Linux OPS (eight)

face a network engineer, feel that tomorrow to take an offer, but this is not my job, this is only guaranteed offer, alas, good hope a little bit of confidence oh! In the past few weeks, Labor has spent too much money, I have a new goal, tomorrow but a small test, test my review results these days, in fact, my real goal is next week's internet finance. I'm too easy to fall, I have to find a target

1. How to get all the TCP connections for the PID 100 process in the Linux system, please give the detailed command? (Do not look at the interface is not done, of course, there are ideas on the line, said the awk condition judgment)

Answer: [[email protected] 1dir]# Netstat-tnlp|awk ' {print $7} ' |awk-f '/' $1==100{print $} '

2, squid How to view cache Hit rate and cleanup cache information.

A: When installing squid with the Squidclient tool, the suqid hit rate is low because the requested dynamic content is too many, while squid mainly caches static content. The typical cache hit rate for web caches is between 30% and 60%, where the port can be 3128 or 80,

Squidclient-p 3128 Mgr:info

Squidclient-p 3128-m PURGE http://www.361way.com #强制更新某个url, that is, to clean up a connected squid

Reference Document: Http://www.361way.com/squid-percentage/1951.html

3, host a need to transmit to host B a 10GB of data, from the application layer can do what transmission optimization? What transport optimizations can be made from TCP? Please list the optimization measures separately.

Answer: (1) The application layer is compressed and then transmitted.

(2) The 10 GB size of data into a small segment for transmission, which is for flow control, to avoid sending the sender too fast.

(3) TCP layer, the first control information can be added less, such as no fill option, in addition to the TCP to UDP, because the UDP system overhead is small, the data is large, otherwise the transmission is too waste of time.

4, say about the Linux startup process (I am very much hope to test this problem ah!) ）

A: (1) BIOS power-on self-test, decided to start from the network, hard disk or USB, CD and other ways

(2) Read MBR, load bootloader, the Grub menu appears, load kernel

(3) Start the first process, the INIT process, read the/etc/inittab and decide which runlevel to start from

(4) Detect hardware, load drivers, perform/etc/rc.sysint system initialization, such as network, time zone, etc.

(5) Run some level boot start service, boot kernel module

(6) Read/etc/rc.local, execute boot Run script

(7) Miggety program running/bin/login, the user login interface, after authentication, the user can use the operating system

5. List as many of the ways you know how to install the Linux operating system. (Mother Egg, this special what rubbish problem)

Answer: (1) PXE Kickstart unattended automatic installation

(2) in the disc into the image, partition formatting and so on.

(3) Cloning other operating systems in the virtual machine

6. The performance difference of traditional mechanical hard disk and SSD is briefly described, and several kinds are listed. (Solid-state drives are not seen, measurement of a hard drive is primarily storage capacity, read and write capabilities, and stability)

A: Difference (1) the disk reading and writing ability of mechanical hard disk is inferior to SSD

(2) Anti-vibration and stability, solid-state drive better than mechanical hard disk

(3) The appearance, the mechanical hard disk is to use the disk, the head, sector, cylinder and other seek to consume the system resources, and the solid-state drive is a chip-like

Example: Machine: SAS, SCSI, IDE hard drive, SATA SSD: SSD

7. Describe the process of obtaining IP address by DHCP. (I'm going to clean it up.)

Answer: four times the interactive process of the message. Server-side UDP 67 port, client 68 port.

(1) The client broadcast sends a DHCP Discover message asking who in the network segment can provide me with an IP address.

(2) All the DHCP servers in this network segment can receive the offer message, return a DHCP service message to the client, and remain broadcast because the client does not have an IP address

(3) The client chooses the first arrival DHCP offer message as his server, then broadcasts the DHCP request message, indicating that I have selected this server to send me IP.

(4) When the selected server is received, a DHCP ACK message is sent to the client that contains the lease, the IP required by the host, the gateway, the subnet mask, and the DNS

8, FTP active mode and passive mode, what is the use of the scene, and a brief description of the two modes, the FTP connection establishment process? (The use of the scene is a bit novel)

A: The scene: Active mode for download, passive mode for uploading. Because the download must be actively transmitted by the server, and the upload is the client active (service side passive) passed over.

Note: A TCP connection is established before the control connection is established, and the random port N is greater than 1024

(2) Active mode: The client opens a control port N, simultaneously opens a data port n+1, the control port N and the server port 21 port establishes the connection; then the client sends the port command to tell the other server

My data port is n+1, so the server establishes a channel with Port 20 and the client's data port n+1 to start transmitting data

(3) Passive mode: Also the client opens a control port N, while opening another data port n+1, and the service side of the 21 port initialization to establish a control connection. The client sends the PASV command, asks if the data port p is available, if available, the server opens the P port, returns an ACK acknowledgement, and the client then actively connects to the data channel port on the server.

9, how to get the TCP port that the PID 100 process listens to in the Linux system, please give the detailed command. (The problem is new)

Answer: Netstat-antup |grep 100

10, need to crawl the eth1 card from 127.10.32.5 to the native 8080 port of the packet, please list the tools or methods you can think of? and give the implementation of a specific method (verbose command or code)?

Answer: Tcpdump TCP port 8080-i eth1 and SRC host 127.10.32.5 # #tcpdump-I eth1 src net 127.0.0.0

11, after the server delivery business party use, using the netstat command to find a large number of time_wait connections, please briefly describe the reasons for the existence of time_wait connection? How to resolve. (Note that the cause is not a function)

A: (1) Reason: The general line of a large number of time_wait important background is the business use of Nginx agent. Because Nginx uses a short connection to interact with the client in a large number of ways,

(2) Harm: If the server actively shuts down the client's connection, it will result in a large number of sockets in the TIME_WAIT state on the server side, even more than the socket in the established state, seriously affect the processing power of the server, Even run out of available sockets to stop the service. In addition, if the concurrency of the client continues to be high, some clients will not see a connection at this time.

(3) Workaround: Discover that the system has a large number of time_wait state connections, by adjusting the kernel parameters to solve,

vi/etc/sysctl.conf edit the file and add the following content:

net.ipv4.tcp_syncookies = 1 #表示开启SYN Cookies. When a SYN wait queue overflow occurs, cookies are enabled to protect against a small number of SYN attacks, which defaults to 0, which means close

Net.ipv4.tcp_tw_reuse = 1 #表示开启重用. Allows time-wait sockets to be re-used for new TCP connections, which defaults to 0, which means shutdown;

Net.ipv4.tcp_tw_recycle = 1 #表示开启TCP连接中TIME fast recovery of-wait sockets, default is 0, indicates off.

Net.ipv4.tcp_fin_timeout = #修改系統默认的 timeout time,

Then execute/sbin/sysctl-p to let the parameters take effect

12. What is the difference between a short connection and a long connection? What is the scene with short connections? When do I use long connections?

A: (1) Difference: Short connection refers to the communication between the two parties have data interaction, the establishment of a TCP connection, the data is sent to complete, then disconnect the TCP connection; connection → data transfer → close connection; the so-called long connection, refers to a TCP connection can be continuously sent multiple packets, during TCP connection maintenance, If no packet is sent, both parties are required to send a test packet to maintain the connection, and they generally need to do their own online maintenance (no RST pack and four waves).

(2) Advantages: Short Connection: Management is relatively simple, existing connections are useful connections, do not require additional control means, long connections reduce system overhead, avoid frequent three handshake.

(3) Scenario: The bank or e-commerce uses a short connection, the use is complete disconnect. Long connections are used to operate frequently (read and write), point-to-point communication, and the number of connections can not be too many cases, such as: The database connection with a long connection, if the short connection with frequent communication will cause socket errors, and frequent socket creation is also a waste of resources.

Reference Document: Http://www.cnblogs.com/onlysun/p/4520553.html

13, what is the role of HTTP keepalive, what are the pros and cons? What is the difference between it and TCP keepalive?

A: (1) TCP keep Alive is to check whether the current TCP connection is alive; HTTP keep-alive is to make a TCP connection live longer. They are different levels of concept.

(2)

14. What is the persistent connection mechanism of LVS? What is the difference between session binding and session sharing? How do I understand session hold time persistence?

A: (1) When a client initiates a request, regardless of whether or not the TCP connection is disconnected, as long as this client has visited, our LVs will be in the memory buffer, the first time the client initiates the requested connection IP address and gives him the selected real server binding mapping relationship, regardless of the algorithm used. When the client is accessed again, the session table is viewed directly, and if the persistent connection template does not time out, it is given to the same real server processing.

(2) Difference: Session binding is on a machine, is generally a scheduler, mapping client IP and server-side IP relationship, as long as you this client, so long as you do not time out, your client's request is a fixed machine to handle the back end, session binding is a persistent connection. While Sesion sharing is a session information sharing for multiple servers, it also avoids the overhead of session replication. Session binding is generally used in the case of LVS, and session sharing is generally used in the database server, specifically set up a memcached to store the session.

(3) Persistence: This session hold time is the maximum no response timeout time, that is, when the user is operating a dynamic page, if there is no action within 50 seconds, then the next operation will be distributed to another node, but if the user has been operating dynamic page, is not subject to a 50-second time limit. (At first I thought that each server handled the fixed time, it appears to be affected by the client)

Reference Document: Http://wenku.baidu.com/view/f5ec0c65ee06eff9aef80779.html?from=search

15. What is the working principle mechanism of keepalived and how does lvs+keepalived test?

A: Keepalived uses the Class D multicast address 224.0.0.18 for heartbeat detection, Keepalived uses VRRP protocol to communicate, generates two keepalived instances in the VRRP configuration file, virtual two physical servers into a logical server, and uses the same virtual IP (there is no Virtual Mac, because the gateway in the Internet is not the LVS scheduler, in the network and the system normally, the master scheduler sends the client to the virtual IP of the request for packet forwarding, and the backup scheduler does not do anything, when the master scheduler hangs, the backup scheduler can detect and fail the switch , the backup machine begins to be replaced as a master machine, which does not affect client access, thus achieving high availability of the system.

Test: (1) Stop the keepalived of the master machine or directly shut down the main control machine, view the system log/var/log/message on the backup machine, and Tcpdump VRRP, the VIP drift to the backup is detected.

Machine, and become the master role.

(2) When the browser access VIP 80 port, detect whether the page alternately appears, it proves the effect of load balancing. Then stop a real Web server on the backend to detect if the client still has access

A page.

16, memcached Work principle, what are the characteristics, role, application scenarios, port numbers and commonly used commands? (Holding the grass, this is difficult, but the resume has been written, I would like to make a number of words, now trouble AH)

A: (1) in the memory management mechanism, the basic principle of slaballocator is to divide the allocated memory into blocks of a certain length (chunk) According to the predetermined data block size, there is a growth factor, and divide the same size blocks into a group (class), When a user sends a Key-value storage request, Memcached calculates the size of the key+value to see which slab it belongs to. Determine whether there is idle chunk in the slab after the placement of key+value, if not enough to the system to apply for a Memory Pages page page, if the application has reached the upper limit, use the LRU algorithm to remove some of the existing data.

(2) Features: It is a memory cache server, itself can not decide to cache any data, half dependent on the client, half dependent on the service side, lazy mechanism (expired or not cleaned), based on the least recent use of LRU algorithm to remove the data (the idea is not to delete data, but not to show to the client), affecting the business itself, It does not affect the metadata itself. The size of the cache object is different, the memory fragmentation issue is the main problem and cannot be cured. Distributed cache servers (that is, multiple memcached servers) do not communicate with each other.

(3) Function: To cache the data of the query frequently, thus reduce the processing query pressure of the back-end database server.

(4) Scenario: In MySQL a master multiple from the schema, the query cache from the server cluster.

(5) port number: 11211, test by telnet localhost 11211

(6) Six common commands: Get set stats add Delelte append etc.

Memcached takes precedence over the space of a record that has timed out, but even so, there is a lack of space when appending a new record, and a space is allocated using the Least recently Used (LRU) mechanism. As the name implies, this is the mechanism for deleting "least recently used" records. Therefore, when the memory space of the memcached is low (cannot be from slab

When the class gets to the new space), it searches for records that have not been used recently and allocates their space to new records. From a practical point of view of caching, the model is ideal

Reference Document: http://blog.163.com/czg_e/blog/static/4610456120114755125970/

17, memcached How to optimize?

A: The maximum possible resolution of memory fragmentation issues.

1,-n parameter settings, note that this parameter is set to 1024 divisible by the number (also consider the difference of 48B), otherwise the remainder of the part is wasted.

2, do not store more than 1m of data. Because of the need to split into multiple chunk, the computational and time costs are multiplied.

3, use the stats command to view the memcached status.

4, eliminate eviction (deleted data). caused eviction because of insufficient memory, there are three ideas: first, the CPU power to open the compression (PHP extension), the second is to increase the memory, and the third is to adjust the-f parameter, reduce memory waste.

5, adjust the business code, improve the hit ratio.

6, cache small data. Save bandwidth, save network I/O time, save memory.

7, according to the business characteristics, for the data size interval Small business allocation dedicated memcached instances. This makes it possible to tune the-f parameter so that there are a few slab in the dataset and less memory wasted.

Reference Document: https://my.oschina.net/liuxd/blog/63129

18. How does rsync work? What are the characteristics of working style?

A: (1) rsync based on client server mode, rsync server open 873 port channel, waiting for the client to connect, if the password authentication through, then allow synchronization to the remote client, the first synchronization, the files to be synchronized all over the TCP/IP network sent past, In the second synchronization, the difference between the existing file and the file to be synchronized is compared by some algorithm, and then the difference is transferred to the past, thus improving the efficiency of the transmission.

(2) Local mode: Push and pull operation via rsync command. Daemon mode: Combined with the inotify kernel monitoring mechanism, write an rsync script to trigger synchronous operation Crond Mode: timed Periodic remote synchronization.

(3) Features: ① Incremental backup ② keep the properties of the file unchanged ③ support the removal of the destination machine has and the source machine does not have ④ can specify that some files are not synchronized ⑤ to support the compression before transmission, thereby saving bandwidth.

19. The difference between exec, source, and bash. (Really hard to understand)

Answer: (1) Exec: Executes in the original process, but terminates the original process at the same time.

(2) Source: Executes in the original process, but does not produce child processes.

(3) Bash: The parent process creates a child process with the fork method, and the shell script executes in the child process.

20. What is the essence of disk partitioning? What is the primary partition, the extended partition, the logical partition, and what does it have to do with the/root partition, the swap partition? (To tell you the truth, this is really difficult to understand Ah!) Track, sector What's more bad description)

Answer: (1) partition essence: The format of the disk. The benefits or reasons for partitioning: To improve their manageability, different partitions have different roles.

(2) Primary partition: A partition that can write information about the operating system, booting the system, equivalent to Windows C disk. Extended partition: The extended partition is also a primary partition, but cannot be used directly to accommodate logical partitions, there is no logical partition without an extended partition, and the existence of logical partitions must have an extended partition. Use "Our noodles can not eat, but noodles made of dumplings or bread can eat" to the analogy. Logical partitioning: Similar to the d/e/f disk in Windows, several logically separate storage media.

(3) Up to 4 primary partitions, up to one extended partition, yes. That is, 1 main, 1 expansion, multi-logic, or 2 main 1 expansion, multi-logic, or 3 main, 1 expansion, multi-logic, if the 4 master, then there is no logical partition.

(4) The capacity of the hard disk = the capacity of the primary partition + the capacity of the extended partition, the capacity of the extended partition = The sum of the capacity of each logical partition. That is, the hard disk = primary partition + each logical partition.

/root directory ext3 hda1

/ Home User Directory ext3 hda2

/ boot boot partition ext4 Hda3

Swap swap partition swap Hda5 # #逻辑分区的设备名称号码由5开始, for example,/VAR,/USR, etc.

21, the format of the purpose, is the first format or mount first? What is the role of MBR?

A: (1) The purpose of formatting is to write to the file system. Mount (Mount) after formatting (MKFS command), uninstall (Umount) after use is complete.

(2) Track: A lot of concentric circles on the disk, and each track is divided into 512 bytes of arc segment is called sector; cylinder: From the stereoscopic space, the same numbered tracks are called cylinders; clusters: the gaps in the sectors between adjacent tracks,

(3) MBR: Master boot Record, located in No. 0 cylinder, No. 0 track, 1th sector, load bootloader, boot system boot.

22, briefly describe the HTTPS principle, establish the communication process. (It seems to have been sorted before, also can't remember)

A: (1) clients send a client Hello message, carrying the algorithm and random number supported by the client, and the SSL version number.

(2) When the client Hello message is received by the server, it is returned to the server Hello message, which carries the negotiated algorithm, as well as the public key and CA certificate.

(3) The client verifies the legality of the certificate and encrypts the message using the public key of the server, and sends the encrypted message past.

(4) The service side uses its own private key to decrypt, the handshake phase is basically complete.

Reference Document: http://hittyt.iteye.com/blog/1618497

23, say the consistency hash algorithm. (This does not look at the video completely does not understand)

A: (1) first constructs a length of 0~2^32 (2 of the 32 power) of the integer ring (also known as: consistency hash ring), based on the hash value of the node name of the cache server node is placed in this hash ring, such as the node1,node2, etc.;

(2) According to the data needed to cache the key calculation to get its hash value, such as the "key" in the right half, the calculation of its hash value is close to Node2;

(3) in the hash ring clockwise to find the hash value of this key nearest cache server node, complete the key to the server hash mapping lookup, such as the right of the key to the right of the hash value of the nearest clockwise server node is Node2, So this key will read the data into the Node2;

When a cache server cluster needs to be scaled up, only the hash value of the newly added node name (such as NODE5) is placed in the consistency hash ring, since key always finds its closest node clockwise, so the newly joined node affects only part of the entire ring. As shown in, add node5, only affect the right counterclockwise direction of the three key/value to the data, only a small portion of the entire hash ring.

Reference Document: Http://www.wtoutiao.com/p/231Kcfk.html

24.301 and 302 Differences in HTTP

A: (1) 302 redirect is a temporary redirect, the search engine will crawl new content and keep the old URL. Because the server returns 302 code, the search engine thinks the new URL is only temporary. 302 may be a manifestation of URL hijacking.

(2) 301 redirects are permanent redirects, and the search engine replaces the old URLs with the URLs of the redirected ones while crawling new content.

Reference Document: http://blog.csdn.net/xlinsist/article/details/41987973

25, how to implement the encryption algorithm, public key private key what is the difference between the encryption and decryption process? (It's really hard to answer these security questions, but it's important)

A: (1) Public and private key differences: The public key is the public key, everyone knows the key, private key is the private key, only he knows.

(2) The first encryption process: Bob transmits his public key to Alice. Alice encrypts her message with Bob's public key and sends it to Bob. Bob decrypts Alice's message with his private key.

The second encryption process: Alice uses her private key to encrypt the file, thus signing the file. Alice sends the signed file to Bob. Bob verifies the signature by decrypting the file with Alice's public key.

(3) Encryption algorithm implementation: the use of encryption key to the original plaintext for a series of displacement or shift operations, and finally get the process of ciphertext. This way, even if illegal users get encrypted data, they cannot understand its true meaning.

Reference Document: Http://blog.sina.com.cn/s/blog_45497dfa0100y0k5.html

26. What is the difference between HTTP and HTTPS?

A: (1) The URL of the HTTP protocol begins with/HTTP, and the URL of the HTTPS protocol begins with https://.

(2) HTTP is not secure, and HTTPS is secure.

(3) The HTTP standard port is 80, and the standard port for HTTPS is 443.

(4) in the OSI Network model, HTTP works in the application layer, while SSL works in an abstraction layer between the application and transport layers.

(5) HTTP cannot encrypt the transmitted data, while HTTPS encrypts the transmitted data.

(6) HTTP does not require a certificate, and HTTPS requires an SSL certificate issued by the CA authority.

27. How do I see the total number of CPUs in the Linux system? (The number of cores is the amount of chipsets that can process data on a CPU.)

Answer: Total number of cores = number of physical CPUs * Number of cores per CPU

To view the number of physical CPUs: Cat/proc/cpuinfo|grep "Physical ID"

View the number of cores per physical CPU: Cat/proc/cpuinfo|grep "CPU Cores"

Number of logical CPUs = Total cores * Number of hyper-threads: Cat/proc/cpuinfo|grep "Processor"

To view the CPU model: Cat/proc/cpuinfo|grep name

28, if there is now a text, that is, the left is a random letter, the right is a random number. (Hard, awk is the most TM hard to use)

A 1

B 3

C 2

D 7

B 5

A 3

G 2

F 6

D 9

It is now required to write a script so that the output format is, the numbers after the same letter are added together, in alphabetical order output.

A 4

B 8

C 2

D 16

F 6

G 2

Answer: awk ' {a[$1]+=$2}end{for (i in a) {print i,a[i]}} ' file.txt

29, what factors may cause the MySQL master never synchronization, if the master never sync, error, how to recover?

A: (1) version inconsistency, especially the high version is the main, the lower version is from the case, the main database above the supported features, from the database above does not support the feature.

(2) itself is asynchronous replication, network delay caused by

(3) The load of the master and slave two machines is inconsistent, the load of any one of the machines is very high, not busy, resulting in any one of the threads of resources, there will be a case of the Lord never consistent.

(4) Main Library reboot causes out of sync from library data, and primary key conflict

(5) Binlog log format is not good.

FIX: Lock the master table, (the main library can not stop Ah, TMD notice, don't sb), stop Slave, and then change master_to to synchronize, and finally start slave, if the error, the execution

The command set global sql_slave_skip_counter=1 is used to skip errors for synchronization.

Reference Document: http://storysky.blog.51cto.com/628458/259280/

30, production scenarios, a master from the environment, a certain from the library down, and now repaired, how can you restore Master-slave synchronization? If the main library is down and repaired, how can I restore the master-slave synchronization process? (I don't want to say the principle I will not cry, this question must think)

A: From the library down: if only one from the machine down, then the pressure of the query is allocated to other machines, and so the machine repaired, in the other from the library or the main library mysqldump backup, in the SCP remote synchronization data, re-import. sql file, and then stop slave, Change Master To,start Slave, etc.

Main Library down: Re-upgrade slave1 as the Master machine, the other salve copy data from the SLAVE1, if the original main library is repaired, then join him from the library cluster queue.

Reference Document: http://ucode.blog.51cto.com/10837891/1747078/

Linux OPS (eight)