250 Docker Practice Exam Questions

16. How to deploy a service in the docker swarm?

$ docker create service --replicas 3 --name nginx-web nginx // for the nginx image

3. How do you know the current status of the swarm?

$ docker info // you can find the info under the swarm section

33. How to create an overlay network?

$ docker network create --driver overlay my-network // you can customize it $ docker network create --driver overlay -subnet 10.0.9.0/24 --gateway 10.0.9.99 my-network

34. How to inspect the network?

$ docker network inspect my-network

37. How to find which networks the service is connected to?

$ docker network inspect my-network OR // for the name $ docker service ls // to list the networks $ docker service ps <SERVICE>

4. Which command do you use to find the information about the nodes in the swarm?

$ docker node ls

22. How to find out more details of the container running these tasks of the service?

$ docker ps // you need to run this command on the particular node

7. How to run the container?

$ docker run <image>

35. How to attach a service to an overlay network?

$ docker service create --replicas 3 --name my-web --network my-network nginx

19. How to inspect the service on the swarm?

$ docker service inspect <service name>

20. How to inspect the service on the swarm so that it will print limited information in an easily readable format?

$ docker service inspect <service> --pretty

17. How to list the services in the Docker swarm?

$ docker service ls

18. How to list the tasks of the service in the Docker swarm?

$ docker service ps <service name>

21. How to find out which nodes are running the service?

$ docker service ps <service>

29. How to revert the changes for the service configuration?

$ docker service rollback my-service

28. How to increase the number of replicas?

$ docker service scale SERVICE=REPLICAS // example $ docker service scale frontend=50 // you can scale multiple services as well $ docker service scale frontend=50 backend=30 // you can also scale with the update command $ docker service update --replicas=50 frontend

27. How to format the output of the docker stack services command?

$ docker stack services --format "{{.ID}}: {{.Mode}} {{.Replicas}}"

1. Which command do you use to create a new swarm?

$ docker swarm init --advertise-addr <MANAGER-IP>

9. How to lock the swarm?

$ docker swarm init --autolock // This command produces unlock key. You need to place that in safe place

5. How to add another manager to the swarm?

$ docker swarm join-token manager // it generates the instructions for the manager to be added

6. How to add another worker node to the swarm?

$ docker swarm join-token worker // it generate the instructions for the worker to be added

10. How to unlock the swarm?

$ docker swarm unlock

13. How to view the current unlock key for the running swarm?

$ docker swarm unlock-key

14. How to rotate the unlock key?

$ docker swarm unlock-key --rotate

12. How to enable or disable autolock on the existing swarm?

$ docker swarm update --autolock=true //enable autolock $ docker swarm update --autolock=false //disable autolock

53.1 How to limit your service on particular nodes?

--constraint // example: the following limits tasks for the redis service to nodes where the node type label equals queue docker service create \ --name redis_2 \ --constraint 'node.labels.type == queue' \ redis:3.0.6

56. What are the supported flags for creating services with templates?

--env --mount --hostname // example service create --name hosttempl \ --hostname="{{.Node.Hostname}}-{{.Node.ID}}-{{.Service.Name}}"\ busybox

86. What are all the options that can be provided for the HEALTHCHECK instruction?

--interval=DURATION (default: 30s) --timeout=DURATION (default: 30s) --start-period=DURATION (default: 0s) --retries=N (default: 3)

61. The RUN command normally utilizes cache from the previous build. Which flag should you specify for the build not to use cache?

--no-cachedocker build --no-cache .

53. How to set up the service to divide tasks evenly over different categories of nodes?

--placement-pref // example: if we have three datacenters 3 replicas will be placed on each datacenter docker service create \ --replicas 9 \ --name redis_2 \ --placement-pref 'spread=node.labels.datacenter' \ redis:3.0.6

25. Explain the several commands associated with Docker stack?

// deploy the new stack or update $ docker stack deploy -c <compose file> // list services in the stack $ docker stack services // list the tasks in the stack $ docker stack ps // remove the stack $ docker stack rm //List stack $ docker stack ls

98. How to copy an image from the docker hub to a local repository?

// pull an image from the Docker Hub docker pull ubuntu // tag an image docker tag ubuntu:16.04 localhost:5000/my-ubuntu // push the image docker push localhost:5000/my-ubuntu

26. How to filter the services in the stack?

// with the help of --filter flag $ docker stack service nginx-web --filter name=web

24. What is Docker stack?

A stack is a group of interrelated services that share dependencies, and can be orchestrated and scaled together.

63. What are the various forms of CMD instruction?

CMD ["executable","param1","param2"] (exec form, this is the preferred form) CMD ["param1","param2"] (as default parameters to ENTRYPOINT) CMD command param1 param2 (shell form)

71. What is the purpose of the ENV instruction in the Dockerfile?

ENV <key> <value> an ENV instruction sets the enviroment value to the key and it is available for the subsequent build steps and in the running container as well.

57. Which instruction sets the base image for the subsequent builds in the Dokcerfile?

FROM

85. Which instruction let Docker daemon know the health of the container?

HEALTHCHECK

67. What is the purpose of the LABEL instruction in the Dockerfile?

It adds metadata to the Image

90. What is the best way to drastically reduce the size of an image?

Multi Stage Builds

42. Does docker service create command support -v or — volume flag?

No

58. No instruction can precede FROM in the Dockerfile. Is this statement correct?

No. ARG is the only instruction can precede FROM

69. The EXPOSE instruction actually publish the port. Is this statement correct?

No. It serves as a type of documentation between the image publisher and image consumer

11. Are we able to enable autolock feature only when we create a swarm for the first time?

No. You can lock the existing swarm as well

91. How do you minimize the number of layers while building the image?

Only the instructions RUN, COPY, ADD create layers. Where possible, use multi-stage builds, and only copy the artifacts you need into the final image. sort multi line arguments RUN apt-get update && apt-get install -y \ bzr \ cvs \ git \ mercurial \ subversion

40. What is the difference between -v and --mount flags in terms of creating volumes?

Originally, the -v or --volume flag was used for standalone containers and the --mount flag was used for swarm services. However, starting with Docker 17.06, you can also use --mount with standalone containers. In general, --mount is more explicit and verbose.

30. What are the networks available for the docker services?

Overlay networks: manage communications among the Docker daemons participating in the swarm. You can attach a service to one or more existing overlay networks as well, to enable service-to-service communication. Ingress network: is a special overlay network that facilitates load balancing among a service's nodes. When any swarm node receives a request on a published port, it hands that request off to a module called IPVS. IPVS keeps track of all the IP addresses participating in that service, selects one of them, and routes the request to it, over the ingress network. docker_gwbridge: is a bridge network that connects the overlay networks (including the ingress network) to an individual Docker daemon's physical network.

92. How to leverage the build cache?

Put instructions that likely to change often at the bottom of the dockerfile.

55. What is a quorum and why it is important?

Quorun ensure that the cluster state stays consistent in the presence of failures by requiring a majority of nodes to agree on values. Raft tolerates up to (N-1)/2 failures and requires a majority or quorum of (N/2)+1 members to agree on values proposed to the cluster. without quorun swarm wont be able to serve the requests

54. Which algorithm does the docker engine use when it is in swarm mode to manage the global cluster state?

Raft Consensus Algorithm

84. Which instruction sets the system call signal that will be sent to the container to exit?

STOPSIGNAL signal

83. What is the ONBUILD instruction in the Dockerfile?

The ONBUILD instruction adds to the image a trigger instruction to be executed at a later time, when the image is used as the base for another build.

60. What does the RUN instruction do in the Dockerfile?

The RUN instruction will execute any commands in a new layer on top of the current image and commit the results.

87. What is the SHELL instruction in the Dockerfile?

The SHELL instruction allows the default shell used for the shell form of commands to be overridden. The default shell on Linux is ["/bin/sh", "-c"], and on Windows is ["cmd", "/S", "/C"]. The SHELL instruction must be written in JSON form in a Dockerfile.

78. What is the USER instruction in the Dockerfile?

The USER instruction sets the user name (or UID) and optionally the user group (or GID) to use when running the image and for any RUN, CMD and ENTRYPOINT instructions that follow it in the Dockerfile.

76. What is the VOLUME instruction in the Dockerfile?

The VOLUME instruction creates a mount point with the specified name and marks it as holding externally mounted volumes from native host or other containers.

79. What is the WORKDIR instruction in the Dockerfile?

The WORKDIR instruction sets the working directory for any RUN, CMD, ENTRYPOINT, COPY and ADD instructions that follow it in the Dockerfile.

65. What is the purpose of the CMD instruction in the Dockerfile?

The main purpose of a CMD is to provide defaults for an executing container. These defaults can include an executable, or they can omit the executable, in which case you must specify an ENTRYPOINT instruction as well.

2. What is this flag --advertise-addr for?

This flag configures the IP address for the manager node and the other nodes in the swarm must be able to access the manager at the IP address.

8. What is the autolock feature in the Docker swarm?

When Docker restarts, both the TLS key used to encrypt communication among swarm nodes, and the key used to encrypt and decrypt Raft logs on disk, are loaded into each manager node's memory. Docker 1.13 introduces the ability to protect the mutual TLS encryption key and the key used to encrypt and decrypt Raft logs at rest, by allowing you to take ownership of these keys and to require manual unlocking of your managers. This feature is called autolock.

43. What are the volume drivers?

When building fault-tolerant applications, you might need to configure multiple replicas of the same service to have access to the same files. Volume drivers allow you to abstract the underlying storage system from the application logic. For example, if your services use a volume with an NFS driver, you can update the services to use a different driver, as an example to store data in the cloud, without changing the application logic.

15. If the key was rotated after one of the manager nodes became unavailable and if you don't have access to the previous key you may need to force the manager to leave the swarm and join it back as a new manager. Is this statement correct?

Yes

31. Is the ingress network created automatically when you initialize or join a swarm?

Yes

32. Is docker_gwbridge network created automatically when you initialize or join a swarm?

Yes

36. Can service containers connected to the overlay network communicate with each other?

Yes

38. Customize the ingress network involves removing and creating a new one and you need to do that before you create any services in the swarm. Is this statement correct?

Yes

64. If CMD instruction provides default arguments for the ENTRYPOINT instruction, both should be specified in JSON format. Is this statement correct?

Yes

88. Create ephemeral containers is considered best practice?

Yes

62. Is there any other instruction that can invalidate the cache?

Yes. ADD

95. How to format the output of the docker inspect command?

by using --format flag //examples docker inspect --format='{{range .NetworkSettings.Networks}}{{.MacAddress}}{{end}}' $INSTANCE_IDdocker inspect --format='{{.LogPath}}' $INSTANCE_ID

99. How to stop and remove a local registry?

docker container stop registry && docker container rm -v registry

94. How to see the history of the image?

docker image history

93. How to remove unused images?

docker image prune

68. How to check the labels for the current image?

docker inspect // Under Labels section

39. How to remove and create an ingress network?

docker network rm ingress docker network create \ --driver overlay \ --ingress \ --subnet=10.11.0.0/16 \ --gateway=10.11.0.2 \ --opt com.docker.network.mtu=1200 \ my-ingress

51. How to add a label to the node?

docker node update --label-add foo worker1 // add multiple labels docker node update --label-add foo --label-add bar worker1

52. How to remove the label from the node?

docker node update --label-rm foo worker1

75. How can you override the ENTRYPOINT instruction?

docker run --entrypoint

72. How to change the environment variables when running containers?

docker run --env <key>=<value>

97. How to run a local registry?

docker run -d -p 5000:5000 --restart=always --name registry registry:2

77. What initializes the newly created Volume?

docker run -v

45. How to create a service with volume driver?

docker service create -d \ --name nfs-service \ --mount 'type=volume,source=nfsvolume,target=/app,volume-driver=local,volume-opt=type=nfs,volume-opt=device=:/var/docker-nfs,volume-opt=o=addr=10.0.0.10' \ nginx:latest

41. How to create a service with volume?

docker service create -d \ --replicas=4 \ --name devtest-service \ --mount source=myvol2,target=/app \ nginx:latest

49. What is the general flow when troubleshooting services or clusters?

docker service ls docker service ps <service> docker service inspect <service> docker inspect <task> docker inspect <container> docker logs <container>

96. How to tag an image?

docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG] docker tag 0e5574283393 fedora/httpd:version1.0 // by id docker tag httpd fedora/httpd:version1.0 // by name docker tag httpd:test fedora/httpd:version1.0.test // by name and tag docker tag 0e5574283393 myregistryhost:5000/fedora/httpd:version1.0

44. How to create a volume with the volume driver?

docker volume create --driver vieux/sshfs \ -o sshcmd=test@node2:/home/test \ -o password=testpassword \ sshvolume

46. I created a deployment that runs exactly one task on every node. which type of service deployment is this?

global

48. If you want to troubleshoot the UCP clusters what is the best method?

it's always best practice to use client bundle to troubleshoot UCP clusters

80. You have specified multiple WORKDIR instructions in the Dockerfile: WORKDIR /a WORKDIR b WORKDIR c RUN What is the result WORKDIR?

pwdresult: /a/b/c

81. You have specified multiple WORKDIR instructions in the Dockerfile: WORKDIR /a WORKDIR /b WORKDIR c RUN What is the result WORKDIR?

pwdresult: /b/c

47. I created a deployment that runs several identical tasks on nodes. which type of service deployment is this?

replicated

59. What are the two forms for the RUN instruction?

shell form: RUN <command> exec form: RUN ["executable", "param1", "param2"]

23. If you are running co-related services in the docker swarm, what do you call this?

stack

70. What should you do to actually publish the ports?

use -p flag when running a container

89. What should you do if you want to exclude some files while executing the docker build image and don't want to send all the files to Docker daemon?

use .dockerignore file

66. How to make your container execute the same executable every time?

use ENTRYPOINT in combination with CMD

50. How to update metadata about a node?

you can use labels to add metadata about the node

73. What is the difference between ADD and COPY instructions?

ADD [--chown=<user>:<group>] <src>... <dest> The ADD instruction copies new files, directories or remote file URLs from <src> and adds them to the filesystem of the image at the path <dest>. COPY [--chown=<user>:<group>] <src>... <dest> The COPY instruction copies new files or directories from <src> and adds them to the filesystem of the container at the path <dest>.

82. What is the ARG instruction in the Dockerfile?

ARG <name>[=<default value>] The ARG instruction defines a variable that users can pass at build-time to the builder with the docker build command using the --build-arg <varname>=<value> flag.

74. What is ENTRYPOINT instruction in the Dockerfile?

An ENTRYPOINT allows you to configure a container that will run as an executable. Command line arguments to docker run <image> will be appended after all elements in an exec form ENTRYPOINT, and will override all elements specified using CMD.