms and utilities:

  • docker container *
  • docker network *
  • docker image *
  • docker volume *
  • podman container *
  • podman network *
  • podman image *
  • podman volume *


702.2 Container Orchestration (weight: 3)

Weight

3

Description

Candidates should be able to run and manage multiple containers that work together to provide a service. This includes the orchestration of Docker containers using Docker Compose.

Key Knowledge Areas:

  • Understand the application model of Docker Compose and Podman Compose
  • Create and run Docker Compose Files (version 3 or later)
  • Define services, networks and volumes, along with their commonly used properties, in Docker Compose files
  • Use Docker Compose to update running containers to newer images

The following is a partial list of the used files, terms and utilities:

  • docker compose
  • podman-compose
  • docker-compose.yml


702.3 Container Image Building (weight: 5)

Weight

5

Description

Candidates should be able to set up a runtime environment for containers. This includes running containers on a local workstation as well as setting up a dedicated container host. Furthermore, candidates should be aware of other container infrastructures, storage, networking and container specific security aspects. This objective covers the feature set of Docker version 17.06 or later and Docker Machine 0.12 or later.

Candidates should be able to build OCI container images. This includes creating Dockerfiles or Containerfiles, building containers and publishing containter images on an existing OCI registry.

Key Knowledge Areas:

  • Create Dockerfiles and build images from Dockerfiles
  • Understand OCI image names
  • Upload images to a Docker registry
  • Understand the principles of image scanners
  • Understand security risks of container virtualization and container images and how to mitigate them
  • Awareness Docker buildx, Docker Buildkit, Podman build and Buildah

The following is a partial list of the used files, terms and utilities:

  • docker image *
  • docker login
  • Dockerfile
  • Containerfile
  • .dockerignore
  • FROM
  • COPY
  • ADD
  • RUN
  • VOLUME
  • EXPOSE
  • USER
  • WORKDIR
  • ENV
  • ARG
  • CMD
  • ENTRYPOINT


703 Kuberetes

703.1 Kuberetes Architecture and Usage (weight: 4)

Weight

4

Description

Candidates should understand the major components of Kubernetes. Futhermore, candidates should be able to interact with an existing Kubernetes platform to retrieve information about the current Kubernets state, and create, modify and delete resources.

Key Knowledge Areas:

  • Understand the major components and services in a Kubernetes cluster
  • Configure kubectl to use an existing Kubernetes cluster
  • Use kubectl to get information about Kubernetes resources
  • Use kubectl to create, modify and delete resources
  • Awareness of Kubernetes Operators

Partial list of the used files, terms and utilities:

  • API-Server, etcd, Controller Manager, Scheduler
  • ~/.kube/config
  • kubectl get
  • kubectl describe
  • kubectl apply
  • kubectl create
  • kubectl run
  • kubectl expose
  • kubectl scale
  • kubectl set
  • kubectl edit
  • kubectl explain
  • kubectl config
  • kubectl logs
  • kubectl exec


703.2 Basic Kubernetes Operations (weight: 7)

Weight

7

Description

Cadidates should be able to set up applications running on Kubernetes. This includes understanding the most important kinds of Kubernetes resources, including their most important properties.

Key Knowledge Areas:

  • Understanding the use of Yaml files to declare Kubernetes resources
  • Understanding the principle of a Pod
  • Understanding how to use Deployments, including scaling and rolling updates
  • Understanding how to make services accessible using Services and Ingress
  • Understanding how to use storage using PersistentVolumeClaims
  • Awareness of other Kubernetes orchestation resources, i.e. DaemonSets, StatefulSets, Jobs and CronJobs

Partial list of the used files, terms and utilities:

  • Pods
  • ReplicaSets
  • Deployments
  • Services
  • Ingress
  • PersistentVolumeClaims


703.3 Kubernetes Package Management (weight: 2)

Weight

2

Description

Candidates should be able to use Helm to install software on Kubernetes.

Key Knowledge Areas:

  • Understanding the concepts of Charts, Releases and Values
  • Installation, upgrading and uninstalling software using Helm
  • Specify custom values to configure software installed using Helm
  • Awareness of Kustomize

The following is a partial list of the used files, terms and utilities:

  • helm install
  • helm upgrade
  • helm list
  • helm uninstall
  • values.yaml


705 Security and Observability

705.1 IT Operations (weight: 4)

Weight

4

Description

Candidates should understand the major kinds of IT threats against cloud native infrastructure, as well as common approaches to prevent such attacks and mitigate their risk. This includes as well as common standards for authentication and authorization.

Candidates should understand how IT infrastructure is involved in delivering a service. This includes knowledge about the major goals of IT operations, understanding functional and nonfunctional properties of an IT services. Furthermore candidates should understand major security risks in IT infrastructure.

Key Knowledge Areas:

  • Understand core IT infrastructure components and their role in deployment
  • Understand common IT infrastructure security risks and ways to mitigate them
  • Understand supply chain security and dependencies on foreign code
  • Understand common application security risks and ways to mitigate them
  • Understand the concepts of asymetric cryptography and digital certificates
  • Understand the principles of common standard for authentication and authorization
  • Understand how to manage user credentials and how to use advanced authentication technologies

The following is a partial list of the used files, terms and utilities:

  • Service exploits, brute force attacks, and denial of service attacks
  • Security updates, packet filtering and application gateways
  • Buffer overflows, SQL injections
  • Common Vulnerabilities and Exposures (CVE)
  • CVE IDs and CVE scores
  • Public key, private key, X.509 certificate, certificate authority
  • Single sign-on (SSO)
  • OAuth2, OpenID Connect and SAML
  • Two-factor authentication (2FA) and multi-factor authentication (MFA)
  • One-time passwords (OTP), time-based one-time passwords (TOTP)
  • Authenticator applications
  • Password hashing and salting


705.2 Prometheus Monitoring (weight: 6)

Weight

6

Description

Candidates should understand the role of monitoring for application and IT infrastructure. They should be familiar with the architecture and components of Prometheus. The candidate should be able to set up Prometheus and use PromQL to query monitoring data.

Key Knowledge Areas:

  • Understand goals of IT operations and service provisioning, including nonfunctional properties such as availability, latency, responsiveness
  • Understand and identify metrics and indicators to monitor and measure the technical functionality of a service
  • Understand and identify metrics and indicators to monitor and measure the logical functionality of a service
  • Understand the concepts of Prometheus, including Exporters, Pushgateway, Alertmanager and Grafana
  • Understand the architecture of Prometheus
  • Set up prometheus and configure file based service discovery
  • Monitor containers and microservices using Prometheus
  • Use PromQL to retrieve log data
  • Aggregate metrics for specific labels
  • Aggregate metrics over time
  • Awareness of common exporters
  • Awareness of application instrumentation

The following is a partial list of the used files, terms and utilities:

  • Prometheus, Exporters, AlertManager, Grafana
  • Label selectors
  • Instant vectors and aggregate functions
  • Range vectors and aggregate functions
  • Node Exporter and Blackbox Exporter


705.3 Log Management and Analysis (weight: 2)

Weight

2

Description

Candidates should understand the role of log files in operations and troubleshooting. They should be understand the major properties and features of commonly used Open Source logging stacks.

Key Knowledge Areas:

  • Understand how application and system logging works
  • Understand the architecture and features of commonly used open source logging stacks

The following is a partial list of the used files, terms and utilities:

  • ElasticSearch and OpenSearch
  • Logstash and filebeat
  • Fluentd and FluentBit
  • Kibana
  • Loki and promtail
  • Grafana
  • Greylog2


705.4 Tracking (weight: 2)

Weight

2

Description

Candidates should understand the concepts and importance of tracing and be familiar with the architecture of OpenTelemetry.

Key Knowledge Areas:

  • Understanding the concepts of tracing
  • Understanding the concepts of OpenTelemetry
  • Awareness of commonly used open source telemetry analysis tools
  • Awareness of application instrumentation

The following is a partial list of the used files, terms and utilities:

  • Open Telemetry
  • Spans and Distributed Traces
  • Contexts, Span and Trace IDs
  • Span attributes, events, links, status and kind
  • Grafana Tempo
  • Jaeger
Retrieved from "https://wiki.lpi.org/w/index.php?title=DevOps_Tools_Engineer_Objectives_V2.0&oldid=5730"