Ansible Interview Questions and Answers

Ansible Interview Questions are the most researched topic on the internet these days owing to the popularity gained by Ansible in recent times. Automation is gaining so much popularity these days in almost every IT process as it reduces the need for manual intervention and the need for more resources, and Ansible helps the industry achieve it.

Ansible makes both automation as well as Configuration Management easy. Ansible is also new in the IT industry and has gained popularity in a very short time. This is because it helps automate most of the tasks, saving resources and time.

1. What is Ansible?

Ansible is a configuration management system. It is used to set up and manage infrastructure and applications. It allows users to deploy and update applications using SSH, without needing to install an agent on a remote system.

2. What are the Benefits of Ansible?

• Free: Ansible is an open-source tool.
• Very simple to set up and use: No special coding skills are necessary to use Ansible’s playbooks (more on playbooks later).
• Powerful: Ansible lets you model even highly complex IT workflows. 
• Flexible: You can orchestrate the entire application environment no matter where it’s deployed. You can also customize it based on your needs.
• Agentless: You don’t need to install any other software or firewall ports on the client systems you want to automate. You also don’t have to set up a separate management structure.
• Efficient: Because you don’t need to install any extra software, there’s more room for application resources on your server.

3. Where Ansible can be Used?

Ansible is used for managing IT infrastructure and deploying software apps to remote nodes. Ansible allows you to deploy an application to many nodes with one single command. However, for that, there is a need for some programming knowledge to understand the Ansible scripts.

Main usages of Ansible:

• Configuration Management
• Application Deployment
• Orchestration
• Security and Compliance
• Cloud Provisioning

4. What are the advantages of Ansible?

Ansible has several advantages and strengths that include:

• It has no agents but needs only SSH service working on the target machines.
• It does not need many resources. Hence, there is a low overhead.
• Python is the only required dependency and, fortunately, most systems come with it pre-installed.
• It is easy to learn and understand since Ansible tasks are written in YAML.
• Unlike other tools, most of which are procedural, Ansible is declarative; it defines the desired state and fulfills the requirements needed to achieve it.

5. What is configuration management?

It is a practice that we should follow in order to keep track of all updates that are going into the system over a period of time. This also helps in a situation where a major bug has been introduced to the system due to some new changes that need to be fixed with minimum downtime. Configuration management (CM) keeps a track of all updates that are needed in a system and it ensures that the current design and build state of the system is up to date and functioning correctly.

6. How does Ansible work?

Ansible is a combination of multiple pieces working together to become an automation tool. Mainly these are modules, playbooks, and plugins.

• Modules are small codes that will get executed. There are multiple inbuilt modules that serve as a starting point for building tasks.
• Playbooks contain plays that further are a group of tasks. This is the place to define the workflow or the steps needed to complete a process
• Plugins are special kinds of modules that run on the main control machine for logging purposes. There are other types of plugins also.

The playbooks ran via an Ansible automation engine. These playbooks contain modules that are basically actions that run in host machines. The mechanism is followed here is the push mechanism, so ansible pushes small programs to these host machines which are written to be resource models of the desired state of the system.

7. What is an Ansible Playbook?

The playbook is a file where code for Ansible gets written. The Playbook follows the YAML format and is an essential feature of Ansible. The files contained in the Playbook run sequentially. Overall, the Playbook is the building block of Ansible.

8. Explain a few of the basic terminologies or concepts in Ansible

• Controller machine: The controller machine is responsible for provisioning servers that are being managed. It is the machine where Ansible is installed.
• Module: Basically, a module is a command or set of similar commands meant to be executed on the client-side
• Task: A task is a section that consists of a single procedure to be completed
• Role: A way of organizing tasks and related files to be later called in a playbook
• Fact: Information fetched from the client system from the global variables with the gather-facts operation
• Inventory: File containing data about the ansible client servers. Defined in later examples as hosts file
• Play: Execution of a playbook
• Handler: Task which is called only if a notifier is present
• Notifier: Section attributed to a task that calls a handler if the output is changed
• Tag: Name set to a task which can be used later on to issue just that specific task or group of tasks.

9. What is Ansible Tower? What are its features?

Ansible Tower is a web-based solution that makes it easily accessible by IT teams. The main function of Ansible is to act as the hub for all automation tasks. The tower can be used for free for up to 10 nodes.

Below are some of the primary features of Ansible tower:

1. Job Scheduling. 
2. It helps to schedule the jobs to run later and set options for repetition.
3. Roll Based Action Control: You can easily set up different roles and provide access to specific roles using Ansible tower.
4. Fully Documented REST API: Using REST API, you can easily integrate Ansible with your already existing environment.
5. Portal Mode: Ansible Tower offers an easy-to-use UI, which is useful for both newbie and experienced users.
6. Cloud Integration: Ansible Tower has compatibility with most of the Cloud Environments such as Azure, RackSpace, and Amazon EC2.

10. What is Ansible Vault?

Ansible Vault is a mechanism that allows encrypted content to be incorporated transparently into Ansible workflows. A utility called ansible-vault secures confidential data, called secrets, by encrypting it on disk. To integrate these secrets with regular Ansible data, both the ansible and ansible-playbook commands, for executing ad hoc tasks and structured playbook respectively, have support for decrypting vault-encrypted content at runtime.

11. Explain Infrastructure as Code?

Infrastructure as Code or IaC is a process that DevOps teams should follow to have a more organized way of managing the infra. Instead of some throwaway scripts or manually configuring any cloud component, there should be a code repo where all of these will lie and any change in configuration should be done through it. It is wise to put it under source control also. This improves speed, consistency, and accountability.

12. What is Ansible Galaxy?

Galaxy is a repository of Ansible roles that can be shared among users and can be directly dropped into playbooks for execution. It is also used for the distribution of packages containing roles, plugins, and modules also known as collection. The ansible-galaxy-collection command implements similar to init, build, install, etc an ansible-galaxy command.

13. Explain Ansible modules in detail?

Ansible modules are like functions or standalone scripts which run specific tasks idempotently. The return value of these are JSON strings in stdout and input depends on the type of module. These are used by Ansible playbooks.
There are 2 types of modules in Ansible:

• Core Modules

The core Ansible team is responsible for maintaining these modules thus these come with Ansible itself. The issues reported are fixed on priority than those in the “extras” repo.

• Extras Modules

The Ansible community maintains these modules so, for now, these are being shipped with Ansible but they might get discontinued in the future. These can be used but if there are any feature requests or issues they will be updated on low priority.

Now popular extra modules might enter into the core modules anytime. You may find these separate repos for these modules as ansible-modules-core and ansible-modules-extra respectively.

14. What are Ansible server requirements?

If you are a Windows user, then you need to have a virtual machine in which Linux should be installed. It requires Python 2.6 version or higher. If these requirements are fulfilled, then you can proceed with ease.

15. What are Ansible tasks?

The task is a unit action of Ansible. It helps by breaking a configuration policy into smaller files or blocks of code. These blocks can be used in automating a process. For example, to install a package or update a software:

Command: Install <package_name>
Command: update <software_name>

16. What is the difference between Ansible Playbooks vs Roles?

Roles	Playbooks
Roles are reusable subsets of a play.	Playbooks contain Plays.
A set of tasks for accomplishing a certain role.	Mapps among hosts and roles.
Example: common, webservers.	Example: site.yml, fooservers.yml, webservers.yml.

17. Compare Ansible VS Puppet?

Ansible	Puppet
Simplest Technology	Complex Technology
Written in the YAML language	Written in Ruby language
Automated workflow for Continuous Delivery	Visualization and reporting
Agent-less install and deploy	Easy install
No support for Windows	Support for all major OS’s
GUI -work under progress	Good GUI
CLI accepts commands in almost any language	Must learn the Puppet DSL

18. How to create an empty file with Ansible?

To create an empty file, Ansible uses a file module. For this, we need to set up two parameters.

1. Path – This place represents the location where the file gets created, either the relative or an absolute path. Also, the name of the file includes here.
2. State – For creating a new file, this parameter should be set to touch.

19. So how does Ansible work? Please explain in detail?

Within the market, they are many automation tools like Puppet, Capistrano, Chef, Salt, Space Walk, etc.

• When it comes to Ansible, this tool is categorized into two types of servers:
      1. Controlling machines
      2. Nodes
• Ansible is an agentless tool so it doesn’t require any mandatory installations on remote nodes. So there are no background programs that are executed while it is managing any nodes.
• Ansible is able to handle a lot of nodes from a single system over an SSH connection.
• Playbooks are defined as a bunch of commands where that are capable of performing multiple tasks and they are in YAML file format.

20. How to write an Ansible Handler with multiple tasks?

If you want to create a handler that restarts a service when it is running Ansible Handlers. It can listen to the general topics, and those topics are shown below. This task makes it easier to trigger multiple handlers. It also decouples handlers from their name and makes it simpler to share handlers in Playbooks and roles:

– name: Check if restarted
shell: check_is_var.sh
register: result
listen: Restart processes_a
– name: Restart conditionally step 1
service: name=service state=restarted
when: result
listen: Restart processes_a

21. What is the ad-hoc command in Ansible?

Ad-hoc commands are like one-line playbooks to perform a specific task only. The syntax for the ad-hoc command is

ansible [pattern] -m [module] -a "[module options]"

For example, we need to reboot all servers in the staging group

ansible atlanta -a "/sbin/reboot"  -u username --become [--ask-become-pass]

22. Install Nginx using Ansible playbook?

The playbook file would be:

- hosts: stagingwebservers
 gather_facts: False
 vars:
  - server_port: 8080
 tasks:
  - name: install nginx
    apt: pkg=nginx state=installed update_cache=true
  - name: serve nginx config
     template: src=../files/flask.conf dest=/etc/nginx/conf.d/
     notify:
     - restart nginx
 handlers:
   - name: restart nginx
     service: name=nginx state=restarted
   - name: restart flask app
     service: name=flask-demo state=restarted
...

In the above playbook, we are fetching all hosts of the staging web servers group for executing these tasks. The first task is to install Nginx and then configure it. We are also taking a flask server for reference. In the end, we also defined handlers so that in case the state changes it will restart Nginx. After executing the above playbook we can verify whether Nginx is installed or not.

ps waux | grep nginx

24. Explain how you will copy files recursively onto a target host?

There’s a copy module that has a recursive parameter in it but there’s something called synchronize which is more efficient for large numbers of files. 

For example:

- synchronize:
   src: /first/absolute/path
   dest: /second/absolute/path
   delegate_to: "{{ inventory_hostname }}"

25. How does the Ansible firewalld module work?

Ansible firewalld is used to manage firewall rules on host machines. This works just as Linux firewalld daemon for allowing/blocking services from the port. It is split into two major concepts

• Zones: This is the location to which we can control which services are exposed or a location to which the local network interface is connected.
• Services: These are typically a series of port/protocol combinations (sockets) that your host may be listening on, which can then be placed in one or more zones

A few examples of setting up firewalld are

- name: permit traffic in default zone for https service
 ansible.posix.firewalld:
   service: https
   permanent: yes
   state: enabled
   
- name: do not permit traffic in default zone on port 8081/tcp
 ansible.posix.firewalld:
   port: 8081/tcp
   permanent: yes
   state: disabled