Linux Operations (ix)

today's situation makes people sigh, things are not as I thought, school recruit failed, garbage Ann Chang, not keep the credit of CICC, did not receive any news. has transferred to the intern, the day after tomorrow has the opportunity to enter the financial company, but is the intern positive this road, the intern post I can not take, I may go to die! Think of my akzent pity Ah, more than 1 years, Ah, have not played well, this is ready to busy, has been learning, did not expect or so passive. Why things are not as I hoped, and do not know whether there is a good job from the students to the work of the preparation, garbage school This is a lot of crap. To kneel and beg for a victory ...

1, the difference between static resources and dynamic resources, what are the advantages and disadvantages?

A static resource: url fixed, suffix name such as. html and. jpg and. gif, which is a file that exists on the server, browser parsing, not interacting with the database, facilitates website promotion (SEO), Maintenance trouble.

Dynamic Resources: Database support, rich content, suffix names such as. jsp and PHP, Server interpretation execution, good interaction performance, consume CPU resources on the server,

Recommended optimizations convert dynamic pages to static pages.

2, what is pseudo-static, how to achieve, what are the characteristics. What is the MIME type?

A: Dynamic URL masquerading as static url,rewrite rules implementation, convenient search engine collection, enhance user experience, website performance does not rise. The URL of a pseudo-static web page usually does not display a suffix name,

MIME is the data type of the service-side response,

3. What is the difference between Nginx and Apache?

A: (1) Nginx processing static page Ability strong, Apache processing dynamic page ability.

(2) Nginx anti-concurrency performance is good, memory consumption is small.

(3) Nginx can do reverse proxy and load balancing, and also has the function of caching.

(4) Nginx is a lightweight web server compared to an Apache-modular behemoth.

(5) Nginx combined with PHP, is a separate, and the Apache and PHP process integration can be modular embedded, or can be fastcgi type.

(6) Apache prefork or worker model when processing requests, and Nginx is the event model.

(7) Apache's event IO processing model is the Select model, and the Nginx event IO processing model is the Epoll model.

4. In Nginx, please explain the difference between break and last in the rewrite module.

A: (1) Break: Terminates this round of the rewrite loop and does not make a new URI match.

(2) Last: terminates this round rewrite loop, and looks for the next new URI match.

# #rewrite规则里总共有last, break, redirect, permanent four kinds of markers.

5, Apache Select model and Nginx Epoll model?

Answer: It's too hard. That's what developers dig into. Know Epoll multiplexing compared to universities, there is no limit to the maximum file descriptor.

Reference Document: http://blog.163.com/niuxiangshan%40126/blog/static/17059659520141711458276/

6, the file contents are as follows, there are some random numbers, how to achieve the maximum and minimum value. (after encountering the size of the value, all put it in a file, with the TR command into the column, and then sort, the routines are the same, remember!) ）

[email protected] scripts]# cat 3.txt

10 60

20 70

30 40

50 8 4

Answer: [[email protected] scripts]# cat 3.txt |tr "" \ n "|sort-n|sed-n ' 1p; $p ' # #这里的tr命令必须把空格的引号分开来, otherwise it cannot be converted to a column

# #这里有点小bug, if 8 moves back a little, and 40 is not aligned, there will be problems, but these things just for the written interview, do not use in the work, such as asking for three number of maximum value, minimum value problem.

#!/bin/bash

echo "$ >file.txt"

Cat file.txt|tr "" \ n "|sort-n |sed-n ' 1p; $p '

7, introduce the advantages and disadvantages of the LVS load mode and the corresponding scheduling algorithm, compared to the nginx load balancing there are several algorithms?

A: (1) The advantage of NAT mode is that any operating system that supports TCP/IP can be run, both Windows and Linux can, and server groups can use private IP addresses. The disadvantage is that the scheduler itself can become a bottleneck.

(2) Dr Mode is a bit of back-end real server directly return the data to the client itself, so that the scheduler can handle a large number of requests, the disadvantage of the backend server running the Linux operating system.

(3) The advantage of tunnel mode is that it is generally used for remote server, and the scheduler and backend real server are required to support the corresponding tunneling protocol.

Algorithms: Polling, weighted polling, least connections (minimum number of connections already established), weighted least connections (weighting is based on the server's processing power to weigh), local-based least connection (locality is the cache cluster system), The least-localized connection with replication (replication is to remove the busiest server from the server group), the destination address hash (hash key based on the requested IP address), and the source address hash (hash key based on the requested source IP address).

Nginx:ip_hash, Url_hash, weights, polling.

8, the cluster server has a failure, resulting in good time and bad, how do you deal with it? (Nowadays, I have not experienced production environment, really do not know how to do)

A: (1) The front-end scheduler uses keepalived, if the back-end server has a failure will be automatically removed from the server group, if restored to normal, then joined the cluster queue.

(2) Then analyze the symptom, check the log, in the end is the hardware problem, or software bugs, in short, reliability is a very serious problem.

9. mysql database security?

A: Operating system, hardware firewall, iptables, Tcp_wrappers kill external untrusted network.

At the database level, the user can use which database to restrict, the SQL statement operation reasonable authorization, prevent the intranet developer to sabotage.

Encrypt data files that are backed up on disk, prevent data leaks and tampering, and decrypt them when they need to be restored.

Disable the ~/mysql.histroy file because this file records the statement of the administrator operating the SQL command, and if it gets hacked, it is easy to know the database table structure.

Chroot the log file, change the root directory, and ensure security.

10, IDC Room deployment considerations. (This question is asked to the written test once, interview once)

A: Disaster-tolerant, fire-fighting facilities, cooling facilities, room location and so on.

11, hardware failure, user error operation, system crashes and other causes of data loss, how do you deal with it? (This TM certainly likes to test)

A: (1) first copy and protect the existing intact data to prevent two times damage

(1) There should be backup resources in advance to restore from here. Remember what you've done lately and make it easier to go wrong.

(3) Timely notice to the superiors there has been an unexpected situation, so as not to delay their own time (hehe, some people like to hear this)

12, Nagios alarm message can not receive what to do?

A: (1) PS command, view Nagios daemon up No.

(2) Check the log/var/log/maillog, is not the mail server to send us the alarm e-mail as spam to refuse, QQ mailbox anti-spam is the most powerful.

(3) using the system's own SendMail service, the user's permission to start the process is limited.

(4) Check our configuration file is not a problem, maybe the syntax is correct, but missing something, such as Commands.cfg,host.cfg,contact.cfg

13. How do you do nagios alert strategy? (To tell you the truth, I haven't done it for the moment)

A: (1) can download fetion software for SMS alarm, you can also use the system's own SendMail service for email alerts.

(2) Define the CONTACT.CFG in the Nagios configuration file, add the received email address, and alert under what monitoring metrics. In fact, the entire Nagios surveillance

and the alarm flow, are all configuration file calls to each other.

(3) Ensure that the 25 port can be up.

Reference Document: Http://blog.chinaunix.net/uid-418401-id-2405565.html

14, memcached distributed principle? Consistent hash principle?

A: (1) Distributed principle: Suppose there are 5 memcached servers: NODE1,NODE2...NODE5. Now you want to save the data with the key key1,key2...key10. First add the Key1 to the memcached. After the key1 is passed to the client, the client-implemented algorithm determines the memcached server that holds the data according to the key "Key1". When the server is selected, the selected server will be used to save "Key1" and the corresponding values. When the data is obtained, the server is saved by selecting the corresponding data based on the key of the data to be obtained according to the same algorithm that the client implements, then the data is fetched. This enables the memcached to be distributed. memcached servers increase, the key will be more dispersed. A server hangs up in time and does not affect other caches.

(2) Consistent hashing This method first memcached the hash value of the server, then assigns it to the 0~2^32 circle, and then uses the same approach to find the healthy hash value of the data and map it to the circle. The data is then searched clockwise from the point of the data map and saved to the first server found.

Reference Document: http://lzs66.blog.51cto.com/9607068/1859818

15. What are the advantages of distributed clustering?

A: (1) when the processing performance of a server reaches its limit, we use distributed cluster to improve the processing performance of the website, and use a certain scheduling algorithm to load balance.

(2) Distributed cluster has the function of redundancy, when the data of one server is lost, we can also recover from other machines.

16, the postfix work process.

A: Users in a website to apply for an account, when the user needs to send a letter to the user through the MUA sent to the site smtpd, and into the mail queue, SMTPD found that the message is sent to the local host, through the MDA, the mail delivered to the user's mailbox, If it is found to be sent to another host or domain, relay out. When the user needs to receive the mail, the MRA will ask the user to verify, if passed the verification, the MRA will go to the user's mailbox to take back the mail and then pass to the user's MUA.   The whole process is like this. because SMTPD is a warm-hearted comrade, usually to its mail if it is the host user it will be sent to the user's mailbox, not its users, it is enthusiastic to help forward, early spam rampage is also part of this reason, So now basically all of the mail server shut down the Open relay (Openrelay), only to the local or local users to forward the mail, but the problem has arisen, previously can be determined by the source IP is not native or local users, Now are based on the virtual user (each user registered is the system user ah more insecure AH), can not be based on IP judgment, so introduced another authentication mechanism SASL (Simple authentication Secure Layer), when the user needs to send mail, SMTPD will call SASL to verify, if the verification passed to you to relay, if not so sorry, to find someone else.

Reference Document: Http://www.tuicool.com/articles/biErAn

17, why do you say nginx support high concurrency? (This problem is difficult)

A: In my personal words, asynchronous, non-blocking, epoll models

(1) Thread-based, that is, one process generates multiple threads, and each thread responds to each request of the user.

(2) An event-based model in which a process processes multiple requests and notifies the user that a request is completed through the epoll mechanism.

(3) disk-based AIO (asynchronous I/O)

(4) Support mmap memory mapping, mmap the traditional Web server, when the page input, the disk page is entered into the kernel cache, and then copied from the kernel cache to the Web server, mmap mechanism is to let the kernel cache and disk mapping, Web server, Copy the contents of the page directly. It is not necessary to first enter the page on the disk into the kernel cache.

Reference Document: http://5404542.blog.51cto.com/5394542/1740453

18, in the case of Umount, how to reset the parameters of mount. How do I find out which process is open for a file?

Answer: Mount-o REMOUNT,RW/

Lsof/usr/bin/mysqld_safe

19, specifically said Cacti/nagios installation process? Cacti how to monitor MySQL?

A: (1) Cacti installation steps: First install the lamp environment (it is recommended to use compile installation) and SNMP Service, RRDtool tool installation, and then build cacti library and login MySQL account, and empower; Download and unzip cacti to the Web next Htdocs or HTML directory of the server, make sure you are typing http://IP:port/cacti

can be accessed to install cacti on the Web, modify the SNMP community word on the Web page, make sure it matches the snmpd.conf group, and then manually execute PHP poller.php See if you can generate the. rrd file in the RRA directory, by default, only monitor native resources, write php.poller.php commands to Crontab, execute every 5 minutes, if you need to monitor the remote host, install SNMP service on the other host, and ensure that SNMP's community word and monitor Master The SNMP community words on the machine are consistent; Finally, add additional monitoring hosts, add templates, install plugins, and more.

(2) Nagios installation steps: First install the same lamp environment (recommended to use compile installation), and then download and install Nagios and Nagios-plugin, integrate Apache and Naigos, and create a Web login account verification, to ensure that the typing http://IP:port/nagios/

Normal access and login, remote host installation Nrpe or nclient++; Finally add the configuration remote host information, alarm function implementation, add the required monitoring indicators and so on.

(3) Cacti monitoring mysql: First to the cacti forum download cacti monitor MySQL template, then import into cacti, then add the host, select the application template, and finally wait 5 minutes to see if monitoring is normal.

20. What is the difference between sed and awk commands?

A: (1) awk is suitable for column (domain) operations, and SED is suitable for line-by-row operation.

(2) awk is called Report Builder, and SED is called the Flow editor.

(3) awk is more powerful, supports arrays, loops, etc., even as a programming language, with internal syntax similar to the C language.

(4) SED is a stream editor, and its power is that it can be scripted to manipulate text in a row, and the syntax is more simple than awk, its function is to delete and change the search, but it is not a programming language, no loops, arrays and other logic, so, sed is usually used with awk, they just complementary , together with two of the tools that make up the text processing.

21, the establishment of a public directory/opt/public, requires that each user can create files and directories, but only their own and root can be deleted

Answer: Mkdir/opt/public, chmod 1777/opt/public

rwsrw-r– indicates that there is a setuid flag chmod 4777 is set SID

rwxrwsrw-indicates a setgid flag chmod 2777 is set gid

RWXRW-RWT indicates a sticky flag chmod 1777 is set sticky

22. What is the difference between a DNS recursive query and an iterative query?

A: Recursive query is a hierarchical query, local DNS request root domain name server, root name server request top-level domain name server, top-level nameservers request level two domain name server,

After the results are returned, the level two domain name server returns to the top-level domain name server, the top-level nameservers are returned to the root nameservers, and finally to the local DNS.

(2) iterative query, root name server to the top-level DNS IP gave me, I went to find top-level DNS, and then top-level DNS gave me a level two DNS IP, I went to two-level DNS, the last two-level DNS to the results of the resolution gave me.

23, the Linux file deletion principle. (The feeling is to delete the pointer from the file name to the Inode, not to clear the data block)

A: Linux is deleted through the link number control file, in general, each file has two counters, I_link and I_count,i_link is the number of hard links files. I_count is the number of files that are called by the process, as long as both I_link and I_count are 0 o'clock and the files are deleted.

RM Deletes the number of I_link for the file.

24. When using LS to view a directory or a file, what does the value of the second column mean? If the value of this column in a directory is 3, how is this 3 obtained?

Answer: Hard links. This directory itself, the parent directory of this directory, subdirectories under this directory, their I node numbers are the same.

25. SSH principle

A: Users need to create a pair of keys for themselves. The user wants to use the public key side in other secure ways on the server that needs to be managed remotely. When the administrator connects to the SSH server, the client makes a request to the server for security authentication with the client's key. When the server receives the client's request, it uses the public key that you sent him to compare and distinguish. If the two keys are identical, the server encrypts the challenge with the public key and sends it to the client software. After the client software receives a challenge from the server, it can use the private key to decrypt and send the results to the server.

Reference Document: http://forlinux.blog.51cto.com/8001278/1352900

26. What is the difference between the MV and CP commands under Linux? (This can be tested by yourself)

A: (1) CP is equivalent to a copy, MV equivalent to cut, MV can be renamed.

(2) CP copy will not carry the file attributes, such as INODE,MV when the mobile will carry the Inode attribute, resulting in the moving directory inode changes.

Reference Document: Https://zhidao.baidu.com/question/1367462050558064859.html

27, memcached access principle?

A: The front-end Dynamic Web application, it can be understood that the client issued a key request, and then the key is hashed into a hash value, and then on a 0-2^32 Hashi, to find out clockwise, what? Looking for the nearest memcached server node hash value, the selected server through the key in a huge memory hash table to find, if there is a corresponding key value pair, then the original path to the client, if not, take a copy back to the backend data block server, and the query cache, Thus reduce the database load, improve the overall performance of the website.

Storage: Front-end Dynamic Web application, it can be understood that the client issued a key-value pair request, similarly, according to the consistent hash algorithm, determine which server to store, when the selected memcached received the key value pair, first calculate the size of the key value pair, to see if their data block can accommodate the key value pair, If not enough to apply to the system, if the application reached the line, is to use the LRU algorithm to remove the least recently used data block, make room to put the latest things.

Reference Document: Http://www.cnblogs.com/yinrq/p/5013742.html

28, how to do not restart the Nginx service, the Nginx software updates. (The most difficult problem to solve in the production environment is to complete the server without interfering with the business.)

A: Nginx is a convenient way to help us achieve a smooth upgrade. The principle of simple generalization is:

(1) Start a new process without losing the old process.

(2) The old process is still responsible for processing requests that have not been processed, but no longer accepting new requests.

(3) The new process accepts new requests.

(4) The process is revoked after all requests have been processed by the old process and all connections have been closed.

Reference Document: http://blog.csdn.net/poechant/article/details/7208167

29. What do you think of database backup?

A: First, consider what database objects you want to back up, whether it is a table or a database or a log, what the backup environment is, whether the primary server is on a standby server, online or offline, and then the way the backup is, logical or physical. Is it a local hard disk backup or an offsite disaster recovery backup? After the backup test, can restore success? Wait a minute

Then the most important is the choice of backup mode:

(1) mysqldump command for backup, MySQL command to restore.

(2) on the slave machine, the IO thread is stopped, then the table is locked and the data file is cold backed up

(3) Mysqlhotcopy for hot backup

(4) Directly to the data files and log files rsync transfer to another physical machine.

(5) Third-party tools, such as Xtrabackup.

30. What do you know about Linux operations, what are the characteristics of the work, and why do you want to do this? Talk about your strengths, I only care about technology. (Quality problem is a place to add goodwill)

A: (1) from the work to say: to ensure the safety of the physical basis of the computer room, such as routers, switches, PCs and servers to operate properly, the data migration and backup, the host and service level monitoring, writing reports to the superior, the operating system installation configuration, the Troubleshooting service software.

(2) The value of an operation and maintenance personnel is when the service problems, can quickly locate the problem in which link, perhaps this problem has never been contacted before,

But he knows which way to think in the right direction, thus reducing the company's losses in the shortest possible time. (That's very important, that's what he wants to hear)

(3) Technical advantages: In fact, I do not confidently say which part of my study is the best, I pursue the breadth, not the depth, if I really let me say which part of the basis of relatively solid, I think it is DNS and iptables. (If the interviewer is thinking, he still has to ask, is there?) Alas, the Shadow of life! ）

Linux Operations (ix)