Essential Linux Ops Interview Guide: From RAID to Load Balancing

After a year of personal pressures, a senior Linux operations engineer summarizes essential interview topics to help candidates secure high‑salary positions.

1. What is operations? What is game operations?

Operations (ops) refers to the maintenance of an organization’s established network hardware and software to ensure services run smoothly. It encompasses network, system, database, development, security, and monitoring. Types include DBA ops, website ops, virtualization ops, monitoring ops, and game ops, which further splits into development ops, application ops, and system ops.

2. Role of operations personnel when working with product operators

Game operators coordinate work, communicate with platforms, schedule server launches, manage user acquisition, and plan activities.

3. Managing 300 servers

Set up a jump host with unified accounts for security.

Use Salt, Ansible, or Puppet for centralized configuration management.

Maintain a simple CMDB containing system, configuration, and application information for each server.

4. RAID0, RAID1, RAID5 principles and characteristics

RAID aggregates multiple disks into a single logical volume. RAID0 offers the highest read/write speed but no redundancy; a single disk failure destroys all data. RAID1 mirrors data across two disks, providing 100% redundancy with read performance improvement. RAID5 uses block-level striping with distributed parity across at least three disks, offering a balance of redundancy and performance; it tolerates one disk failure.

5. Differences among LVS, Nginx, HAProxy

LVS operates at layer 4 (TCP/UDP) and performs simple port forwarding. HAProxy works at layers 4 and 7, offering professional proxy features. Nginx is a web server, cache server, and reverse proxy capable of layer 7 forwarding. For high concurrency, choose LVS; for small‑to‑medium traffic, HAProxy or Nginx is sufficient, with HAProxy preferred for its simplicity.

6. Differences among Squid, Varnish, Nginx

All are proxy servers. Squid and Varnish specialize in caching static content; Varnish provides superior in‑memory caching performance and flexible invalidation via regular expressions. Nginx can act as a reverse proxy with caching via third‑party modules but is less efficient for pure caching.

7. Tomcat vs. Resin

Tomcat has a larger user base and extensive documentation, serving as the standard Java servlet container with good stability and compatibility. Resin is lighter and may offer better performance in large‑scale deployments.

8. What is middleware? What is JDK?

Middleware is independent software that enables distributed applications to share resources and communicate across different platforms. JDK (Java Development Kit) provides tools for building Java applications, applets, and components.

9. Meaning of Tomcat ports 8005, 8009, 8080

8005 – shutdown port; 8009 – AJP connector for Apache; 8080 – default HTTP service port.

10. What is CDN?

Content Delivery Network distributes website content to edge locations nearest to users, reducing latency and improving access speed.

11. What is gray (canary) release?

Gray release gradually rolls out a new version to a subset of users (A/B testing) before full deployment, allowing early detection and adjustment of issues.

12. DNS resolution process

The client checks the local hosts file, then the configured DNS server, followed by root servers, top‑level domain servers, second‑level servers, and finally the authoritative server that returns the IP address.

13. What is RabbitMQ?

RabbitMQ is a message‑queue middleware that stores messages during transmission, ensuring reliable delivery and routing.

14. Keepalived work principle

In a VRRP group, the MASTER continuously sends advertisements. BACKUP nodes listen; if they lose the advertisement, the highest‑priority BACKUP takes over as MASTER, providing fast failover (<1 s). VRRP packets are encrypted for security.

15. LVS three modes

VS/NAT (NAT mode) rewrites destination IP to a real server’s IP; VS/TUN (IP tunnel) encapsulates packets with a new IP header for the real server; VS/DR (direct routing) lets the real server reply directly using the virtual IP.

16. MySQL InnoDB lock diagnosis and replication delay reduction

Use SHOW ENGINE INNODB STATUS and the information_schema tables innodb_trx, innodb_locks, and innodb_lock_waits to locate lock issues. Reduce replication lag by improving slave hardware, enabling multi‑threaded replication, optimizing slow queries, reducing network latency, and tuning parameters such as slave‑net‑timeout and master‑connect‑retry.

17. Resetting MySQL root password

If the current password is known, use mysqladmin -u root -p password 'newpwd' or update mysql.user with

UPDATE mysql.user SET password=PASSWORD('newpwd') WHERE user='root'; FLUSH PRIVILEGES;

. If the password is forgotten, stop MySQL, start it with --skip-grant-tables, then set the password via UPDATE and FLUSH PRIVILEGES.

18. Pros and cons of LVS, Nginx, HAProxy

Nginx excels at layer 7 routing, has rich regex rules, low configuration overhead, and good stability. LVS offers high performance at layer 4 with low CPU/memory usage but lacks regex support. HAProxy provides TCP load balancing, session persistence, and many algorithms (round‑robin, least‑conn, source, URI, etc.).

19. MySQL backup tools

mysqldump

– logical backup, suitable for small datasets.

LVM snapshots or tar – physical cold backups.

Percona xtrabackup – hot physical backup with fast incremental capability.

20. Keepalived health‑check configuration

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.100
    }
    track_script {
        chk_http
    }
}

vrrp_script chk_http {
    script "curl -s -o /dev/null http://127.0.0.1/health"
    interval 2
    weight -2
}

21. Find top 10 IPs by request count in Nginx access log

cat access.log | awk '{print $1}' | uniq -c | sort -rn | head -10

22. Capture traffic to 192.168.1.1 on port 80 with tcpdump

tcpdump 'host 192.168.1.1 and port 80' > tcpdump.log

23. Forward local port 80 to 8080 on 192.168.2.1

iptables -A PREROUTING -d 192.168.2.1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.2.1:8080

24. RAID0/1/5 recap (see section 4)

25. Understanding of a DevOps engineer

Ops engineers must ensure high‑availability, performance, and security of services; a single mistake can cause major losses, so rigor and innovation are essential.

26. Show real‑time TCP 80 traffic

tcpdump -nn tcp port 80

27. Server cannot boot – step‑by‑step troubleshooting

Common causes include power, BIOS, hardware, or kernel issues. The following flowchart illustrates the process:

Further detailed steps are shown in the second diagram:

28. Dealing with Linux malware

Reinstall the system (most reliable).

Identify and delete malicious files using top, ps aux, and rm -f.

Check scheduled tasks, startup scripts, and suspicious directories.

29. Persistent virus file that recreates itself

Identify the parent process with ps axu, lsof, or netstat, terminate it, and remove the malicious executable (e.g., /usr/bin/.sshd).

30. TCP/IP seven‑layer model

Application – user‑level protocols (HTTP, FTP, etc.).

Presentation – data representation, encryption, compression.

Session – session management.

Transport – TCP/UDP, flow control, error checking.

Network – IP routing, logical addressing.

Data Link – MAC addressing, framing, error detection.

Physical – transmission media and signaling.

31. Common Nginx modules

rewrite – URL rewriting.

access – access control.

ssl – TLS encryption.

gzip – response compression.

proxy – reverse proxy.

upstream – backend server definition.

cache_purge – cache invalidation.

32. Typical web‑server load architectures

Nginx, HAProxy, Keepalived, LVS.

33. View HTTP concurrent requests and TCP states

netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'

34. Find top IPs accessing port 80 with tcpdump

tcpdump -i eth0 -tnn dst port 80 -c 1000 | awk -F'.' '{print $1"."$2"."$3"."$4}' | sort | uniq -c | sort -nr | head -20

35. Bash script to ping all hosts in 192.168.1.0/24

#!/bin/bash
for ip in `seq 1 255`; do
    ping -c 1 192.168.1.$ip > /dev/null 2>&1 && echo "192.168.1.$ip UP" || echo "192.168.1.$ip DOWN"
done

36. Keep only the latest 7 days of Apache logs

# Find and delete log files older than 7 days
find /app/logs/ -type f -mtime +7 -name "*.log" -exec rm -f {} \;

37. General Linux optimization tips

Use non‑root users with sudo.

Change SSH port and disable root remote login.

Synchronize system time automatically.

Use domestic yum mirrors.

Disable SELinux and iptables when appropriate.

Increase file descriptor limits.

Trim unnecessary startup services.

Tune kernel parameters via /etc/sysctl.conf.

Set appropriate character sets.

Lock critical system files.

Remove banner information from /etc/issue.

38. Extract eth0 IP address using cut/awk/sed

# cut method
ifconfig eth0 | sed -n '2p' | cut -d ':' -f2 | cut -d ' ' -f1
# awk method
ifconfig eth0 | awk 'NR==2' | awk -F ':' '{print $2}' | awk '{print $1}'
# sed method
ifconfig eth0 | sed -n '/inet addr/p' | sed -r 's#^.*addr:(.*) .*#\1#'

39. SecureCRT shortcut keys

Ctrl + a – move cursor to line start.

Ctrl + e – move cursor to line end.

Ctrl + c – terminate current program.

Ctrl + d – delete character or exit if line is empty.

Ctrl + l – clear screen.

Ctrl + u – cut text before cursor.

Ctrl + k – cut text after cursor.

Ctrl + y – paste previously cut text.

Ctrl + r – search command history.

Tab – autocomplete command or path.

Ctrl + Shift + c – copy.

Ctrl + Shift + v – paste.

40. Nightly backup of /var/www/html to /data

# /root/backup_html.sh
#!/bin/bash
cd /var/www && tar zcf /data/html-$(date +%m-%d%H).tar.gz html/
# Add to crontab
0 0 * * * /bin/bash /root/backup_html.sh