Technical Assessment For Deployment Support Engineer - Hery Munanzar
Technical Assessment For Deployment Support Engineer - Hery Munanzar
Technical Assessment For Deployment Support Engineer - Hery Munanzar
1. Describe any steps you would take in case hosts on another network segment are
unreachable, while the networking system is not provided by your company.
Answer :
First I will find out the network by doing traceroute to destination host, if I already know
the unreachable host i will check the segment ip in the host.
2. Case:
● Public IP = 11.12.123.250/30
● Local Network = 172.20.2.0/24
● Server 1 = PostgreSQL with public access
● Server 2 = stream server with public access (port: 9001-9050)
● Server 3 = ftp server with read-only public access
● Server 4 = web server with SSL
● 1x router with 5 ports (1Gbps/port)
a. Based on the information above, create the network diagram. add any devices
you see fit if necessary.
Answer :
b. Explain how you could make all services from “Server 1” to “Server 4” accessible
from the public.
Answer :
Configure Server 1
- Login as postgres user using sudo su command, enter :
$ postgres
- Edit the file:
$ vi /var/lib/pgsql/data/pg_hba.conf
- Append the following configuration lines to give access to 172.20.2.0/24
network :
host all all 172.20.2.0/24 trust
- Save and close the file.
- Enable networking for PostgreSQL
# vi /var/lib/pgsql/data/postgresql.conf
tcpip_socket = true
- Save and close the file.
- Restart PostgreSQL Server
# /etc/init.d/postgresql restart
Configure Server 2
- Login sudo su command, enter :
$sudo su
- Set IP : 172.20.2.2 & Subnet : 255.255.255.0 & Gateway : 172.20.2.254
- check firewall with ufw
$ systemctl status ufw
- if we have dead, we need to active ufw
$ systemctl start ufw
- if we have actived, we need check policy firewall is accept
$ iptables -L
- if we have accept, we have allow port 9001-9050
$ ufw allow 9001:9050/tcp
- we have accept to range IP
$ufw allow from 172.20.2.1 to 172.20.2.254 port 9001-9050
Configure Server 3
- Login sudo su command, enter :
$sudo su
- Set IP : 172.20.2.3 & Subnet : 255.255.255.0 & Gateway : 172.20.2.254
- install vsftpd
$apt-get install vsftpd
- enable firewall ufw
$ufw enable
- check status and enable port
$ufw status
- create folder FTP
$mkdir /home/ftp
- set ownership
$chown nobody:nogroup /home/ftp
- remove write permissions :
$chmod a-w /home/ftp
- restart vsftpd
$systemctl restart vsftpd
Configure Server 4
- Login sudo su command, enter :
$sudo su
- Set IP : 172.20.2.4 & Subnet : 255.255.255.0 & Gateway : 172.20.2.254
- install apache2
$apt-get install apache2
- configure ssl in apache2
- give access in firewall
Configure Router
- Routing ip 172.20.2.0/24 to 11.12.123.250/30
- setting DNS : 8.8.8.8
- setting firewall
5. Create an installation script to install FTP server and it’s configuration as followed:
● FTP root folder = /home/$USER/ftp
● USER1 = nodeflux ; Permission = full access
● USER2 = donkey ; Permission = read only, on USER1 root folder
● USER3 = gandalf ; Permission = block access to FTP
Answer :
6. Routing Table
Based on information above, make changes to the configuration using CLI so the PC
can access to the other hosts and internet.
Answer :
12. Deploy Ghost CMS, Nginx, and Postgre with docker-compose. When creating
deployment script please make sure criteria like below:
a. This deployment will be deployed on top of VM with OS Ubuntu 16.04 and have
dedicated internal and external IP.
b. Docker, docker-compose, OS and VM already deployed. You only need to
prepare the deployment script.
c. Deployment plan, You can create docker-compose.yaml.
d. Multi environment. Like dev, staging, and production.
e. Backup, everyone wants their data safe. You can schedule tasks to auto backup
or dump DB. Backup files can be saved at the local VM, just a different folder
from the postgre working directory.
f. Monitoring, make sure everything is normal and we can trace back if something
goes wrong. You can create a schedule checking script. You can use a script to
monitor things like CPU, RAM, and DISK, if the value exceeds the threshold then
send Alert.
g. Alerting, make sure if something happens we can be notified even if we are
sleeping. You can create a schedule checking script and if something happens it
can request API or something.
h. Automation, one command to run it all. Every action must be automated,
Consider using bash-script or python. We don’t want manual human intervention.
i. Everything must be committed into the Github repository in private.
15. Our AI analytic server is deployed as a microservice. The server is able to handle up-to
1000 requests per second. However, there will be an un-ordinary event coming up and
the amount of requests is exploding up-to 10k requests per second for a few seconds
from a loyal customer. How would you solve this problem without adding more
hardware?
Answer :
Mybe we can create microservice queue algorithm in deployment
16. How do you deploy an AI models in a mobile device? Please mention and explain all the
possible methods.
17. What is the advantageous and disadvantageous deploying Ai model directly on mobile
devices?
18. Say we want to develop an AI analytic mobile application(IOS/Android), for e.g taking
snapshot photos of pets, and tell what species it is. Now, for this AI analytic, we have
developed an AI deep learning model for this particular application. This model of course
requires computation and storage size and can be ported to the mobile device as
well(with some tradeoff in term of performance)
If you are given a task to design end to end system architecture for this application,
ranging from the backend applications, infrastructures, network protocol
communications, and finally the mobile application, how do you approach this? we would
like to see architecture diagrams, components, where you will store the
model(backend/frontend with supporting reasoning), communication methods, and stack
choices(please support the reasons)