20 Ansible Interview Questions
With Ansible becoming a must have skill for anyone in IT now I thought I would put together this short list of Ansible Interview Questions which should help you answer some common scenarios. Also if you are facing an interview where you need to ask some questions on Ansible I hope these can help.
The answers are not short answers, so use each one as a learning tool as if you can answer any question with an expanded answer you will demonstrate your knowledge much better rather than ust providing a one sentence answer!
1. What is Ansible and how does it differ from other configuration management tools?
Ansible is an open-source automation tool that is used for configuration management, application deployment, and task automation. It allows users to automate various IT tasks, such as provisioning, configuration, application deployment, and more. Ansible differs from other configuration management tools, such as Chef and Puppet, in that it uses an agentless architecture. This means that there is no need to install any agents or software on the target machines in order for Ansible to manage and configure them. Instead, Ansible uses SSH to connect to and manage remote servers.
3. Can you explain the concept of an Ansible playbook?
An Ansible playbook is a YAML file that defines a set of tasks and the order in which they should be executed. Each task is defined as a single Ansible module, which is a small piece of code that performs a specific function, such as installing a package or starting a service.
A playbook can contain multiple tasks and can be executed on one or more remote servers. Playbooks can also include variables, conditionals, and loops, which allow for more complex automation scenarios. Additionally, playbooks can be organized into roles, which are collections of tasks, files, and variables that are grouped together to perform a specific function.
An example of a simple Ansible playbook that installs the Apache web server on a remote server:
- hosts: web become: true tasks: - name: Install Apache yum: name=httpd state=present - name: Start Apache service: name=httpd state=started
This playbook is executed on the “web” group of servers, becomes root user and runs 2 tasks one after the other. The first task installs the Apache package using the yum module, the second task starts the Apache service using the service module.
4. How do you handle sensitive data in Ansible, such as passwords or keys?
Handling sensitive data in Ansible, such as passwords or keys, can be done using Ansible Vault. Ansible Vault is a feature that allows you to encrypt sensitive data in your Ansible playbooks and inventory files. Here’s how you can use it:
- Create an encrypted file: To create an encrypted file, you can use the
ansible-vault createcommand. This will prompt you for a password and then open an editor for you to enter the sensitive data.
- Edit an encrypted file: To edit an encrypted file, you can use the
ansible-vault editcommand. This will prompt you for the password and then open an editor for you to make changes to the sensitive data.
- Encrypt existing files: To encrypt existing files, you can use the
ansible-vault encryptcommand. This will prompt you for the password and then encrypt the specified file.
- Decrypt files: To decrypt a file, you can use the
ansible-vault decryptcommand. This will prompt you for the password and then decrypt the specified file.
- Use encrypted files in playbooks: Once you have encrypted a file, you can use it in your playbooks by specifying the encrypted file’s path and providing the password when running the playbook using the
- Share password: If you are working in a team, you can share the password with your team members, but it is recommended to use a password manager or to use a vault password file to store the password in a secure location.
- Use Ansible Tower or Ansible AWX : Ansible Tower or Ansible AWX provides a web-based user interface for managing Ansible, it also includes an encrypted credentials feature which allows you to securely store and manage sensitive data.
It is important to note that Ansible Vault encrypts only the data in the file and not the file name. Therefore it is important to ensure that the files containing sensitive data are stored in a secure location and that access to those files is restricted.
5. Can you explain the difference between Ansible modules and Ansible playbooks?
Ansible modules are pre-built scripts that perform specific actions, such as installing a package, creating a user, or copying a file. They are used to define and manage resources in Ansible playbooks. Ansible playbooks are the files that contain the instructions for Ansible to execute. They are written in YAML and consist of a series of tasks that are executed in order. Playbooks use modules to perform actions on resources.
6. Can you explain the difference between Ansible ad-hoc commands and playbooks?
Ansible ad-hoc commands are used to perform quick, one-off tasks on managed hosts, such as installing a package or creating a user. They are useful for performing tasks that do not need to be saved or reused. They are executed from the command line, and the syntax for an ad-hoc command is: ansible <host pattern> -m <module> -a <module options>
Ansible playbooks, on the other hand, are written in YAML and are used to define a set of tasks that need to be executed on one or more managed hosts. Playbooks are more powerful than ad-hoc commands as they allow you to execute multiple tasks and organize them in a logical way. They can also be saved and reused, making it easy to automate repetitive tasks. They are executed by the ansible-playbook command.
7. Can you give an example of how to use Ansible to provision a server?
First, you would create an Ansible playbook, which is a YAML file that defines a set of tasks to be executed on the target server. The playbook might look something like this:
--- - name: Provision server hosts: all become: true tasks: - name: Update package manager apt: update_cache: yes - name: Install Apache apt: name: apache2 state: present - name: Start Apache service: name: apache2 state: started
This playbook uses the
apt module to update the package manager and install Apache, and the
service module to start the Apache service.
To run the playbook, you would use the
ansible-playbook command, specifying the playbook file and the target server(s) to run it against:
ansible-playbook -i "host1,host2" provision.yml
This command would run the playbook against the servers specified in the inventory file “host1,host2”, updating the package manager, installing Apache, and starting the Apache service on those servers.
Please note that this is a simple example, and in real-world scenarios, you would likely want to use variables and other advanced features to make your playbooks more flexible and reusable.
8. How do you handle multiple environments (e.g. development, staging, production) with Ansible?
- Use separate inventory files: You can create separate inventory files for each environment, and specify the appropriate file when running the playbook. For example, you might have a development inventory file that specifies the development servers, and a production inventory file that specifies the production servers.
- Use dynamic inventory: You can use dynamic inventory to automatically determine the servers to run the playbook against based on some external data source, such as a cloud provider’s API. This can be useful if your servers are frequently created or destroyed, or if you have a large number of servers.
- Use variables: You can use variables to specify configuration details that are specific to a particular environment. For example, you might use a variable to specify the database hostname for development, staging, and production.
- Use tags: You can use tags to group tasks or entire plays together, and then specify which tags to run or skip at runtime. This way you can target different environments or different parts of the infrastructure.
- Use conditionals: You can use conditionals to conditionally execute tasks based on environment-specific variables.
- Use different playbooks for different environments: You can create different playbooks for different environments and then call the appropriate playbook for that environment
9. How do you use Ansible to manage and maintain a large number of servers?
- Use an inventory file: Create an inventory file that lists all your servers, and group them by environment, function, or other criteria. This makes it easy to run playbooks against specific subsets of servers.
- Use dynamic inventory: Automate the process of discovering servers using dynamic inventory. This allows Ansible to automatically discover and manage servers as they are added or removed from your infrastructure.
- Use modules and roles: Ansible modules and roles provide a way to package and reuse tasks, making it easy to manage and maintain a large number of servers.
- Use automation: Use Ansible to automate repetitive tasks such as software updates, backups, and security hardening. This can save time and reduce the risk of human error.
- Use version control: Use version control to track changes to your Ansible playbooks, inventory files, and roles. This allows you to roll back changes, collaborate with others, and maintain a history of your infrastructure.
- Use tags: Use tags to organize and prioritize your playbooks, and to target specific groups of servers.
- Use Ansible Tower or Ansible AWX: Ansible Tower or Ansible AWX provide a web-based user interface for managing Ansible and it can help to manage a large number of servers. It also provides features such as role-based access control, job scheduling, and reporting.
- Use Ansible Vault: Use Ansible Vault to encrypt sensitive data such as passwords, keys, and credentials. This provides an additional layer of security for your infrastructure.
10. Can you describe a use case for Ansible’s dynamic inventory feature?
Ansible’s dynamic inventory feature allows you to automatically discover and manage servers by pulling information from an external data source. This can be useful in a number of different scenarios, such as:
- Cloud environments: If you are using a cloud provider, you can use the cloud provider’s API to dynamically discover servers. For example, you can use the AWS EC2 dynamic inventory script to automatically discover all the EC2 instances in your AWS account, and use that information to run playbooks against those instances.
- Container orchestration: If you are using a container orchestration platform like Kubernetes, you can use the Kubernetes dynamic inventory script to discover all the pods and nodes in your cluster, and use that information to run playbooks against those containers.
- Network devices: If you are managing network devices, you can use the Ansible Network dynamic inventory script to discover all the devices in your network, and use that information to run playbooks against those devices.
- Database: If you are managing a large number of servers and they are all listed in a database, you can create your own dynamic inventory script that queries the database to get the list of servers and use that information to run playbooks against those servers.
- Combination of the above: You can also use a combination of the above scenarios, where you are using multiple dynamic inventory scripts to discover servers from different sources and use them together in one playbook.
This feature allows you to automatically discover and manage servers without having to manually update your inventory files, which can be especially useful in environments where servers are frequently created or destroyed, or when dealing with a large number of servers.
11. How do you debug an Ansible playbook when it fails?
There are several ways to debug an Ansible playbook when it fails:
- Use the
-vvvoption: When running a playbook, you can use the
-voption to increase the verbosity level of the output. The
-voption will show you the standard output and error of the commands that are executed, while the
-vvvoption will show you even more detailed information, including the arguments passed to the modules and the values of variables.
- Use the
debugmodule: You can use the
debugmodule to output the values of variables and other information at specific points in your playbook. For example, you can use the
debugmodule to output the value of a variable that is causing an issue.
- Use the
changed_whenstatement: You can use the
failed_whenstatement to specify a condition under which a task should be considered failed, and
changed_whenstatement to specify a condition under which a task should be considered changed.
- Use the
registerkeyword: You can use the
registerkeyword to assign the output of a task to a variable, and then use the
debugmodule to output the value of the variable. This can be useful for troubleshooting issues with specific tasks.
- Use Ansible Tower or Ansible AWX: Ansible Tower or Ansible AWX provides a web-based user interface for managing Ansible, it also includes a detailed job history and job status, which can help you to quickly identify and troubleshoot issues.
- Use Ansible’s Callback plugins : Ansible callback plugins allow you to customize the output that Ansible displays on the command line, and you can use them to add additional debugging information.
12. Can you explain how Ansible roles are used to organize and reuse playbooks?
Ansible roles are a way to organize and reuse playbooks in Ansible. Roles are a collection of tasks, files, templates, and variables that are grouped together to perform a specific function. Here’s how they can be used to organize and reuse playbooks:
- Reusability: Roles allow you to package tasks and other resources into a single, reusable unit. This makes it easy to reuse the same tasks and resources across multiple playbooks and projects.
- Structure: Roles provide a consistent structure for organizing tasks and resources. For example, roles follow a specific file structure, with tasks, files, templates, and variables all placed in their own directories.
- Modularity: Roles allow you to break down complex playbooks into smaller, more manageable units. This makes it easier to understand, test, and maintain your playbooks.
- Sharing: Roles can be shared with other members of your team, or with the Ansible community. This allows others to easily use and extend your roles.
- Importing: Roles can be imported and used by other roles, this allows to create more complex playbooks by combining different roles.
- Dependencies: Roles can have dependencies on other roles, this allows you to ensure that specific roles are executed before others.
In order to use roles, they need to be placed in a specific directory structure and then called from the playbook using the
roles keyword. Here is an example:
- name: Example Playbook hosts: all roles: - role1 - role2
It is important to note that Ansible roles can also use variables and have their own defaults and vars, which allows for even more flexibility and reusability. Additionally, Ansible Galaxy is a website where you can find and share roles created by the community.
13. Can you explain the purpose of Ansible’s tags and how they are used?
Ansible’s tags are a way to group and organize tasks within a playbook. They allow you to selectively run specific tasks or groups of tasks within a playbook, rather than running the entire playbook. Here’s how they can be used:
- Grouping tasks: You can use tags to group tasks by function, environment, or any other criteria. For example, you might use tags to group all tasks related to security, or all tasks related to a specific environment.
- Running specific tasks: You can use tags to selectively run specific tasks or groups of tasks within a playbook. For example, if you have a large playbook with multiple tasks, you can use tags to only run the tasks that are needed for a specific deployment.
- Skip tasks: You can use tags to skip specific tasks or groups of tasks within a playbook. For example, you might use tags to skip tasks that are only needed for development or testing environments.
- Ansible-playbook options: You can use the
ansible-playbookcommand to run tasks with specific tags, and the
--skip-tagsoption to skip tasks with specific tags.
- Advanced usage: You can also use tags in combination with other features such as loops and conditionals, to further customize and control the execution of your playbooks.
Here is an example:
- name: Install and configure Apache hosts: all become: true tasks: - name: Install Apache apt: name: apache2 state: present tags: - apache - install - name: Start Apache service: name: apache2 state: started tags: - apache - start - name: Stop Apache service: name: apache2 state: stopped tags: - apache - stop
In this example, all tasks are tagged with ‘apache’ and also with a specific task tag like ‘install’ or ‘start’. To run only the task of installing Apache, you would use the command:
ansible-playbook -i inventory.ini example.yml --tags=install
It is important to note that tags are optional and you don’t have to use them in your playbooks, but they can be very useful when you have a large playbook with multiple tasks and you want to be able to run only specific tasks or groups of tasks.
14. How do you use Ansible to handle different operating systems and versions?
Ansible can handle different operating systems and versions by using different modules and conditional statements, here are a few ways to do it:
- Use the
ansible_os_familyvariable: Ansible automatically sets the
ansible_os_familyvariable which can be used to check the family of the target operating system. For example, you can use this variable in a conditional statement to run specific tasks for different operating system families, such as Debian or Red Hat.
- Use the
ansible_distributionvariable: Ansible automatically sets the
ansible_distributionvariable which can be used to check the specific distribution of the target operating system. For example, you can use this variable in a conditional statement to run specific tasks for different distributions, such as Ubuntu or Fedora.
- Use the
ansible_distribution_versionvariable: Ansible automatically sets the
ansible_distribution_versionvariable which can be used to check the specific version of the target operating system. For example, you can use this variable in a conditional statement to run specific tasks for different versions of the same distribution, such as Ubuntu 18.04 or Ubuntu 20.04
- Use the
whenstatement: You can use the
whenstatement to conditionally execute tasks based on the operating system and version. For example, you can use the
whenstatement to run a task only on Ubuntu 18.04 and not on other versions.
- Use different modules: Some modules are specific to certain operating systems or versions. For example, the
aptmodule is specific to Debian-based systems, while the
yummodule is specific to Red Hat-based systems.
- Use the
setupmodule can be used to gather information about the target system, such as the operating system and version. You can use this information in conjunction with the
whenstatement to conditionally execute tasks based on the operating system and version.
15. Can you explain how Ansible integrates with other tools, such as Jenkins or Docker?
Ansible can integrate with other tools, such as Jenkins or Docker, to automate and streamline various IT processes. Here’s how Ansible can integrate with some popular tools:
- Jenkins: Ansible can be used in conjunction with Jenkins to automate the deployment of software and infrastructure. For example, you can use Ansible to provision and configure servers, and then use Jenkins to build and deploy software to those servers. Jenkins can also be used to trigger Ansible playbooks and manage the execution of playbooks.
- Docker: Ansible can be used to automate the management of Docker containers. For example, you can use Ansible to create and manage Docker images, or to start and stop containers. You can also use Ansible to configure and manage the host machine on which the Docker containers are running.
16. How do you test Ansible playbooks before deploying them to production?
Testing Ansible playbooks before deploying them to production is an important step to ensure that your playbooks are functioning correctly and will not cause any issues in production. Here are a few ways to test Ansible playbooks:
- Use a test environment: Create a test environment that closely mirrors your production environment. This allows you to test your playbooks in a realistic setting, and to identify and fix any issues before deploying to production.
- Use the
--checkflag: Use the
--checkflag with the
ansible-playbookcommand to run a “dry run” of your playbook. This will show you the tasks that would be executed, but will not actually make any changes to your servers.
- Use the
--diffflag: Use the
--diffflag with the
ansible-playbookcommand to show the differences that would be made to your servers. This can be useful for identifying any unintended changes that your playbooks might make.
- Use test-driven development (TDD): Use a TDD approach to test playbooks, by writing test cases and testing the playbooks using testing tools such as
- Use Continuous integration and Continuous delivery (CI/CD): Use a CI/CD pipeline to automate the testing of your playbooks, by using tools such as Jenkins, Travis CI, and CircleCI to automatically run tests and deploy playbooks to test environments.
- Use Ansible Lint: Use Ansible Lint to check for errors, best practices, and formatting issues in your playbooks.
- Use Ansible’s assert module : The
assertmodule can be used to check for certain conditions within the playbook execution and fail the execution if the conditions are not met.
17. Can you explain the use of Ansible variables and how they are defined and used in playbooks?
Ansible variables are used to store and retrieve values in Ansible playbooks. They can be used to store values such as hostnames, usernames, and passwords, and can also be used to control the flow of a playbook by changing the behavior of tasks based on the values of the variables.
Here are a few ways that Ansible variables can be defined and used in playbooks:
- Defining variables in inventory files: Variables can be defined in inventory files, which are used to define the hosts that Ansible will manage. These variables can be used in playbooks to configure specific hosts or groups of hosts. For example, you could define a variable called “app_version” in an inventory file and use it to set the version of an application that you want to deploy.
- Defining variables in playbooks: Variables can be defined directly in playbooks using the
set_factsections. These variables can be used in the same playbook or in other playbooks that are called by the main playbook. For example, you could define a variable called “app_path” in a playbook and use it to specify the path where an application should be installed.
- Defining variables in external files: Variables can be defined in external YAML or JSON files and these files can be imported in the playbook using the
vars_filessections. This way, you can keep sensitive information such as passwords and keys outside of the playbooks.
- Using built-in facts: Ansible automatically gathers a set of system facts, such as IP addresses, memory, and OS version, these facts can be accessed and used as variables in playbooks. For example, you could use the
ansible_os_familyvariable to check the family of the target operating system and run specific tasks for different operating system families.
- Using command line options: Variables can be passed to Ansible playbooks on the command line
18. How do you use Ansible to manage and configure a Cisco switch?
Ansible can be used to manage and configure Cisco switches by using the Cisco Network modules. Here’s an example of how Ansible can be used to manage and configure a Cisco switch:
- Install the Cisco Network modules: The Cisco Network modules need to be installed in order to use Ansible to manage and configure Cisco switches. You can install them using the Ansible Galaxy by running the command
ansible-galaxy collection install cisco.network_infrastructure
- Create an inventory file: Create an inventory file that includes the IP address or hostname of the Cisco switch and any other information needed to connect to the switch.
- Create a playbook: Create a playbook that uses the Cisco Network modules to manage and configure the Cisco switch. For example, you can use the
ios_configmodule to configure the switch’s interfaces or the
ios_commandmodule to run show commands on the switch.
- Run the playbook: Use the
ansible-playbookcommand to run the playbook and configure the Cisco switch.
19. Can you explain how to use Ansible to perform zero-downtime deploys?
Zero-downtime deploys refer to the ability to deploy updates to an application or service without causing any interruption to the service. Ansible can be used to perform zero-downtime deploys by using the following techniques:
- Rolling updates: By using the
rolling_updatemodule, you can update a group of servers one at a time, ensuring that at least one server is always available to handle requests. This can be done by updating one server at a time, waiting for it to come back online, and then moving on to the next server.
- Blue-green deployments: By using the
async_pollmodules, you can create two identical environments, one called the “blue” environment, which is the active environment, and the other called the “green” environment, which is the inactive environment. By updating the green environment first and then switching traffic to it, you can ensure that there is no downtime during the deployment.
- Multi-tier deployments: By using the
rescuemodules, you can perform multi-tier deployments by updating one tier of servers at a time, ensuring that each tier is fully updated before moving on to the next.
- Load balancing: By using load balancer modules, you can configure load balancers to route traffic to different servers, allowing you to update servers one at a time without any interruption to service.
- Pre-checks and post-checks: By using the
assertmodule, you can perform pre-checks and post-checks to ensure that the servers are in the correct state before and after the deployment.
20. Can you install Ansible on Windows?
Technically the answer is NO, you cannot install Ansible directly onto Windows but Ansible can be installed on Windows (but not directly) you will need to install the Windows Subsystem for Linux (WSL) and then install Ansible within the WSL environment. Here are the general steps to install Ansible on Windows:
- Enable the Windows Subsystem for Linux: You will need to enable the Windows Subsystem for Linux (WSL) on your Windows machine. You can do this by going to the Control Panel -> Programs -> Turn Windows features on or off and then check the box for Windows Subsystem for Linux.
- Install a Linux distribution: Next, you will need to install a Linux distribution, such as Ubuntu, on your Windows machine. You can do this by opening the Microsoft Store and searching for “Ubuntu” or “WSL” and then clicking on the “Get” button to install it.
- Install Ansible: Once you have a Linux distribution installed, you can open a command prompt or terminal and use the package manager to install Ansible. For example, on Ubuntu, you can use the following command:
I hope this list of Ansible Interview Questions will help you with any upcoming interviews or to just learn a bit more about Ansible
If you have any more Ansible interview questions, leave them in the comments below and I will add them to the list.