# 01 Prerequisites and Fundamentals ### 5. Linux Operating System Linux is the "natural habitat" of a DevOps engineer. These notes cover the transition from a casual user to a system power-user. #### 1. Installation / Setup Before a server can host an application, it must be properly initialized. * Distro Choice: Most DevOps environments use Ubuntu/Debian (popular for developers) or RHEL/CentOS/Rocky Linux (enterprise standard). * Initial Config: Includes setting the hostname, configuring the timezone (`timedatectl`), and setting up basic networking (`ip addr`, `nmcli`). * Security First: The first step after installation is usually disabling root SSH login and setting up a firewall (like `ufw` or `firewalld`). #### 2. Command Line Interface (CLI) The CLI is where speed and automation happen. * Navigation: `pwd` (where am I?), `ls -la` (show all files), `cd` (change directory). * System Monitoring: `top` or `htop` to see CPU/RAM usage in real-time, `df -h` to check disk space, and `free -m` for memory status. * Process Management: Finding a "stuck" process with `ps aux | grep app_name` and stopping it with `kill -9 `. #### 3. Filesystem / Storage / User Permissions Linux treats everything as a file, and who can touch those files is strictly controlled. * Filesystem Hierarchy (FHS): * `/etc`: The "Nerve Center" where all configuration files live (e.g., Nginx or SSH configs). * `/var/log`: Where applications write their history—essential for troubleshooting. * `/bin` & `/sbin`: Where the system's executable tools are stored. * Permissions (chmod/chown): * rwx: Read (4), Write (2), Execute (1). * Structure: Permissions are set for the User, Group, and Others. (e.g., `chmod 755` means the owner can do everything, others can only read and execute). #### 4. Package Management Instead of downloading `.exe` files, Linux uses package managers to handle software and their "dependencies." * APT (Advanced Package Tool): Used in Ubuntu/Debian. Commands: `apt update`, `apt install nginx`. * YUM/DNF: Used in RHEL/CentOS. Commands: `yum install git`, `dnf upgrade`. * Why it matters: In DevOps, we use these commands inside Dockerfiles or Ansible Playbooks to automate software setup across thousands of servers. #### 5. Virtualization Virtualization allows you to run multiple "virtual" computers on a single physical machine. * Hypervisors: * Type 1 (Bare Metal): Runs directly on hardware (e.g., VMware ESXi, KVM). * Type 2 (Hosted): Runs on top of an OS (e.g., VirtualBox). * VMs vs. Containers: While a VM virtualizes the entire hardware (including a full OS), a container only virtualizes the application layer, making it much faster and lighter. #### 6. Utilities & Tools (The "Power Tools") These are the text-processing "Big Four" used to parse logs and automate configuration changes. * grep: The "Search" tool. Used to find specific strings in massive log files (e.g., `grep "ERROR" /var/log/syslog`). * find: Used to locate files based on attributes like name, size, or modification date. * sed (Stream Editor): Used to find and replace text *without* opening the file. Essential for automation (e.g., `sed -i 's/80/8080/g' config.conf`). * awk: A powerful language for processing data in columns. If you need to "get the second word of every line in this log," you use `awk`. This is Section 5: Linux Operating System. At a mid-to-senior SRE level, Linux is not just about "knowing commands"—it is about understanding how the Kernel manages hardware resources and how User Space applications interact with those resources. In an interview, you are expected to explain what happens "under the hood" when a system is under pressure. *** #### 🔹 1. Improved Notes: System Internals **The Linux Kernel & The Shell** The Kernel is the bridge between software and hardware. It manages CPU scheduling, memory allocation, and device I/O. * System Calls (Syscalls): This is how an application asks the Kernel to do something (e.g., `open()`, `read()`, `write()`, `fork()`). If an app is slow, an SRE looks at syscall latency. * Virtual File System (VFS): Linux treats everything as a file (Hardware, Sockets, Processes). These are represented in `/proc` (process info) and `/sys` (kernel/hardware info). **Process Management: Life & Death** * Parent/Child Relationship: Every process (except `PID 1`) is created by a parent using `fork()`. * Zombie Processes: A process that has finished (sent `SIGCHLD`) but its parent hasn't acknowledged it. They take up space in the Process Table. * Orphan Processes: A process whose parent died. `systemd` (PID 1) "adopts" these and reaps them. **Memory & The OOM Killer** When the system runs out of physical RAM and Swap, the Out of Memory (OOM) Killer is triggered. It uses a scoring system (`oom_score`) to decide which process to kill to save the OS. *** #### 🔹 2. Interview View (Q\&A) Q1: What exactly is "Load Average" in the `top` command? * Answer: It is the average number of processes in a "runnable" or "uninterruptible" state. * Runnable: Waiting for CPU. * Uninterruptible: Waiting for I/O (Disk or Network). * Senior Twist: If Load Average is high but CPU usage is low, the system is bottlenecked on Disk I/O. Q2: You have deleted a large log file, but `df -h` shows the disk is still full. Why? * Answer: A process still has an open File Descriptor to that file. Linux won't actually free the blocks on the disk until the process closes the file or the process is killed. * Follow-up: "How do you find which process is holding it?" -> Use `lsof | grep deleted`. Q3: Explain the difference between `soft link` and `hard link`. * Answer: A Hard Link is a direct pointer to the Inode (the actual data on disk). If you delete the original file, the hard link still works. A Soft Link (Symbolic) is a pointer to the *filename*. If the original file is moved or deleted, the link breaks. *** #### 🔹 3. Architecture & Design: The Boot Process Understanding how a server comes to life is vital for debugging "unreachable" nodes. 1. BIOS/UEFI: Hardware initialization. 2. GRUB: The bootloader that loads the Kernel into memory. 3. Kernel: Initializes drivers and mounts the root filesystem. 4. Systemd (PID 1): The mother of all processes. It starts services (Targets) in parallel, significantly faster than the old SysVinit. *** #### 🔹 4. Commands & Configs (The "SRE Power Tools") **Advanced Debugging** Bash ``` # See every system call a process makes (Great for "Permission Denied" mysteries) strace -p # Trace network packets at the kernel level tcpdump -i eth0 # Check Inode usage (sometimes disk is "full" because you ran out of Inodes, not space) df -i ``` **System Limits (`/etc/security/limits.conf`)** For high-traffic apps (databases/proxies), you must increase the number of allowed open files. Plaintext ``` * soft nofile 65535 * hard nofile 65535 ``` *** #### 🔹 5. Troubleshooting & Debugging Scenario: A server is "sluggish" and unresponsive to SSH. 1. Isolate the resource: Use `top` or `htop`. Look for %wa (I/O Wait). If high, the disk is the bottleneck. 2. Check Memory: Use `free -m`. Is Swap being used? If the system is "thrashing" (constantly moving data between RAM and Swap), performance will tank. 3. Check Dmesg: Run `dmesg -T | tail -n 50`. Look for "Out of memory", "TCP segments dropped", or "Hardware Error". 4. Check Zombie PIDs: Use `ps aux | grep 'Z'`. A massive amount of zombies indicates a buggy application failing to close child processes. *** #### 🔹 6. Production Best Practices * No SSH in Production: Use Configuration Management (Ansible) or Systems Manager (AWS SSM). Manual changes are "Snowflake Servers." * Log Rotation: Always configure `logrotate`. A common "SRE 1:00 AM incident" is a disk filling up because an app was logging in `DEBUG` mode. * Kernel Hardening: Disable unused services and use SELinux or AppArmor to restrict what processes can do, even if they are breached. * Anti-Pattern: Running a process as `root`. If the app is compromised, the attacker has full control of the OS. Always use a dedicated service user. *** #### 🔹 Cheat Sheet / Quick Revision | **Command** | **Purpose** | **SRE Context** | | --------------------- | ---------------- | ------------------------------------------- | | `top` / `htop` | Process monitor | Check CPU/Load/Memory. | | `iostat` | Disk I/O stats | Identify disk bottlenecks. | | `netstat` / `ss` | Network stats | Check for socket exhaustion. | | `journalctl -u ` | View Logs | Standard way to debug `systemd` services. | | `lsof` | List open files | Find which process is using a port or file. | | `nice` / `renice` | Process priority | Give critical processes more CPU priority. | *** This is Section 5: Linux Operating System. For a senior-level role, Linux knowledge isn't about knowing how to list files; it's about understanding how the OS handles resource contention, kernel-level operations, and system performance. *** #### 🟢 Easy: Basic Operations & File Systems *Focus: Day-to-day command usage and basic permissions.* 1. What is the difference between `chmod` and `chown`? * *Context:* Focus on "Permissions" vs. "Ownership." 2. How do you find which process is using a specific port (e.g., port 8080)? * *Context:* The interviewer is looking for `netstat -tulpn` or `ss -tulpn`. 3. What is the purpose of the `/etc/hosts` file? * *Context:* Local DNS resolution before hitting external DNS servers. 4. Explain the basic Linux file permissions (rwx) and what the numbers 755 or 644 mean. * *Context:* Understanding User, Group, and Others bitmasks. *** #### 🟡 Medium: System Internals & Process Management *Focus: How the OS manages tasks and resources.* 1. Explain the three numbers in the "Load Average" output of the `uptime` command. * *Context:* They represent the 1, 5, and 15-minute averages. Mention that this includes processes waiting for CPU *and* processes in uninterruptible sleep (I/O wait). 2. What is a "Zombie" process and how do you "kill" it? * *Context:* A zombie is already dead; you can't kill it. You must kill the parent process so the zombie is "reaped" by `init` (PID 1). 3. What is an Inode? What happens if a system runs out of Inodes but still has disk space? * *Context:* An Inode stores metadata about a file. If you run out, you cannot create new files, even if you have 100GB of space left. This happens with many small files (e.g., session files or tiny logs). 4. Describe the difference between a Hard Link and a Soft (Symbolic) Link. * *Context:* A Hard link points to the Inode; a Soft link points to the file path. *** #### 🔴 Hard: SRE-Level Debugging & Kernel Concepts *Focus: High-pressure troubleshooting and kernel-space behavior.* 1. Scenario: You deleted a 10GB log file to free up space, but `df -h` still shows the disk is 100% full. Why, and how do you fix it without a reboot? * *Context:* A process still has an open File Descriptor to that file. The space isn't freed until the process closes the file. Use `lsof | grep deleted` to find the PID and restart that service. 2. What is the OOM (Out of Memory) Killer? How does it decide which process to kill first? * *Context:* Mention the `oom_score`. Factors include memory usage, process age, and `oom_score_adj`. SREs often protect critical processes (like `sshd` or `databases`) by lowering their score. 3. How would you use `strace` to debug a running application that is hanging or "stuck"? * *Context:* `strace` intercepts System Calls. You can see if the app is stuck on a `read()` (waiting for network) or an `open()` (waiting for a file lock). 4. Explain the difference between User Space and Kernel Space. * *Context:* Focus on security and stability. Applications run in User Space and must use Syscalls to request the Kernel to perform hardware tasks (Disk, Network, RAM). *** #### 💡 Pro-Tip for your Interview When answering Linux questions, mention "Everything is a file." * The SRE Answer: "In Linux, everything is a file—from the hardware and network sockets to the processes listed in `/proc`. If I see a 'Too many open files' error, I know I'm hitting the `ulimit` or the kernel-wide file descriptor limit, which I can tune in `sysctl.conf`."