L3 - Virtualization 2/2 Flashcards

1
Q

What are the two building blocks of OS-level virtualization?

A

cgroups and namespaces
–> they allow the guest OS to run on top of the host OS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a namespace?

A

a feature of the Linux kernel that partitions kernel resources such that one set of processes sees one set of resources while another set of processes sees a different set of resources. Resources may exist in multiple spaces.

–> key feature is that they isolate processes from each other

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are some examples of namespaces?

A
  • process IDs
  • hostnames
  • user IDs
  • file names
  • names associated with network access
  • interprocess communication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a user namespace?

A

A user namespace has its own set of user IDs and group IDs for assignment to processes. In particular, this means that a process can have root privileges within its user namespace without having it in other user namespaces.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a process ID (PID) namespace?

A

Assigns a set of PIDs to processes that are independent from the set of PIDs in other namespaces.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a network namespace?

A

A Network Namespace (netns) is a Linux kernel feature that allows for the isolation of network stack and interfaces between multiple processes or containers running on a single host. Each network namespace has its own set of network interfaces, routing tables, firewall rules, and other network-related settings, which means that each process or container inside a namespace will have its own unique view of the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a mount namespace?

A
  • a mount point is a directory or file at which a new file system is made accessible

A mount namespace has an independent list of mount points seen by the processes in the namespace. You can mount and unmount filesystems in a mount namespace without affecting the host filesystem.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a cgroup?

A

It is a control group. It is a Linux kernel feature that limits, accounts for, and isolates a collection of processes’ resource usage (CPU, memory, disk I/O, network, and so on ).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the difference btw. namespace and cgroups?

A

Namespaces provide isolation of system resources, and cgroups allow for fine‑grained control and enforcement of limits for those resources.

cgroups = limits how much you can use
namespaces = limits what you can see

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

3 main tasks of the cgroup on a group of processes?

A
  • limit resources
  • isolate resources
  • audit the utilization of resources
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Why are cgroups relevant for containers?

A

Cgroups are key components of containers because they are often multiple processes running in a container that you need to control together.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Types of cgroups

A

memory cgroups –> limit memory size
cpu cgropus
blkio cgroup
cpuset cgroup
device cgroup
freezer cgroup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the blkio cgropu about?

A

Provide block storage of machine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the cpuset cgroup?

A

Provides a set of cpu

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the device cgroup?

A

About allowing device accessibility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Whatis the freezer cgroup?

A

Stop all processes in one cgroup

17
Q

Features of a memory cgroup

A
  • accounting (how many memory pages are utilized by a specific group of running processes?)
  • limiting
18
Q

What is the difference between a soft and a hard limit?

A

Soft limit - memory is allotted if available
Hard limit - memory is not allotted to the group of tasks

19
Q

What happens when the hard limit is exceeded?

A
  • the kernel triggers OOM killer (Out-of-memory) process to kill any running processes
  • since the process might be important –> advisable to run only one application on a container
20
Q

What is the customized solution for overriding hard limits?

A
  1. All processes are stopped processing (freeze option)
  2. Notify user space
  3. user could kill specific processes
  4. Or user could increase the hard limit specific in the groups
  5. When done, unfreeze the groups
21
Q

What are containers?

A
  • use the kernel features (cgroups and namespaces)
  • container technology provides an environment where the hardware is shared among multiple users
  • lightweight VM (less space)
  • container solutions allow multiple isolated Linux systems of the same kind on a single host.
22
Q

What is a docker?

A
  • utilizes the container technology (cgroups and namespaces)
  • ports containers
  • replicates containers across environments
  • removes unnecessary configuration hurdles of applications
23
Q

What is the union filesystem?

A

Unionfs is a filesystem service which implements a union mount for other file systems. It allows files and directories of separate file systems to be transparently overlaid, forming a coherent file system.

24
Q

Do you still have the guest OS with docker?

A

No, you only have

Apps
Bins/Libs
Docker Engine
Host OS
Server

25
Q

What does the docker daemon do?

A

Building, running, distributing docker containers

26
Q

Docker container states

A
  • created
  • restarting
  • running
  • paused
  • exited
  • dead
27
Q

What is docker desktop?

A
  • bundled package which contains all components of dockers
28
Q

What is docker compose?

A
  • tool for defining instances specific to certain applications
  • able to build and run the multi-container docker applications
  • it is represented as YAML files
29
Q

Docker swarm

A
  • tool to manage docker containers hosted on clusters
  • features such as scaling, multi-host orchestration, load balancing