Scribd Logo
Upload

Welcome to Scribd!

  • 186 views

    Itnsa Pra WSMB2023

    Uploaded by

    hazwan
    The document describes a test project for an IT Network System Administration competition involving configuring network infrastructure using Ansible. It includes 17 tasks to automate configuration of networking devices, Windows and Linux servers using Ansible playbooks. Key tasks involve configuring switching, routing, firewalls, DNS, DHCP and more. Participants must create Ansible playbooks to configure all devices and servers based on the provided network topology, addressing and other details. Configuration will be assessed based on running the playbooks from the management server.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Itnsa Pra WSMB2023

    Uploaded by

    hazwan
    186 views10 pages
    The document describes a test project for an IT Network System Administration competition involving configuring network infrastructure using Ansible. It includes 17 tasks to automate configuration of networking devices, Windows and Linux servers using Ansible playbooks. Key tasks involve configuring switching, routing, firewalls, DNS, DHCP and more. Participants must create Ansible playbooks to configure all devices and servers based on the provided network topology, addressing and other details. Configuration will be assessed based on running the playbooks from the management server.

    Original Title

    ITNSA-PRA-WSMB2023.docx

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document describes a test project for an IT Network System Administration competition involving configuring network infrastructure using Ansible. It includes 17 tasks to automate configuration of networking devices, Windows and Linux servers using Ansible playbooks. Key tasks involve configuring switching, routing, firewalls, DNS, DHCP and more. Participants must create Ansible playbooks to configure all devices and servers based on the provided network topology, addressing and other details. Configuration will be assessed based on running the playbooks from the management server.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    186 views10 pages

    Itnsa Pra WSMB2023

    Uploaded by

    hazwan
    The document describes a test project for an IT Network System Administration competition involving configuring network infrastructure using Ansible. It includes 17 tasks to automate configuration of networking devices, Windows and Linux servers using Ansible playbooks. Key tasks involve configuring switching, routing, firewalls, DNS, DHCP and more. Participants must create Ansible playbooks to configure all devices and servers based on the provided network topology, addressing and other details. Configuration will be assessed based on running the playbooks from the management server.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 10

    PERTANDINGAN WORLDSKILLS MALAYSIA

    KATEGORI BELIA (WSMB) TAHUN 2023

    (IT NETWORK SYSTEM ADMINISTRATION)

    PERINGKAT PRA-KELAYAKAN

    MASA : 5 JAM

    NAMA:

    No. KP:

    JABATAN PEMBANGUNAN KEMAHIRAN


    KEMENTERIAN SUMBER MANUSIA
    Contents
    Contents
    Contents...................................................................................................................................................................... 2
    Introduction to Test Project..........................................................................................................................................3
    Introduction.................................................................................................................................................................3
    Description of project and tasks...................................................................................................................................3
    Basic Configuration...................................................................................................................................................... 4
    Tasks and Descriptions.......................................................................................................................................... 4
    00-all-facts.yml.................................................................................................................................................. 4
    01-all-hostname.yml..........................................................................................................................................4
    02-net-switching.yml......................................................................................................................................... 4
    03-net-vtp.yml................................................................................................................................................... 4
    04-all-ipaddress.yml.......................................................................................................................................... 4
    05-net-routing.yml.............................................................................................................................................4
    06-net-VPN.yml................................................................................................................................................. 5
    07-win-adds.yml................................................................................................................................................ 5
    08-win-tools.yml................................................................................................................................................5
    09-xxx-dhcp.yml.................................................................................................................................................5
    10-lin-iptables.yml............................................................................................................................................. 5
    11-win-dns.yml.................................................................................................................................................. 5
    12-lin-dns.yml.................................................................................................................................................... 5
    13-win-cert.yml................................................................................................................................................. 6
    14-lin-web.yml...................................................................................................................................................6
    15-lin-users.yml................................................................................................................................................. 6
    16-win-users.yml............................................................................................................................................... 6
    17-net-backup.yml.............................................................................................................................................6
    Network Address Table...........................................................................................................................................7
    Management Network Address Table...................................................................................................................7
    Network Topology....................................................................................................................................................8

    [2]
    Introduction to Test Project
    The following is a list of sections or information that must be included in all Test Project proposals that are
    submitted to WorldSkills Malaysia Belia (WSMB).
    ● Contents including list of all documents, drawings and photographs that make up the Test Project
    ● Introduction/overview
    ● Short description of project and tasks
    ● Instructions to the Competitor
    ● Marking scheme (incl. assessment criteria)
    ● Other

    Introduction
    This Test Project proposal consists of the following documentation/files:

    • ITNSA-PRA-WSMB2023.docx
    • debian-11.6.0-amd64-DLBD-1.iso
    • hosts
    • ansible.cfg
    • users.csv
    • users.json

    The competition has a fixed start and finish time. You must decide how to best divide
    your time. Please carefully read the following instructions!

    When the competition time ends, all machines except the Management PC will be refreshed and
    reconfigured. The assessment will be done based on all of the configuration from the Management PC alone.
    Make sure all of the config could be pushed from Management PC. The default configuration for Cisco devices
    is included.

    Set all user password and credential with Skills39 unless being specifically stated with password.

    Infrastructure automation is the use of technology that performs tasks with reduced human assistance in
    order to control the hardware, software, networking components, operating system (OS), and data storage
    components used to deliver information technology services and solutions.

    Description of project and tasks


    You will be migrating VMs to Infrastructure as Code (IaC) and simplify the process of creating new services.

    Login for all VMs and Devices:


    Username Linux: root / itnsa
    Username Windows: Administrator / itnsa
    Username Cisco: itnsa

    Password: Skills39

    All VMs and devices are connected to the management network (10.1.1.0/24) and have a statically configured
    IP address. The management network will be used for configuring the different hosts. You can login using
    username and password over SSH or WinRM.
    You may install any additionally required packages and features on the VMs. The ISO for Debian is included.

    [3]
    Basic Configuration
    1. Install and setup Ansible to configure every single hosts in the topology. There is a preconfigured hosts file given
    that contains the information of every host. DO NOT CHANGE THIS FILE.
    2. Create a folder at /data/ansible for the tasks configuration. All playbooks should be on the root of the directory
    /data/ansible. Feel free to add or create any file/folder for running the playbook.
    3. For marking, all playbooks will be run in order from each part’s respective directory using the command
    “ansible-playbook <playbookname.yml>”
    4. All tasks should have state of “ok” or “skipped” even after running for more than one time

    Tasks and Descriptions


    00-all-facts.yml
    ● Create a playbook called 00-all-facts.yml to test the connectivity of all network devices.
    o Configure to test connection to all hosts in the topology (win_ping, ios_facts, asa_facts, ping)
    01-all-hostname.yml
    ● Create a playbook called 01-all-hostname.yml for configuring the hostname and domain name.
    o All hosts should receive the hostname based on the hostname in the table below.
    o Linux hosts should have the domain name of worldskills.my
    o Network devices should have the domain name of itnsa.my

    02-net-switching.yml
    ● Create a playbook called 02-net-switching.yml for configuring switching
    o Configure LACP for link between SW1, SW2 and SW3
    ▪ SW3 will be in passive mode for both link
    ▪ SW2 will be in passive mode for link to SW1
    o Create trunking ports between switches. Set access ports for client endpoints

    03-net-vtp.yml
    ● Create a playbook called 03-net-vtp.yml for configuring the hostname
    o Select the SW3 as VTP Server. The others switch will be the VTP Client

    VTP Domain itnsa.my

    VTP Skills39
    Password

    VTP Version 3

    VLAN10 NAME: SRV

    VLAN20 NAME: LAN

    VLAN99 NAME: MGMT

    04-all-ipaddress.yml
    ● Create a playbook called 04-all-ipaddress.yml for configuring IP address
    o Configure IP address for all hosts based on table below

    [4]
    o DO NOT modify the Management network interface.
    o Configure so that LAN and Server network is able to connect with each other in ASA

    05-net-routing.yml
    ● Create a playbook called 05-net-routing.yml for configuring routing using OSPF
    o Configure OSPF between firewall and routers, use OSPF 100 and area 0 by default.
    o Do not advertise management network.
    o Prevent OSPF advertisement on interface that does not participate in routing exchange.
    (routers)
    o Protect OSPF link with md5 authentication using password “Skills39”

    [5]
    06-net-VPN.yml
    ● Create a playbook called 06-net-VPN.yml for configuring VPN between ASA and Router.
    o Configure so that DC and CLIENT network can connect with LNX. Feel free to use site-to-site
    or Tunnel.
    o Use IKEv2 to secure traffic between links.
    ▪ Use pre-shared key of “Skills39”. Use any parameter to configure

    07-win-adds.yml
    ● Create a playbook called 07-win-adds.yml for installation of Active Directory Domain Services
    o Configure server as domain controller
    o Use itnsa.my as domain name
    o Use Skills39 as safe password

    08-win-tools.yml
    ● Create a playbook called 08-win-tools.yml for installing and managing Windows Service in all
    windows device.
    o Install the telnet client on Windows
    o Stop and disable the Remote Desktop Service on Windows
    o Enable ICMP traffic on Windows Firewall

    09-xxx-dhcp.yml
    ● Create a playbook called 09-xxx-dhcp.yml for configuring DHCP for client subnet.
    o Feel free to choose network device or windows server as the DHCP Server.
    ▪ Replace XXX with net or win based on the device configured.
    o Create DHCP scope with following parameter
    ▪ Range: 192.168.10.120/24 – 192.168.10.150/24
    ▪ DNS: Windows Server
    ▪ Gateway: FW

    10-lin-iptables.yml
    ● Create a playbook called 10-lin-iptables.yml for filtering incoming traffic using iptables
    o Incoming traffic should be blocked by default
    o Allow ICMP and minimal traffic (web, dns) services to work
    o Allow SSH from Management PC to Linux hosts.
    o Make sure the rules in iptables persist across reboot.

    11-win-dns.yml
    ● Create a playbook called 11-win-dns.yml for configuring DNS server
    o Configure the DNS as authoritative server for the domain itnsa.my.
    o Windows hosts should contain A record DC that points to the DNS server.
    o Create conditional forwarder for worldskills.my to Linux server.
    o Create CNAME record of cert that points to the server itself.

    12-lin-dns.yml
    ● Create a playbook called 12-lin-dns.yml for configuring DNS server
    o Install and configure the DNS as authoritative server for the domain worldskills.my
    o Linux hosts should contain A record LNX that points to the DNS server.
    o Create conditional forwarder for worldskills.my to windows server.
    o Create CNAME for record for www, intranet and linux-server

    [6]
    o Set the linux server to use own address as DNS Server

    [7]
    13-win-cert.yml
    ● Create a playbook called 13-win-cert.yml for configuring certificates
    o Install Certificate Authority only
    o Create a standalone root certificate with the following properties
    ▪ Common Name = ITNSA-CA
    ▪ Organization Name = Worldskills Malaysia
    ▪ Country Code = MY

    14-lin-web.yml
    ● Create a playbook called 14-lin-web.yml for configuring the web server. You can use any service
    for this task.
    o The local website http://www.worldskills.my and show the text with the following content
    ▪ “<h1><center>Welcome to www.worldskills.my</center></h1>”
    o Create another site intranet. worldskills.my that listens to port 8081 with the following
    content
    ▪ “<h1><center>Welcome to intranet of this website</center></h1>”

    15-lin-users.yml
    ● Create a playbook called 15-lin-users.yml for importing users.
    o Import users from users.csv to Linux server.
    o Make sure that no change is made to the user if there is an existing user with same UID and
    username.

    16-win-users.yml
    ● Create a playbook called 16-win-users.yml for configuring Active Directory Users.
    o For each user in users.json file.

    ▪ Create an AD user based on “name”, “username” and “password” attribute

    17-net-backup.yml
    ● Create a playbook called 17-net-backup.yml to save and backup all of the configurations of
    network devices.
    o Create a folder at /data/ backup. Save configuration in the folder with the format
    “{{inventory_hostname}}.cfg”
    o Make sure every network devices configuration is saved.

    [8]
    Network Address Table
    Device Interface Address

    DC Ethernet 0 172.16.10.1/24
    CLIENT Ethernet 0 192.168.10.XXX/24 (DHCP)
    LNX Ethernet0 172.16.20.1/24
    GigabitEthernet0/0.10 172.16.10.254/24 [SRV]
    GigabitEthernet0/0.20 192.168.10.254/24 [LAN]
    FW
    GigabitEthernet0/0.99 172.16.99.6/29 [NET]
    GigabitEthernet0/1 16.32.64.1/30 [OUTSIDE]
    Loopback0 1.1.1.1/32
    HQ GigabitEthernet0/0 24.48.72.1/28
    GigabitEthernet0/1 16.32.64.2/30
    GigabitEthernet0/0 24.48.72.14/28
    ISP
    GigabitEthernet0/1 172.16.20.254/24
    SW1 VLAN 99 172.16.99.1/29
    SW2 VLAN 99 172.16.99.2/29
    SW3 VLAN 99 172.16.99.3/29

    Management Network Address Table


    Group Device Interface Address

    MGMT Ethernet 1 10.1.1.1


    linux LNX Ethernet 1 10.1.1.2
    windows DC Ethernet 1 10.1.1.3
    asa FW Management0/0 10.1.1.4
    HQ GigabitEthernet0/3 10.1.1.5
    ISP GigabitEthernet0/3 10.1.1.6
    cisco SW1 GigabitEthernet1/0 10.1.1.7
    SW2 GigabitEthernet1/0 10.1.1.8
    SW3 GigabitEthernet1/0 10.1.1.9
    Windows CLIENT Ethernet 1 10.1.1.10

    [9]
    Network Topology

    [10]

    You might also like