Orchestration (25%)

Question 1

Which command do you use to create a new swarm?

Answer 1

docker swarm init –advertise-addr

Question 2

What is this flag –advertise-addr for?

Answer 2

This flag configures the IP address for the manager node and The other nodes in the swarm must be able to access the manager at the IP address.

Question 3

How do you know the current status of the swarm?

Answer 3

docker info // you can find the info under the swarm section

Question 4

Which command do you use to find the information about the nodes in the swarm?

Answer 4

docker node ls

Question 5

How to add another manager to the swarm?

Answer 5

// it generate the instructions for the manager to be addeddocker swarm join-token manager

Question 6

How to add another worker node to the swarm?

Answer 6

// it generate the instructions for the worker to be addeddocker swarm join-token worker

Question 7

How to run the container?

Answer 7

docker run

Question 8

What is the autolock feature in the Docker swarm?

Answer 8

When Docker restarts, both the TLS key used to encrypt communication among swarm nodes, and the key used to encrypt and decrypt Raft logs on disk, are loaded into each manager node’s memory.Docker 1.13 introduces the ability to protect the mutual TLS encryption key and the key used to encrypt and decrypt Raft logs at rest, by allowing you to take ownership of these keys and to require manual unlocking of your managers. This feature is called autolock.

Question 9

How to lock the swarm?

Answer 9

// This command produces unlock key. You need to place that in safe placedocker swarm init –autolock

Question 10

How to unlock the swarm?

Answer 10

docker swarm unlock

Question 11

Are we able to enable autolock feature only when we create a swarm for the first time?

Answer 11

No. You can lock the existing swarm as well

Question 12

How to enable or disable autolock on the existing swarm?

Answer 12

//enable autolockdocker swarm update –autolock=true//disable autolockdocker swarm update –autolock=false

Question 13

How to view the current unlock key for the running swarm?

Answer 13

docker swarm unlock-key

Question 14

How to rotate the unlock key?

Answer 14

docker swarm unlock-key –rotate

Question 15

If the key was rotated after one of the manager nodes became unavailable and if you don’t have access to the previous key you may need to force the manager to leave the swarm and join it back as a new manager. Is this statement correct?

Answer 15

yes

Question 16

How to deploy a service in the docker swarm?

Answer 16

// for the nginx imagedocker create service –replicas 3 –name nginx-web nginx

Question 17

How to list the services in the Docker swarm?

Answer 17

docker service ls

Question 18

How to list the tasks of the service in the Docker swarm?

Answer 18

docker service ps

Question 19

How to inspect the service on the swarm?

Answer 19

docker service inspect

Question 20

How to inspect the service on the swarm so that it will print limited information in an easily readable format?

Answer 20

docker service inspect –pretty

Question 21

How to find out which nodes are running the service?

Answer 21

docker service ps SERVICE_ID

Question 22

How to find out more details of the container running these tasks of the service?

Answer 22

// you need to run this command on the particular nodedocker ps

Question 23

If you are running co-related services in the docker swarm, what do you call this?

Answer 23

stack

Question 24

What is Docker stack?

Answer 24

A stack is a group of interrelated services that share dependencies, and can be orchestrated and scaled together.

Question 25

Explain the several commands associated with Docker stack?

Answer 25

// deploy the new stack or updatedocker stack deploy -c // list services in the stackdocker stack services// list the tasks in the stackdocker stack ps// remove the stackdocker stack rm//List stackdocker stack ls

Question 26

How to filter the services in the stack?

Answer 26

// with the help of –filter flagdocker stack service nginx-web –filter name=web

Question 27

How to format the output of the docker stack services command?

Answer 27

docker stack services –format “{{.ID}}: {{.Mode}} {{.Replicas}}”

Question 28

How to increase the number of replicas?

Answer 28

docker service scale SERVICE=REPLICAS// exampledocker service scale frontend=50// you can scale multiple services as welldocker service scale frontend=50 backend=30// you can also scale with the update commanddocker service update –replicas=50 frontend

Question 29

How to revert the changes for the service configuration?

Answer 29

docker service rollback my-service

Question 30

What are the networks available for the docker services?

Answer 30

overlay networks: manage communications among the Docker daemons participating in the swarm.You can attach a service to one or more existing overlay networks as well, to enable service-to-service communication.ingress network: is a special overlay network that facilitates load balancing among a service’s nodes. When any swarm node receives a request on a published port, it hands that request off to a module called IPVS. IPVS keeps track of all the IP addresses participating in that service, selects one of them, and routes the request to it, over the ingress network.docker_gwbridge: is a bridge network that connects the overlay networks (including the ingress network) to an individual Docker daemon’s physical network.

Question 31

Is the ingress network created automatically when you initialize or join a swarm?

Answer 31

yes

Question 32

Is docker_gwbridge network created automatically when you initialize or join a swarm?

Answer 32

yes

Question 33

How to create an overlay network?

Answer 33

docker network create --driver overlay my-network
// you can customize it 
docker network create \  
--driver overlay \  
--subnet 10.0.9.0/24 \  
--gateway 10.0.9.99 \  
my-network

Question 34

How to inspect the network?

Answer 34

docker network inspect my-network

Question 35

How to attach a service to an overlay network?

Answer 35

docker service create \ –replicas 3 \ –name my-web \ –network my-network \ nginx

Question 36

Can service containers connected to the overlay network communicate with each other?

Answer 36

yes

Question 37

How to find which networks the service is connected to?

Answer 37

docker network inspect my-network
or
docker service ls // for the name
docker service ps // to list the networks

Question 38

Customize the ingress network involves removing and creating a new one and you need to do that before you create any services in the swarm. Is this statement correct?

Answer 38

yes

Question 39

How to remove and create an ingress network?

Answer 39

docker network rm ingressdocker network create \ –driver overlay \ –ingress \ –subnet=10.11.0.0/16 \ –gateway=10.11.0.2 \ –opt com.docker.network.mtu=1200 \ my-ingress

Question 40

What is the difference between -v and –mount flags in terms of creating volumes?

Answer 40

Originally, the -v or –volume flag was used for standalone containers and the –mount flag was used for swarm services. However, starting with Docker 17.06, you can also use –mount with standalone containers. In general, –mount is more explicit and verbose.

Question 41

How to create a service with volume?

Answer 41

docker service create -d \ –replicas=4 \ –name devtest-service \ –mount source=myvol2,target=/app \ nginx:latest

Question 42

Does docker service create command supports -v or — volume flag?

Answer 42

No

Question 43

What are the volume drivers?

Answer 43

When building fault-tolerant applications, you might need to configure multiple replicas of the same service to have access to the same files.Volume drivers allow you to abstract the underlying storage system from the application logic. For example, if your services use a volume with an NFS driver, you can update the services to use a different driver, as an example to store data in the cloud, without changing the application logic.

Question 44

How to create a volume with the volume driver?

Answer 44

docker volume create –driver vieux/sshfs \ -o sshcmd=test@node2:/home/test \ -o password=testpassword \ sshvolume

Question 45

How to create a service with volume driver?

Answer 45

docker service create -d \ –name nfs-service \ –mount ‘type=volume,source=nfsvolume,target=/app,volume-driver=local,volume-opt=type=nfs,volume-opt=device=:/var/docker-nfs,volume-opt=o=addr=10.0.0.10’ \ nginx:latest

Question 46

I created a deployment that runs exactly one task on every node. which type of service deployment is this?

Answer 46

global

Question 47

I created a deployment that runs several identical tasks on nodes. which type of service deployment is this?

Answer 47

replicated

Question 48

If you want to troubleshoot the UCP clusters what is the best method?

Answer 48

it’s always best practice to use client bundle to troubleshoot UCP clusters

Question 49

What is the general flow when troubleshooting services or clusters?

Answer 49

docker service lsdocker service ps docker service inspect docker inspect docker inspect docker logs

Question 50

How to update metadata about a node?

Answer 50

you can use labels to add metadata about the node

Question 51

How to add a label to the node?

Answer 51

docker node update –label-add foo worker1// add multiple labelsdocker node update –label-add foo –label-add bar worker1

Question 52

How to remove the label from the node?

Answer 52

docker node update –label-rm foo worker1

Question 53

How to set up the service to divide tasks evenly over different categories of nodes?

Answer 53

–placement-pref// example: if we have three datacenters 3 replicas will be placed on each datacenterdocker service create \ –replicas 9 \ –name redis_2 \ –placement-pref ‘spread=node.labels.datacenter’ \ redis:3.0.6

Question 54

How to limit your service on particular nodes?

Answer 54

–constraint// example: the following limits tasks for the redis service to nodes where the node type label equals queuedocker service create \ –name redis_2 \ –constraint ‘node.labels.type == queue’ \ redis:3.0.6

Question 55

Which algorithm does the docker engine use when it is in swarm mode to manage the global cluster state?

Answer 55

Raft Consensus Algorithm

Question 56

What is a quorum and why it is important?

Answer 56

Quorun ensure that the cluster state stays consistent in the presence of failures by requiring a majority of nodes to agree on values.Raft tolerates up to (N-1)/2 failures and requires a majority or quorum of (N/2)+1 members to agree on values proposed to the cluster.without quorun swarm wont be able to serve the requests

Question 57

What are the supported flags for creating services with templates?

Answer 57

–env–mount–hostname// exampleservice create –name hosttempl \ –hostname=”{{.Node.Hostname}}-{{.Node.ID}}-{{.Service.Name}}”\ busybox top