Wednesday, March 6, 2019

Interview questions devops (06-mar-2019)

DevOps Docker and Network important interview question and Answers.
Docker Interview Questions  And Network Interview Questions and Answers.
1.   What is the advantage of Docker over hypervisors?
Answer: Docker is light weight and more efficient in terms of resource uses because it uses the host underlying kernel rather than creating its own hypervisor.
2.   What is a Docker Image?
 Answer: Docker Image is the source of the Docker container. In other words, Docker images are used to create containers. It is possible create multiple isolated containers from a single image. TIP: Be aware of DockerHub to be able to answer questions on pre-available images. 
3.   What is a Docker container?
Answer: A Docker Container is an instantiation of Docker image.  It is the run time instance of images. Images are set of files whereas containers are the one which runs the image. 
4.   What is the difference between a Docker Image and a container?
 Answer: Docker container is the runtime instance of Docker image. A Docker Image does not have a state and its state never changes as it is just set of files whereas Docker container has its execution state.
5.   How do you create Docker images?
 Answer: Docker image are created using Docker file. Docker build is the command to create Docker image out of Docker file. Once an image has been created, as many containers are required can be spawned. 
6.   How is a Docker container created?
Answer: We can create Docker container by running this command docker run -t -i <image name> <command name>
7. Can you name some commonly used Docker commands?
Command Description
docker run -t -i <image name> <command name>
Start and run a container
Docker ps -a List all running containers
Docker stop <container id> Stop a container
Docker start <container id> Start a container
Docker restart <container id> Restart a container
7.   Can you name some other container technologies?
 Answer: It has been around in *NIX for quite some time. Some examples include:   Solaris container (aka Solaris Zones)  FreeBSD Jails  AIX Workload Partitions (aka WPARs)  Linux OpenVZ
8.   How to check/configure IP in docker?
Answer: Use docker inspect <container ID> e.g. docker inspect `docker run -d -p 4321 base nc -lk 4321`|grep IPAddress| cut -d ‘:’ -f 4                                                                                          (or)         docker inspect --format '{{ .NetworkSettings.IPAddress }}' ${CID}

10. What is DockerHub?
Answer: It is essentially a repository from where you can download containers and use the same. You can also share containers with other applications. 
11. How exactly does containerization differ from Virtualization?
  Answer: To run an application in virtualized environment (e.g. vSphere), we first need to create a VM, install an OS inside and only then deploy the application.
To run same application in Docker all you need is to deploy that application in Docker. There is no need of additional OS layer. You just deploy the application with its dependent libraries, the rest (kernel, etc.) is provided by Docker engine.
This table from a Docker official website shows it in a quite clear way.
12. Why do my services take a long time to recreate or stop?
Answer: Compose stop attempts to stop a container by sending a SIGTERM. It then waits for a default timeout of 10 seconds. After the timeout, a SIGKILL is sent to the container to forcefully kill it. If you are waiting for this timeout, it means that your containers aren’t shutting down when they receive the SIGTERM signal.
There has already been a lot written about this problem of processes handling signals in containers.
To fix this problem, try the following:  Make sure you’re using the JSON form of CMD and ENTRYPOINT in your Dockerfile. For example, use ["program", "arg1", "arg2"] not “program arg1 arg2". Using the string form causes Docker to run your process using bash which doesn’t handle signals properly. Compose always uses the JSON form, so don’t worry if you override the command or entrypoint in your Compose file.  -If you are able, modify the application that you’re running to add an explicit signal handler for SIGTERM.  -Set the stop_signal to a signal which the application knows how to handle: -web: build: . stop_signal: SIGINT  -If you can’t modify the application, wrap the application in a lightweight init system (like s6) or a signal proxy (like dumb-init or tini). Either of these wrappers take care of handling SIGTERM properly.
13. What’s the difference between up, run, and start?
 Answer: Typically, you want docker-compose up. Use up to start or restart all the services defined in a docker-compose.yml. In the default “attached” mode, you’ll see all the logs from all the containers. In “detached” mode (-d), Compose exits after starting the containers, but the containers continue to run in the background.
The docker-compose run command is for running “one-off” or “adhoc” tasks. It requires the service name you want to run and only starts containers for services that the running service depends on. Use run to run tests or perform an administrative task such as removing or adding data to a data volume container. The run command acts like docker run -ti in that it opens an interactive terminal to the container and returns an exit status matching the exit status of the process in the container.
The docker-compose start command is useful only to restart containers that were previously created, but were stopped. It never creates new containers.
14. How does your organization handle multiple languages, libraries and repositories?
 Answer: TIP TO ANSWER: Docker works best when there are uniform tools and processes. Implementing Docker where there are multiple tools can be a nightmare. If you have answered yes to having multiple toolsets, including logging, be prepared to answer deeper questions on how these problems were handled at technical, process and personnel levels. 
The golden thumb rule is: 
If it’s not broken, don’t fix it. If you’ve already invested the engineering time required to build a continuous integration/continuous delivery (CI/CD) pipeline, containerizing legacy apps may not be worth the time investment.
15. What is Docker Swarm?
Answer: Docker Swarm is native clustering for Docker. It turns a pool of Docker hosts into a single, virtual Docker host. Because Docker Swarm serves the standard Docker API, any tool that already communicates with a Docker daemon can use Swarm to transparently scale to multiple hosts. Supported tools include, but are not limited to, the following:  Dokku  Docker Compose  Docker Machine  Jenkins
16. Can you name some supported Swarm Discovery backends?
 Answer:   Static file or list of nodes (Not supported with replicating Swarm Managers)   Hosted Discovery Key store o Zookeper , Etcd ,Consul
17. What are the steps for making Swarm work with TLS?
Answer: These are some of the steps:  a) Ensure all servers can be accessed via SSH and have properly qualified DNS Names b) Open ports to communicate between Manager and Nodes c) Open port to communicate between client and Manager d) Create a Certificate Authority (CA) Server e) Create and sign Keys f) Install Keys g) On Nodes, edit /etc/default/docker and edit DOCKER_OPTS line to use the keys h) Start Cluster and Swarm Manager i) Verify same 
18. What is Kubernetes?
Answer: Kubernetes (commonly referred to as "k8s") is an open source container cluster manager originally designed by Google and donated to the Cloud Native Computing Foundation. It aims to provide a "platform for automating deployment, scaling, and operations of application containers across clusters of hosts".
19. You are asked to choose between Kubernetes and Docker. What will influence your decision?
Answer:  (A) IF you have sufficient Docker experience and transitioning to a new platform is costprohibitive, choose Swarm.  (B) Before Docker 1.9, we did not have software networking, persistent volumes, and unlessstopped policy. So, if you are using older versions of Docker, you might want to choose Kubernetes (or) more simply plan a migration to Docker 1.9+. 
TIP: This question is geared to ask If you are aware of technological alternatives. There are other tools in this space and awareness, if not necessarily practical experience, is a bonus. 
20.  Explain the Docker Architecture
Tip to Answer: The below is the full answer. Instead, just mention the components, images/containers and then lead with a question of your own on which component to elaborate on. 
Each Docker setup includes a Docker client (typically a command line interface, but Docker also features a Remote API and a daemon, the persistent process that runs on each host and listens to API calls. Both the client and the daemon can share a single host, or the daemon can run in a remote host.
Docker images are read-only templates from which containers are generated. An image consists of a snapshot of a Linux distribution like Ubuntu or Fedora — and maybe a set of applications or runtime environments, like Apache, Java, or ElasticSearch. Users can create their own Docker images, or reuse one of the many images created by other users and available on the Docker Hub.
Docker registries are repositories from which one can download or upload Docker images. The Docker Hub is a large public registry, and can be used to pull images within a Docker workflow, but more often teams prefer their own registry containing the relevant subset of public Docker images that it requires along with its own private images.
Docker containers are directories containing everything needed for the application to run, including an operating system and a file system, leveraging the underlying system’s kernel but without relying on anything environment-specific. This enables containers to be created once and moved from host to host without risk of configuration errors. In other words, the exact same container will work just as well on a developer’s workstation as it will on a remote server. A Docker workflow is a sequence of actions on registries, images and containers. It allows a team of developers to create containers based on a customized image pulled from a registry, and deploy and run them on a host server. Every team has its own workflow — potentially integrating with a continuous integration server like Jenkins, configuration management tools like Chef or Puppet, and maybe deploying to cloud servers like Amazon Web Services. The daemon on each Docker host enables further actions on the containers — they can be stopped, deleted or moved. The result of these actions is called lifecycle events.
21. How do I run multiple copies of a Compose file on the same host?
Answer: Compose uses the project name to create unique identifiers for all a project’s containers and other resources. To run multiple copies of a project, set a custom project name using the -p command line option or the COMPOSE_PROJECT_NAME environment variable.
22. Can I use JSON instead of YAML for my Compose file? Answer: Yes. YAML is a superset of JSON so any JSON file should be valid YAML. To use a JSON file with Compose, specify the filename to use
23. Should I include my code with COPY/ADD or a volume? Answer: You can add your code to the image using COPY or ADD directive in a Dockerfile. This is useful if you need to relocate your code along with the Docker image, for example when you’re sending code to another environment (production, CI, etc.). Prefer COPY over ADD as image size is reduced with COPY over ADD. 
You should use a volume if you want to make changes to your code and see them reflected immediately, for example when you’re developing code and your server supports hot code reloading or live-reload.
There may be cases where you’ll want to use both. You can have the image include the code using a COPY, and use a volume in your Compose file to include the code from the host during development. The volume overrides the directory contents of the image. 
24. What is Immutable infrastructure?
  Answer: The common use case is to have a container run a web server and mount the source code from the host. This is referred to as mutable images because if contents of the mounted volume are changed, container behaviour changes. 
An immutable image is an image that contains everything it needs to run the application, so obviously including your source code. The “only” difference is that your Dockerfile will copy your application code and eventually run any build process or dependencies installation. 2 main advantages:
 (A) Self-contained images are more portable, scalable and easily change run time dependencies.  (B) Given tag of that image will always have the same behaviour making it easier to  a. Test b. Roll back c. Perform A/B testing       
25. Can you explain about Docker networking? 
Answer: When you install Docker, it creates three networks automatically. You can list these networks using the Docker network ls command. These 3 networks are: Bridge, None, Host. When you run a container, you can specify the network on which the container should run using –network. 
The bridge network is docker0. This is the default network. The none network adds a container to a container-specific network stack. That container lacks a network interface. The host network adds a container on the hosts network stack. You’ll find the network configuration inside the container is identical to the host. 
TIP: For additional details, please understand subnetting, gateways and the subnet 172.17.0.1/16. Related questions on same:  Docker attach/detach Docker network inspect In fact, most question on Dockers seem to focus on the syntax/arguments for various Docker commands. Please be very thorough on same 
26. What is Docker Compose? 
 Answer: Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a Compose file to configure your application’s services. Then, using a single command, you create and start all the services from your configuration.
27. What is your typical use flow for Compose?
 Answer:  I would define my application environment with a Dockerfile so it can be reproduced anywhere.
 Define the services that make up my application in docker-compose.yml so they can be run together in an isolated environment.  Lastly, run docker-compose up and Compose will start and run your entire app.   28. What is a Dockerfile used for?   Answer: Docker can build images automatically by reading the instructions from a Dockerfile. A Dockerfile is a text document that contains all the commands a user could call on the command line to assemble an image. Using Docker build users can create an automated build that executes several command-line instructions in succession. 
29. Can you talk about some of the best practices you have used in using Docker Files? 
TIP to answer: Answer honestly on this one. Some of the points below are taken from Docker’ own guidance, answer them in the context of your experience.
  Answer: 1. Keep dockerfiles short and quick to build 2. Using of .dockerignore files and/or keeping DockerFiles in empty directories 3. Avoiding using unnecessary packages 4. Running only one service per container 5. Avoid ADD/COPY as much as possible since this means computing checksums for each file.  6. Prefer to use Copy over ADD.  7. As far as possible, use current Official repositories 8. Avoiding use of apt-get upgrade over apt-get install -y  9. Always combine apt-get update and apt-get install -y  10. Keep absolute paths for WORKDIR 11. …………………
30. Tell us how you have used Docker in your past position.  Answer: Explain how you have used Docker to help rapid deployment. Explain how you have scripted Docker and used Docker with other tools like Puppet, Chef or Jenkins. If you have no past practical experience in Docker and have experience with other tools in similar space, be honest and explain the same. In this case, it makes sense if you can compare other tools to Docker in terms of functionality. 
Networking Concepts
1. What is DHCP? Answer: Dynamic Host Configuration Protocol (DHCP) is a network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers (i.e., a scope) configured for a given network. 
2. How does it work?  Answer: TIP TO ANSWER: Explain the various messages Types including DHCPDiscover. Then explain how this is done as below:
When a client needs to start up TCP/IP operations, it broadcasts a request for address information. The DHCP server receives the request, assigns a new address for a specific time (called a lease period) and sends it to the client together with the other required configuration information. This information is acknowledged by the client, and used to set up its configuration. The DHCP server will not reallocate the address during the lease period and will attempt to return the same address every time the client requests an address. The client may extend its lease with subsequent requests, and may send a message to the server before the lease expires telling it that it no longer needs the address so it can be released and assigned to another client on the network.
3. What are DHCP Messages?
 Answer: 1. DHCPDISCOVER 2. DHCPOFFER 3. DHCPREQUEST 4. DHCPACK 5. DHCPNAK 6. DHCPDECLINE 7. DHCPRELEASE 8. DHCPINFORM  Expect to get individual questions on what each of these messages represent and how they are used.
4. Can you Explain the flow of messages in assigning a new address?
Answer:  A Client sends a DHCPDISCOVER Message on Ethernet Broadcast Address.   Servers respond with DHCPOFFER message.   Client then sends DHCPREQUEST Message on Ethernet Broadcast Address accepting one server and rejecting other servers.   Server sends a DHCPACK Message to client and client completes Initialization   On Shutdown. Client sends DHCPRELEASE Message to server.
5. What is meant by a lease?
  Answer: With all the necessary information on how DHCP works, one should also know that the IP address assigned by DHCP server to DHCP client is on a lease. After the lease expires the DHCP server is free to assign the same IP address to any other host or device requesting for the same. For example, keeping lease time 8-10 hours is helpful in case of PC’s that are shut down at the end of the day.  So, lease must be renewed from time to time. The DHCP client tries to renew the lease after half of the lease time has expired. This is done by the exchange of DHCPREQUEST and DHCPACK messages. While doing all this, the client enters the renewing stage.
6. What is meant by DHCP Scope?
Answer: DHCP scopes are used to define ranges of addresses from which a DHCP server can assign IP addresses to clients.
7. What are the types of Scope?
Answer:  Normal Scope - Allows A, B and C Class IP address ranges to be specified including subnet masks, exclusions and reservations. Each normal scope defined must exist within its own subnet.  Multicast Scope - Used to assign IP address ranges for Class D networks. Multicast scopes do not have subnet masks, reservation or other TCP/IP options. Multicast scope address ranges require that a Time To Live (TTL) value be specified (essentially the number of routers a packet can pass through on the way to its destination).  Superscope - Essentially a collection of scopes grouped together such that they can be enabled and disabled as a single entity.

9.   Explain why you need integration between DHCP and DNS.
 Answer: Traditionally, DNS and DHCP servers have been configured and managed one at a time. Similarly, changing authorization rights for a particular user on a group of devices has meant visiting each one and making configuration changes.
DHCP integration with DNS allows the aggregation of these tasks across devices, enabling a company's network services to scale in step with the growth of network users, devices, and policies, while reducing administrative operations and costs. This integration provides practical operational efficiencies that lower total cost of ownership.
Creating a DHCP network automatically creates an associated DNS zone, for example, reducing the number of tasks required of network administrators. And integration of DNS and DHCP in the same database instance provides unmatched consistency between service and management views of IP address-centric network services data.
Refer to class instruction guides on how to set this integration in Ubuntu 14. Refer to other guides on setting up DDNS (Dynamic DNS)
10.      Can a BOOTP Client use DHCP
  Answer: Only if the DHCP server is specifically written to also handle BOOTP queries. TIP: Learn about BOOTP and its integration with DHCP and PXE.
11.      What’s a PTR in DNS?
Answer: Pointer records are used to map a network interface (IP) to a host name. These are primarily used for reverse DNS. Reverse DNS is setup very like how normal (forward) DNS is setup.  When you delegate the DNS forward, the owner of the domain tells the registrar to let your domain use specific name servers.
12.      What is an MX record in DNS?
Answer: MX records are mail exchange records used for determining the priority of email servers for a domain. The lowest priority email server is the first destination for email. If the lowest priority email server is unavailable, mail will be sent to the higher priority email servers.
13.      How does HTTP work?
 Answer: The HTTP protocol works in a client and server model like most other protocols. A web browser using which a request is initiated is called as a client and a web server software which responds to that request is called a server. World Wide Web Consortium and the Internet Engineering Task Force are two important spokes in the standardization of the HTTP protocol. HTTP allows improvement of its request and response with the help of intermediates, for example a gateway, a proxy, or a tunnel. The resources that can be requested using the HTTP protocol, are made available using a certain type of URI (Uniform Resource Identifier) called a URL (Uniform Resource Locator). TCP (Transmission Control Protocol) is used to establish a connection to the application layer port 80 used by HTTP.
14.      Give an Example of how you have optimized Apache (or) NGINX
Answer: TIP to answer: Demonstrate understanding of Application Performance Management (APM) tools and frameworks, benchmarking, using tools for apache like ab, load testing tools (JMETER). Explain key parameters like thread count, threading models (prefork/worker), worker processes and how you have a measurement strategy and SLA Tracking. Do not just answer in terms of technical answers. Especially if you can demonstrate how you use tool sets like ELK to graphically visualize data to quickly identify problem areas, that will be great. 
15.      If you had to choose a load balancer, what determines the choice of algorithms?
Answer:  Understand the application stack.   Understand the nature of the application (Static/Dynamic/Requires Session proximity/Stickiness)   Network layers – Layer 4 vs Layer 7 vs Connection Oriented vs Message Oriented  Choice of Protocols
In general, one of the most misunderstood aspects of load balancing is that a load balancing algorithm is designed to choose from a pool of resources and that an application is or can be made up of multiple pools of resources. These pools can be distributed (cloud balancing) or localized, and they may all be active or some may be designated as solely existing for failover purposes. Ultimately this means that the algorithm does not actually choose the pool from which a resource will be chosen – it only chooses a specific resource. The relationship between the choice of a pool and the choice of a single resource in a pool is subtle but important when making architectural decisions – especially those that impact scalability. A pool of resources is (or should be) a set of servers serving similar resources. For example, the separation of image servers from application logic servers will better enable scalability domains in which each resource can be scaled individually, without negatively impacting the entire application. You will be asked on this if you are going to be serious about scalability.
16.      You are asked to implement HA Proxy to load balance 2 Apache Servers. What challenges do you foresee?
Answer: Centralized logging is one of the expected answers. In addition, ensuring SPOF for HAProxy itself is another challenge. If the servers are dynamically spun off, including script to update proxy configurations dynamically is another.
17.      Have you integrated DHCP and DNS together? Give an example.
  Answer: Answer honestly on this one. If you just have theoretical knowledge, say so. (HINT: This is presented together as an installation guide for this module on Ubuntu 12+).
18.      Given you are free to select a web server, which of these would you choose? Apache or NGINX? Why?

Answer: Tip to answer: The temptation is say NGINX automatically. However, the nature of the application, the programming language behind the application, expected volumes of visitors and SLA are all important factors. NGINX is better off the bat for static applications, but the same can easily be achieved with multiple servers If an existing load balancer is already in place and with judicious tuning of parameters. PHP Servers require separate cache and backend servers and are easier to configure/setup in Apache.

No comments:

Post a Comment